Return-Path: 
 <tomcat-user-return-108412-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org
Received: (qmail 40330 invoked from network); 24 Aug 2004 20:11:33 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 24 Aug 2004 20:11:33 -0000
Received: (qmail 81451 invoked by uid 500); 24 Aug 2004 20:11:11 -0000
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 81276 invoked by uid 500); 24 Aug 2004 20:11:09 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 81259 invoked by uid 99); 24 Aug 2004 20:11:09 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [64.81.146.22] (HELO poe.swapsimple.com) (64.81.146.22)
  by apache.org (qpsmtpd/0.27.1) with ESMTP; Tue, 24 Aug 2004 13:11:06 -0700
Received: by poe.swapsimple.com (Postfix, from userid 101)
	id 7855A6C6B31; Tue, 24 Aug 2004 15:11:25 -0500 (CDT)
Date: Tue, 24 Aug 2004 15:11:25 -0500
From: erh@swapsimple.com
To: Didier McGillis <codesmoker@hotmail.com>
Cc: tomcat-user@jakarta.apache.org
Subject: Re: ssl certs
Message-ID: <20040824201125.GA25334@poe.swapsimple.com>
References: <BAY24-F149l6k88jbI800004343@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BAY24-F149l6k88jbI800004343@hotmail.com>
User-Agent: Mutt/1.4.2.1i
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

On Tue, Aug 24, 2004 at 04:14:19PM +0000, Didier McGillis wrote:
> The site is all Java, tomcat is the app and web server, I have never dealt 
> with Tomcat as a web server so is it easy to setup tomcat to handle ssl 
> certs and https requests.  Any thing I have to watch out for?
	One thing you want to watch out for is how you generate the certificate.
If you use the standard JKS format keystore then it is extremely difficult
to get the private key into or out of the keystore.  Therefore you need to
make sure to generate the certificate using keytool, instead of (e.g.)
openssl.
	There are ways to get around this.  For instance, you can configure
tomcat to use a different keystore type by setting the keystoreType
attribute on the <Connector> element in server.xml.
	The existing docs are not very helpful with this.  I wrote up a page
(mostly for my own use) at:
http://www.swapsimple.com/tomcat_java_certificates.html
It might be a little more helpful.

eric

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org