Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

RE: New to tomcat

Mark Thomas

2004-01-14

Replies:

Should be something like this to remove expired certs
keytool -delete -alias verisignclass2ca -keystore -cacerts -storepass changeit
keytool -delete -alias verisignclass3ca -keystore -cacerts -storepass changeit
keytool -delete -alias verisignclass4ca -keystore -cacerts -storepass changeit

Verisign appear to recommend that you remove the class1 cert too.
keytool -delete -alias verisignclass1ca -keystore -cacerts -storepass changeit

Download new certs to {JAVA_HOME}\jre\lib\security directory from
http://www.verisign.com/support/roots.html

Extract PCA1ss_v4.509,PCA2ss_v4.509,PCA3ss_v4.509 to the same directory
Then import them using
keytool -import -alias verisignclass1ca -keystore -cacerts -storepass changeit
-file PCA1ss_v4.509
keytool -import -alias verisignclass2ca -keystore -cacerts -storepass changeit
-file PCA2ss_v4.509
keytool -import -alias verisignclass3ca -keystore -cacerts -storepass changeit
-file PCA3ss_v4.509

Verisgn also recommend importing the G2 and G3 certs.
Extract releveant files from zip. Use import as above, remembering to give each
cert a unique (sensible) alias.

There is also at least on other thread on tomcat-user about this. Might be worth
a look in the archives.

Mark

-----Original Message-----
From: Tea, Justin [mailto:itea@(protected)]
Sent: Wednesday, January 14, 2004 11:47 PM
To: Tomcat Users List
Subject: RE: New to tomcat

Thanks! That works. Sure enough, it expired 1/7.

Now, how do I get the Verisign intermediate cert in there?

<snip>

Try this in your {JAVA_HOME}\jre\lib\security directory
keytool -list -v -keystore cacerts

You'll need to enter your keystore password. This is changeit by default
unless
someone had the good sense to do the obvious.

This will give a long list of the certificates including the validity
dates.

Mark

-----Original Message-----
From: Tea, Justin [mailto:itea@(protected)]
Sent: Wednesday, January 14, 2004 10:56 PM
To: Tomcat Users List; jeraldpowel@(protected)
Subject: New to tomcat

Hi,
I'm new to Tomcat, Apache and JDK world (three things I noticed are
loaded on our server). Our custom apps broke around the time Verisign
cert expired. How can I tell whether this is indeed the case?

Keytool? If so, what's the exact parameter?


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)



©2008 junlu.com - Jax Systems, LLC, U.S.A.