Shazaam! That is a cool tool. It's a heck of a lot more readable than all that command line stuff. Thanks, Jason!
I added the Thawte cert into the jks myself. Since sending this email, I have found that when I export that cert or convert it from the p12 version from Thawte, it drops the CA root. It only gives me the domain....*.domain.com. I used your tool to create a full chain and apply it to Apache's SSL. One of two things happens: 1) I continue to get the warning on the site or 2) Apache won't start b/c it doesn't like the crt I added. When Apache won't start, I see an error in the log: [Thu Jan 31 10:59:04 2013] [error] Unable to configure verify locations for client authentication Still working on that one. Thanks again for the help and the tool! From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Jason Miller Sent: Wednesday, January 30, 2013 5:20 PM To: [email protected] Subject: Re: Certificate Assistance ** Just to make sure I am following you... Thawte sent you a jks keystore file with the cert and chain in it? If this is the case can you just replace the Tomcat keystore with this keystore? They are both Java keystores correct? You *may* have to change the Thawte keystore password to changeme, I have encountered some versions of TC that require that specific keystore password and others that allow you to specify the password in the config. Either way I'll mention a cool free tool that adds a GUI to many aspects of cert/keystore management. KeyStore Explorer is free (unfortunately not currently being developed): http://www.lazgosoftware.com/kse/index.html I found this tool after figuring out the process of requesting/exporting a cert and chain from an internal MS CA, converting it and importing into the TC keystore using OpenSSL and keytool. Just for fun and to test the tool I downloaded KeyStore Explorer and created a brand new TC keystore with the MS CA certs/chain in a matter of clicks. Jason On Wed, Jan 30, 2013 at 8:13 AM, Myers, Scott <[email protected]<mailto:[email protected]>> wrote: ** Hi all, I am trying to apply a certificate from Thawte to a Mid-Tier. The cert I have used is a wildcard that is currently in a jks file. When I export the crt from the jks, it is losing the chain. That flags as a warning on the website as "The site's security certificate is not trusted." I'm using a Linux Red Hat op system and have tried various methods of openssl and keytool apps. Any suggestions? Scott This email is subject to certain disclaimers, which may be reviewed via the following link. http://compass-usa.com/Pages/Disclaimer.aspx _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ This email is subject to certain disclaimers, which may be reviewed via the following link. http://compass-usa.com/Pages/Disclaimer.aspx _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
