[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: Deploying .ca-bundle file & .crt file as SSL certificates
From:       Kernel freak <kernelfreak () gmail ! com>
Date:       2014-11-27 8:04:46
Message-ID: CAOFt0CQ362xU9pRjEfBGBc-W42XsXuMC9saDJ7nQNmAMJsT=RQ () mail ! gmail ! com
[Download RAW message or body]


On Wed, Nov 26, 2014 at 7:21 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> To whom it may concern,
>
> On 11/26/14 12:00 PM, Kernel freak wrote:
> > On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> > To whom it may concern,
> >
> > On 11/26/14 9:03 AM, Kernel freak wrote:
> >>>> After arguing with the admins for all this time, I finally
> >>>> have the few files ready. I have the following files :
> >>>>
> >>>> keystore.p12
> >
> > That should contain your key. Can you confirm that with a 'keytool
> > -list'?
> >
> >>>> server.crt
> >
> > Is this the certificate that was signed by the CA?
> >
> >> Yes, this is certificated signed by CA, but its a
> >> servercertificate, the domain certificate is below.
>
This server.crt is provided by the hosting guys. I told them I will need a
certificate for the server on which my domain is hosted, and i got this
file.

>
> I have no idea what a "domain certificate" is. A cert is a cert, and
> it's signed by another cert all the way up to a root cert, known as a
> CA who has widespread trust.
>
> Hi, Domaincertificate is the one which I want to deploy. It is the one
provided by CA authority.

> >>>> ssl-cert-snakeoil.key
> >
> > Uh, oh. That looks like one of OpenSSL's built-in CAs that are
> > used for documentation and instructional purposes. I hope this
> > isn't being used for anything at all.
> >
> >>>> domainname.com.ca-bundle
> >
> > This should be the bundle of certificates for your domain, which
> > may include intermediate certificates. Are you using your own
> > internal CA or something?
> >
> >>>> domainname.com.crt
> >
> > Which certificate is this?
> >
> >> This is the SSL certificate which has to be deployed.
> >
> >
> >>>> domainname.com.csr
> >
> > Is this the CSR that you generated yourself?
> >
> >> No, this is also provided by hosting guys
>
> So, did your "hosting guys" generate everything for you, then? It's
> customary to create your own key and CSR and then merely have the CA
> sign the CSR which results in your certificate. You import your
> certificate and, if necessary, any intermediate certificates your
> clients will require to form a trust chain from your server's cert up
> to the root that the client trusts.
>
> Hosting guys only generated the server.crt, and domainname.crt was
provided by trusted authority. Can you tell me why the commands you
provided/same on apache user guide are not working, showing me the error
that unable to load certificates?

>  Thank you for your patience.
>


[prev in list] [next in list] [prev in thread] [next in thread]