tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From /U <>
Subject Re: Installing certificate chain on Tomat
Date Sat, 10 Apr 2010 20:13:58 GMT

I tried this on different systems (*nix and XP) and hence the 
differences in my excerpts. but in each case, the connector
config correct refers to keystore. i am sorry i quoted different
configs - will stick to *nix from now on.

i am confused about one thing: whil keystore is explicitly specified 
in connector config, what about the truststore?

i assume truststore stores the trusted CA certs (as opposed to
private keys/identity cert). Is this correct?

Why does not connector config not refer to truststore config ?
Or is that by default become ${JAVA_HOME}/jre/lib/security/cacerts?

What is the relation/differences (as far as tomcat is concerned) between
keystore, truststore and {JAVA_HOME}/jre/lib/security/cacerts?

with sincere thanx!


Christopher Schultz-2 wrote:
> Hash: SHA1
> /U,
> On 4/10/2010 12:01 AM, /U wrote:
>> i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I
>> have
>>     private key (PEM), 
>>     identity cert (PEM)  (CA X trusts myhost)
>>    and a cert chain file (PEM file) (entrust trusts CA X)
>> The cert chain is: (entrust) === trusts ==> (CA X) == trusts ==> myhost
>> I have converted the private  key and identify cert into DER form
>> and have imported into /etc/keystore (tomcat's keystore).
> Tomcat does not use /etc/keystore unless you tell it to do so. Can you
> show us your server.xml, specifically your SSL <Connector> element?
> - -chris
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla -
> =/uks
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message