Just to make sure I am following you... Thawte sent you a jks keystorefile with the cert and chain in it?
If this is the case can you just replace the Tomcat keystore with this keystore? They are both Java keystores correct? You *may* have to change the Thawte keystore password to changeme, I have encountered some versions of TC that require that specific keystorepassword and others that allow you to specify the password in the config. Either way I'll mention a cool free tool that adds a GUI to many aspects of cert/keystore management. KeyStore Explorer is free (unfortunately not currently being developed): http://www.lazgosoftware.com/kse/index.html I found this tool after figuring out the process of requesting/exporting a cert and chain from an internal MS CA, converting it and importing into the TC keystore using OpenSSL and keytool. Just for fun and to test the tool I downloaded KeyStore Explorer and created a brand new TC keystore with the MS CA certs/chain in a matter of clicks. Jason On Wed, Jan 30, 2013 at 8:13 AM, Myers, Scott <[email protected]>wrote: > ** > > Hi all,**** > > ** ** > > I am trying to apply a certificate from Thawte to a Mid-Tier. The cert I > have used is a wildcard that is currently in a jks file. When I export the > crt from the jks, it is losing the chain. That flags as a warning on the > website as “The site's security certificate is not trusted.” **** > > ** ** > > I’m using a Linux Red Hat op system and have tried various methods of > openssl and keytool apps.**** > > ** ** > > Any suggestions?**** > > Scott**** > > ** ** > > > > This email is subject to certain disclaimers, which may be reviewed via > the following link. http://compass-usa.com/Pages/Disclaimer.aspx > _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
