httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeremy Nix" <Jeremy....@sfsltd.com>
Subject RE: [users@httpd] Migrating from Tomcat SSL to mod_ssl
Date Wed, 18 Jun 2003 14:17:31 GMT
Okay, I've gotten as far as reading the private key from the keystore within java.  But I still
don't know how to take this PrivateKey object and generate a private key file readable by
mod_ssl's SSLCertificateKeyFile attribute.  

Has anybody tried to do this before, and has a working version of an app that extracts the
private key into a key file for use with mod_ssl?

_________________
Jeremy Nix
Senior Application Developer
Southwest Financial Ltd.
Jeremy.Nix@sfsltd.com
(513) 621-6699 ext 1158


-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
Sent: Wednesday, June 18, 2003 3:22 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Migrating from Tomcat SSL to mod_ssl


Plain text please...

To run an SSL server, you need a public key and a private key. The public key is sent to the
client when you set up an SSL session. The private key is kept secret on the server and is
used to decrypt packets from the client which were encrypted using the public key. So you
need two files on your server, SSLCertificateFile (public) and SSLCertificateKeyFile (private).

>From my quick look at the keytool manpage, it is not at all clear that you *can* export
the private key using command-line options. A quick search on google ("extract private key
keystore") produced quite a few hits the general gist of which is that you have to write a
short Java class to read it for you.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


-----Original Message-----
From: Jeremy Nix [mailto:Jeremy.Nix@sfsltd.com]
Sent: Dienstag, 17. Juni 2003 23:12
To: users@httpd.apache.org
Subject: [users@httpd] Migrating from Tomcat SSL to mod_ssl


Okay, I'm pretty confused, so I apologize if I confuse anyone else. Currently we have a website
running off tomcat and have defined the SSL parameters (keystore and keypass) enabling secure
sockets on a particular port.  Everything works "fine and dandy". Now, we have the desire
to support a more complex website with multiple virtual hosts...which brings us to the apache
http server world.  We set up apache to handle all requests (secure and unsecure), and forward
requests on to Tomcat as desired.  Tomcat is no longer configured for SSL, since mod_ssl is
being used.  Before, we had a keystore file that was being looked up against, and now (to
what I've taken in) we need a certificate file AND a certificate key file (since this is a
WIN32 distribution). Okay, I know how to export a cert from a keystore file using the keytool
utility.  What I do not know is how to generate a certificate key file. Am I going about this
wrong? _________________ 
Jeremy Nix 
Senior Application Developer 
Southwest Financial Ltd. 
Jeremy.Nix@sfsltd.com 
(513) 621-6699 ext 1158 

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Swiss Exchange. This e-mail is of a private and personal
nature. It is not related to the exchange or business activities of the SWX Swiss Exchange.
Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière
de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html>
for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message