Can't create keystore for Tomcat with key, cert and CAs Certificate chain length: 1

Question

I can\'t get my certificate bought from RapidSSL working on Tomcat but on Apache.

RapidSSL requires that you install 2 intermediate ca files.

When I create a key

Answer 1

Try using Portecle to import all your stuff. I haven't used it myself, but the complete mess that is Java Keystores is evidently a lot more manageable if you use a tool like Portecle.

If you want to get better performance out of Tomcat and not bother merging your keys, certs, etc. into a single binary ball, consider using Tomcat's APR connector. You can use the same cert and key files you already use with Apache httpd, and you'll get better crypto performance.

Answer 2

What is a root certificate? It is top certificate in a chain of certificates, typically issued by a certificate authority. It is used to sign other certificates that sign other certificates until it is used to sign your certificate. Software that use your certificate must trust the root certificate. It is done either by trusting the certificate authority by operating system (or java) or by trusting it by particular software (like apache or local keystore).