Importing existing certificate into Tomcat keystore

Posted by christian.bryan@capita.co.uk on 16-May-2018 06:28

HI All 

I am a bit confused regarding importing an existing certificate into a PAS OE instance as the documentation details how to do this from a completely new perspective.

I have an existing certificate in .p7b format and i want to use this with my PAS instance if i try the following command:

sslc pkcs12 -export -in <filename>.p7b -out tomcat-keystore.p12 -name mysslprivkey

But 

I get the following error:

error:0906D06C:PEM routines:PEM_Read_bio:no start line:crypto\pem\pem_lib.c.691:Expecting: ANY PRIVATE KEY

Thanks

Christian.

[View:/cfs-file/__key/communityserver-discussions-components-files/21/Creating-a-certificate-for-Tomcat.pdf:320:240]

Posted by christian.bryan@capita.co.uk on 16-May-2018 10:22

My problem was that i didn't check the keystore.

when i used the command - keytool -v -list -keystore <FileName>.keystore i found that the keystore contained my private key and the root cert and intermediate certs and so i just copied my keystore over the default conf/tomcat-keystore.p12 (11.7.2) and updated the catalina.properties file for the keystore alias and password and it all worked okay.

NOTES - [View:/cfs-file/__key/communityserver-discussions-components-files/21/0407.Creating-a-certificate-for-Tomcat.pdf:320:240]

All Replies

Posted by Simon L. Prinsloo on 16-May-2018 06:49

Hi Christian

I had a similar problem using the existing certificate of my server.

I discovered that I needed at least two more parameters:

-inkey <private-key-file>

-certfile <intermediate-certificate-chain-file>

HTH

Simon

Posted by christian.bryan@capita.co.uk on 16-May-2018 10:22

My problem was that i didn't check the keystore.

when i used the command - keytool -v -list -keystore <FileName>.keystore i found that the keystore contained my private key and the root cert and intermediate certs and so i just copied my keystore over the default conf/tomcat-keystore.p12 (11.7.2) and updated the catalina.properties file for the keystore alias and password and it all worked okay.

NOTES - [View:/cfs-file/__key/communityserver-discussions-components-files/21/0407.Creating-a-certificate-for-Tomcat.pdf:320:240]

This thread is closed