[lug] Migrating x509 public/private keypair to java jks
Andrew Diederich
andrewdied at gmail.com
Mon Apr 10 16:48:17 MDT 2006
On 4/10/06, Hugh Brown <hugh at math.byu.edu> wrote:
> I'm dredging up vague memories of a lot of pain trying to do this. I
> don't think I ever succeeded. I've got these notes to myself about
<snip>
That's about what I did. I tried this a couple months ago, and you
may be right about the alias of tomcat as mandatory. The missing step
you mentioned
> # missing step about importing the signed key
is keytool -import -alias tomcat -keystore keystore -file pubcert
If you've used a CA that isn't in the java-preferred CAs (cacert.org
isn't there) you should -import the class1 and class3 certs or you'll
get errors about not being able to verify the chain. The thing I
can't figure out is the private key -- there just doesn't look to be a
way to import the private key. And security guys wonder why everyone
just uses self-signed certs! We _try_ to do the right thing, but if
it's possible it isn't documented.
--
Andrew Diederich
More information about the LUG
mailing list