tirsdag den 6. november 2012

Tomcat keystore from openssl signingrequest.

Last weekend I spend an extreme amount of time figuring out how to create a keystore which i acceptable to Tomcat from a certificate and keyfile I got from Thawte. It turned out to more difficult to find a workable solution than I had ever dreamed it would be. So to hopefully prevent others from waste the time on the same subject I will now tell you how I solved it.

However, first I will give you a good number of hints to how it should be done in theory... If you like or don't like my advice, then go and have a look at these ideas. They all looks very attractive, and I would have loved if they solved my problem. But they didn't.

http://stackoverflow.com/questions/10090263/ssl-intermediate-certificates

 
 
 
 

What solved the problem for me was the following mail, which basically tells you to use IE. Yes that is right. As a primary Mac and Linux user, I haven't found IE particularly useful since... well never. Until now. Now IE is my best friend, but nobody ever told me that IE was a bloated key manager... ;)

So go and follow the link and read:

http://openssl.6102.n7.nabble.com/FWD-Intermediate-certificate-chain-not-included-when-exporting-as-pkcs12-td11892.html