Hi,
my server is running a tomcat servlet container.
yesterday a bought a ssl-certificate from geotrust.com.
i got a private-key file and a cert-file (PKCS10).
i followed the instructions on Apache Tomcat 6.0 - SSL Configuration HOW-TO
first, i created a keystore:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
after this uncomment this part in the server.xml:
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/root/.keystore" keystorePass="mypw"
clientAuth="false" sslProtocol="TLS"/>
/root/.keystore really exists and i used the pw i created the keystore with.
now i restarted the server. everythings works fine, i got a connection on port 443.
after this i wanted to install the certificate i got from geotrust.
before that, i installed the root certifcate i got from this page: https://www.geotrust.com/resources/root-certificates/index.html (Equifax Secure Certificate Authority (Base-64 encoded X.509)
keytool -import -alias root -keystore /root/.keystore \
-trustcacerts -file equifax.cer
the system told me, that this certificate already exists, i decided to overwrite it.
now in tried to install my certifcate:
keytool -import -alias tomcat -keystore /root/.keystore \
-file www.mydomain.cert
but i got this error msg:
keytool error: java.lang.Exception: Public keys in reply and keystore don't match
i dont know what i did wrong. and whatfor do i need my private-key file?
EDIT: i solved the problem. old.nabble.com/tomcat6-and-https-td27515107.html