tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Tomcat 4.1.24 enable SSL
Date Fri, 25 Apr 2003 04:56:50 GMT
The pkcs12 file *is* your keystore.  On the <Factory> tag in server.xml, set
the keystoreFile attribute to point to your pkcs12 file, and set the
keystoreType="pkcs12" attribute as well.

At least with Sun's implementation, the pkcs12 keystore support is limited.
It works fine for me if I just have the server-cert in the pkcs12 file.  If
I include the signers in an OpenSSL pkcs12 file, it has problems.  The
obvious work-around is to import the signers into the cacerts, and strip
them from the pkcs12 file.

"Balakrishna Kudaravalli" <bkudarav@cisco.com> wrote in message
news:4.3.2.7.2.20030424120548.02577b70@wells.cisco.com...
> Hi All,
>
> I am re-posting this mail. Could any one plesae help me.
>
> Thanks,
> -Bala
>
>
> Hi Mark,
>
> Could you please let me know the command I need to use to import a pkcs12
> server cert into a keystore (assuming I need to create a new keystore). Do
> I need to have only a server cert in the keystore or both server & CA
certs
> to enable SSL on Tomcat.
>
> Thanks for all your help.
>
> Regards,
> -Bala
>
>
> At 07:03 AM 4/24/2003 -0400, you wrote:
> >you should be able to use PKCS12.  Just change the keystore type from JKS
> >(default) to PKCS12.
> >
> >Balakrishna Kudaravalli wrote:
> >
> >>Hi All,
> >>
> >>Issue: Enabling SSL for Tomcat 4.1.24
> >>
> >>1. I have created a cert using keytool -genkey -alias tomcat -keyalg
> >>RSA  and have given a password "changeit" (default)
> >>2. Uncommented SSL coyote HTTP/1.1 connector in server.xml. Since the
> >>Keystore is at a deafault loc, I have not given a keystoreFile attribute
> >>3. On starting up Tomcat, HTTPS works fine
> >>
> >>Issue:
> >>4. Now, I need to replace the default cert with the certs provided by
our
> >>internal folks. How do I do that ? the certs provided to me are in pkcs
> >>12 format:
> >>
> >>5. Should I convert the pkcs12 certs into x509 ?
> >>
> >>6. What certs should I import into the keystore (server, client, ca) ?
> >>
> >>Your help would be greatly appreciated.
> >>
> >>Thank you,
> >>-Bala
> >>
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message