I am installing SSL on a Tomcat server and am following these instructions from the issuer https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO16181 and it states:
Verify the following information:
The SSL certificate is imported into the alias with the "Entry Type" of
PrivateKeyEntry or KeyEntry. If not, please import the certificate into
the Private Key alias.
When I import the certificate (tomcat) I am using:
keytool -import -trustcacerts -alias your_alias_name -keystore your_keystore_filename
-file your_certificate_filename
but when I do so it imports as trustCertEntry
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
primaryca, Jul 26, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): <snip>
tomcat, Jul 26, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): <snip>
secondaryca, Jul 26, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): <snip>
How can I make alias tomcat import as PrivateKeyEntry?
Get rid of the -trustcacerts option. It isn't a CA certificate. It's your certificate. And use the same alias the private key already had.