tomcat 6 (not 7) ssl problem (certificate issues)

Hi;

I have created a keystore and CSR for SSL with the following command:
      
%JAVA_HOME%\bin\keytool -genkey -alias server -keyalg RSA \
  -keystore \path\to\my\keystore

Then I received 2 files from the certificate authority, abc.com.cer and abc.om.p7b

From this point, no matter what I have done, i couldn't make the SSL work on my Tomcat 6.
I followed the steps under, http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
but I failed to import p7b so I convert it crt file and successfully import it.
My application for http, is using 55012 and I want to use the port 443 for https.
Following is my server.xml

<Connector port="443"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="server" keystoreFile="/path/to/JKSfile/your_site_name.jks"
keystorePass="your_keystore_password" />

Now my questions are

1) my keystore alias is server and i send my csr after this.
To clean the things up, I want to delete my keystore but is it fine if I generate the key with another alias, e.g. tomcat as in the tomcat documentation?
2) I have the files, cer and crt (p7b), so is fine or should I need stg extra?
3) Is the order of import important?`first crt then cer?
4) What are the correct import commands? Should I trust tomcat documentation or authorities documentation?

My tomcat version is as follows:

Server version: Apache Tomcat/6.0.36
Server built:   Oct 16 2012 09:59:09
Server number:  6.0.36.0
OS Name:        Windows 7
OS Version:     6.1
Architecture:   amd64
JVM Version:    1.7.0_21-b11
JVM Vendor:     Oracle Corporation

Regards.
LVL 12
jazzIIIloveAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
Java security baseline is 7u65
There is no problem with tomcat.

They sent you certificate in 2 formats. Remember that keytool needs to know that your private key has alias 'server'
0
jazzIIIloveAuthor Commented:
So while importing crt and cer, i need to use alias as server. Correct?
0
gheistCommented:
You need to import just one. It is same cryptographic signature in 2 different formats.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

jazzIIIloveAuthor Commented:
Hi,

Is it abc.com.cer (which is the intermediate) or abc.com.p7b to import?

Can you write down the exact command? I am a little desperate..
0
gheistCommented:
Consult your CA documentation. p7b is for IIS
0
jazzIIIloveAuthor Commented:
Yes. I couldn't import p7b so i converted to crt to import to java keystore. So what you say is that i need to import only crt (cer is intermediate certificate and no need to import it?). And i need to use the same alias that i used to generate the CSR. Correct?

I strongly appreciate your interest in question btw. As you see, noone else is commenting currently. I would personally request  5000 pts award instead of 500pts as noone got interested in some areas inEE
0
gheistCommented:
Would be nice if you manage to tell which CA you used and your domain name. Domain abc.com uses Apache, thats not yours I assume.
0
jazzIIIloveAuthor Commented:
java version "1.8.0"
Java(TM) SE Runtime Environment (build 1.8.0-b132)
Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)

It's the geotrust, https://www.geocerts.com/install/tomcat

it says,

keytool -import -trustcacerts -alias tomcat -file your_site_name.p7b -keystore mykeystore.jks
You MUST you the same alias used when the keystore was created, in this case the alias used was tomcat

the thing is that i made csr with alias "server", and also unable to install p7b, so my customer send me a converted version, crt.

Now, to be on the safe side, should i delete the keystore and regenerate the csr with alias "tomcat"?
Or should "I" convert p7b to crt file? (Note that I have the other certificate which is a cer file)

And do you think above Connector is fine?

I really wish to give the domain name but the certificate is not in place currently.

Thanks for thousand times!
0
jazzIIIloveAuthor Commented:
0
gheistCommented:
Tomcat 6 is not compatible with java 1.8
0
jazzIIIloveAuthor Commented:
Which java should i use for tomcat 6?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.