tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How to configure certificate file (*.cer) in Tomcat 6
Date Tue, 31 Jan 2012 20:48:44 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Geet,

On 1/29/12 11:42 PM, Geet Chandra wrote:
>> Actually I don't want to use "keytool -import" command to import
>> the *.cer file into *.keystore file.
>> 
>>> Any particular reason for your preference?
> 
> - The customer has got very secure environment...they don't want to
> use the *.keystore being shipped with particular product.

You can create your own keystore. Just remember that it has to have
the server key as well as the certificate itself.

>> - I am using Tomcat 6.x, J2EE based web application on Windows
>> 2003 64 bit R2, SP2 OS.

Very secure environment, eh?

> Is it possible to configure like this
> 
> <Connector port="8446" maxHttpHeaderSize="8192" 
> protocol="org.apache.coyote.http11.Http11Protocol"
> SSLEnabled="true" maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75" enableLookups="false"
> disableUploadTimeout="true" acceptCount="100" scheme="https"
> secure="true" clientAuth="want" sslProtocol="TLS" 
> keystoreFile="c:/tomcat.keystore" truststoreFile ="C:/user.cer"

It doesn't work that way. I think the only trust store types usable by
Tomcat are "JKS" which are those that "keytool" creates and maintains.

> Please let me know the correct syntax to configure "user.cer" in
> server.xml

You'll have to use APR (which uses OpenSSL) in order to use bare
certificate files like that.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8oU6wACgkQ9CaO5/Lv0PALNwCdEH8p8SV9kkcrh56exib2IhOu
PvgAnj2wpRkBQ1oU2DOO/dUwG6lET6eu
=1+X5
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message