tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com>
Subject Re: How to configure certificate file (*.cer) in Tomcat 6
Date Mon, 30 Jan 2012 12:34:28 GMT
On 30.1.2012 12:44, Geet Chandra wrote:
> 1. By "*.keystore", do you mean keystore or truststore? Do you understand
> the difference between them?
> - Could you please explain the difference.

Google is your friend:

 
http://stackoverflow.com/questions/318441/truststore-and-keystore-definitions


> 2. Is your customer aware that there is no essential difference in term of
> security between JSSE and OpenSSL security implementations?
>
> - They may not be, but I shall get confirmation from them.

Ok, do that. Then, inform us are they still insisting on not using JSSE.


> 3. Do you plan to use client authentication via HTTPS or not? You are
> mentioning truststoreFile later.
> - Yes customer wants to use client authentication.

How did your customer generate client certificates? Do you have those 
certificates? You will need them in order to add them to 
truststoreFile/SSLCACertificatePath.


> 4. Is your server certificate self signed or signed by trusted CA? If you
> don't use client authentication using HTTPS, and your server is signed by
> trusted CA, perhaps there is no need to ship certificate with your
> application.
> - It is self signed.

If you need non-interactive server authentication, you will most 
probably need to export server certificate, and distribute it with your 
application, or make it available for download to the clients.

Server certificate may be inside truststore or .crt file. Client 
technology should dictate that.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message