|
Home > Archive > WebSphere HTTP Server > December 2004 > Problem enabling SSL IBMIHS 20.47.1 and JKS keyfile
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Problem enabling SSL IBMIHS 20.47.1 and JKS keyfile
|
|
| elfego 2004-11-09, 4:30 pm |
| I want to migrate a cert from a JKS keyfile KDB keyfile. Is that possible?
I tried to import the cert from JKS keyfile into KDB keyfile, but I'm getting this error:
An attempt to import the certificate has failed.
All the signer certificates must exist in the key database.
I checked out all of the signer certificates, and I can see all of them in the KDB keyfile.
I don't know what signer cert is missing, and I don't know what's wrong.
T I A
elfego | |
| Sunit Patke 2004-11-10, 5:52 pm |
| Open the JSK keyfile and view the certificate that you are trying to import
and its certification chain. If needed export all the signer certificates
from the chain first and import them in the target KDB before migrating your
server certificate to the kdb.
Sunit
"elfego" <elfego.1fh9r5@mail.webservertalk.com> wrote in message
news:elfego.1fh9r5@mail.webservertalk.com...
>
> I want to migrate a cert from a JKS keyfile KDB keyfile. Is that
> possible?
> I tried to import the cert from JKS keyfile into KDB keyfile, but I'm
> getting this error:
>
> An attempt to import the certificate has failed.
> All the signer certificates must exist in the key database.
>
> I checked out all of the signer certificates, and I can see all of them
> in the KDB keyfile.
> I don't know what signer cert is missing, and I don't know what's
> wrong.
> T I A
>
> elfego
>
>
>
> --
> elfego
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message464067.html
>
| |
| elfego 2004-11-11, 1:27 pm |
| [QUOTE]Originally posted by Sunit Patke
[B]Open the JSK keyfile and view the certificate that you are trying to import
and its certification chain. If needed export all the signer certificates
from the chain first and import them in the target KDB before migrating your
server certificate to the kdb.
Sunit
Thanks Sunit. I already did what you say...
Let me explain what I did:
I created a new KDB file, I deleted all of the signer certificates default.
Then, I imported all of the signer certs from JKS file (not the server cert). The most of the signer certs were imported from JKS into KDB, and the rest are some invalid certs (Not Validated).
Then, I tried import the server cert, and is when the error arises.
I think is a IHS's bug, but I can't find a workaround.
Thanks again for your help. | |
| Sunit Patke 2004-11-15, 8:07 am |
| Please retry what you did without deleting the default signer certificates
that are created when you create the KDB.
I assume that when the signer certificates are "imported", you ADD them to
Signer certificates and not IMPORT them into personal certificates.
Sunit
"elfego" <elfego.1fkz38@mail.webservertalk.com> wrote in message
news:elfego.1fkz38@mail.webservertalk.com...
>
> Sunit Patke wrote:
>
>
>
> --
> elfego
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message464067.html
>
| |
| elfego 2004-12-03, 12:22 pm |
| Thanks Sunnit.
Finally I found the problem.
You were right. There was a CA root which is needed for the new KDB keyfile. It was EquiFax Secure Global ebusiness
CA-1 . I went into thir page, download the CA root, I put it into the KDB file, and that was it.
I was confused because the KDB already had a CA root from Equifax, but looks like that CA root wasn't the right one.
Thanks again for your help.
Elfego |
|
|
|
|