tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Neumeier <brett.neume...@ualloyalty.com>
Subject RE: Tomcat 4.1.24 enable SSL
Date Thu, 24 Apr 2003 19:36:26 GMT
Hello Bala,

I hear that the JCE crypto provider at http://www.bouncycastle.org/ can
write PKCS12 certificates into key stores.  Try:

1. Obtain the signed provider JAR from http://www.bouncycastle.org/
2. Put it in $JAVA_HOME/jre/lib/ext
3. run keytool with "-provider
org.bouncycastle.jce.provider.BouncyCastleProvider".

Alternatively, you can perhaps use OpenSSL to convert the certificate
format.

Cheers,

bn

> -----Original Message-----
> From: Balakrishna Kudaravalli [mailto:bkudarav@cisco.com]
> Sent: Thursday, April 24, 2003 2:06 PM
> To: Tomcat Users List
> Subject: Re: Tomcat 4.1.24 enable SSL
> 
> 
> Hi All,
> 
> I am re-posting this mail. Could any one plesae help me.
> 
> Thanks,
> -Bala
> 
> 
> Hi Mark,
> 
> Could you please let me know the command I need to use to 
> import a pkcs12 
> server cert into a keystore (assuming I need to create a new 
> keystore). Do 
> I need to have only a server cert in the keystore or both 
> server & CA certs 
> to enable SSL on Tomcat.
> 
> Thanks for all your help.
> 
> Regards,
> -Bala
> 
> 
> At 07:03 AM 4/24/2003 -0400, you wrote:
> >you should be able to use PKCS12.  Just change the keystore 
> type from JKS 
> >(default) to PKCS12.
> >
> >Balakrishna Kudaravalli wrote:
> >
> >>Hi All,
> >>
> >>Issue: Enabling SSL for Tomcat 4.1.24
> >>
> >>1. I have created a cert using keytool -genkey -alias 
> tomcat -keyalg 
> >>RSA  and have given a password "changeit" (default)
> >>2. Uncommented SSL coyote HTTP/1.1 connector in server.xml. 
> Since the 
> >>Keystore is at a deafault loc, I have not given a 
> keystoreFile attribute
> >>3. On starting up Tomcat, HTTPS works fine
> >>
> >>Issue:
> >>4. Now, I need to replace the default cert with the certs 
> provided by our 
> >>internal folks. How do I do that ? the certs provided to me 
> are in pkcs 
> >>12 format:
> >>
> >>5. Should I convert the pkcs12 certs into x509 ?
> >>
> >>6. What certs should I import into the keystore (server, 
> client, ca) ?
> >>
> >>Your help would be greatly appreciated.
> >>
> >>Thank you,
> >>-Bala
> >>
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message