tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: How to configure certificate file (*.cer) in Tomcat 6
Date Tue, 31 Jan 2012 20:48:44 GMT
Hash: SHA1


On 1/29/12 11:42 PM, Geet Chandra wrote:
>> Actually I don't want to use "keytool -import" command to import
>> the *.cer file into *.keystore file.
>>> Any particular reason for your preference?
> - The customer has got very secure environment...they don't want to
> use the *.keystore being shipped with particular product.

You can create your own keystore. Just remember that it has to have
the server key as well as the certificate itself.

>> - I am using Tomcat 6.x, J2EE based web application on Windows
>> 2003 64 bit R2, SP2 OS.

Very secure environment, eh?

> Is it possible to configure like this
> <Connector port="8446" maxHttpHeaderSize="8192" 
> protocol="org.apache.coyote.http11.Http11Protocol"
> SSLEnabled="true" maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75" enableLookups="false"
> disableUploadTimeout="true" acceptCount="100" scheme="https"
> secure="true" clientAuth="want" sslProtocol="TLS" 
> keystoreFile="c:/tomcat.keystore" truststoreFile ="C:/user.cer"

It doesn't work that way. I think the only trust store types usable by
Tomcat are "JKS" which are those that "keytool" creates and maintains.

> Please let me know the correct syntax to configure "user.cer" in
> server.xml

You'll have to use APR (which uses OpenSSL) in order to use bare
certificate files like that.

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message