Attempting to SSL enable tomcat 4.04. Have implemented JSSE. SSL
works fine when I create a keystore with a self generated certificate.

keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore

We now want to cutover using a production certificate. We create a
.cer file by accessing our production web site and export the
certificate to a .cer file.

then using the keytool we import the .cer file

keytool -v -import -file prod.cer -keystore .keystore

When we inspect the .keystore file using the -list switch we see the
original self signed certificate and the production certificate.

Now when we implement the .keystore in tomcat, only the original self
generated certificate is presented to the browser, not the production
certificate.

So, using the keytool we delete the original self generated
certificate. So we are only left with the newly imported production
certificate.

When we implement this updated .keystore file with only the production
cert,
the browser and tomcat fail to negotiate. Tomcat binds to port 8843
but the ssl negotiation between browser and server is hosed.

Has anybody ever gotten tomcat & ssl to work with a non self
generated certificate? Can you please help?

Thanks,


John D'Esposito
IBM Global Web Architecture - Project Office - Application Integration
phone: 732-927-0399