[COLUG] Tomcat vs. OpenSSL CA?
Josh
josh at globalherald.net
Mon Feb 18 15:07:43 EST 2008
Howdy Folks,
I am trying to pretend to be a CA with OpenSSL. I have done this before
and generated certificates to use with private keys on Apache and IMAPs.
However, this time around, I need to pretend to be a CA that signs Tomcat
certificates.
There is a minor problem. When I generate a Tomcat based key, like so:
keytool -genkey -alias myalias -keyalg RSA -keystore mykeystore
keytool -certreq -keyalg RSA -alias myalias -file certreq.csr
-keystore mykeystore
...the resulting CSR does not include the email address. OpenSSL refuses
to sign a CSR that does not have an email address. I've looked around for
a bit to find out how to add the email address (and how to get OpenSSL to
ignore tha lack of an email address) to no avail.
Has anyone done this?
Cheers,
-J
More information about the colug432
mailing list