Hello,
I'm trying to configure a Tomcat server with SSL. I've generated a keypair thus:
$ keytool -genkeypair -alias tomcat -keyalg RSA -keystore keys
Next I generate a certificate signing request:
$ keytool -certreq -keyalg RSA -alias tomcat -keystore keys -file tomcat.csr
Then I copy-paste the contents of tomcat.csr
into a form on Thawte's website, asking for a trial SSL certificate. In return I get two certificates delimited with -----BEGIN ... -----END
, that I save under tomcat.crt
and thawte.crt
. (Thawte calls the second certificate a 'Thawte Test CA Root' certificate).
When I try to import either of them it fails:
$ keytool -importcert -alias tomcat -file tomcat.crt -keystore keys
Enter keystore password:
keytool error: java.lang.Exception: Failed to establish chain from reply
$ keytool -importcert -alias thawte -file thawtetest.crt -keystore keys
Enter keystore password:
keytool error: java.lang.Exception: Input not an X.509 certificate
Adding the -trustcacerts
option to either of these commands doesn't change anything either.
Any idea what I am doing wrong here?