tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geet Chandra <gee...@gmail.com>
Subject Re: How to configure certificate file (*.cer) in Tomcat 6
Date Mon, 30 Jan 2012 11:44:29 GMT
Thanks  Ognjen!
Please find my inline comments.

1. By "*.keystore", do you mean keystore or truststore? Do you understand
the difference between them?
- Could you please explain the difference.

2. Is your customer aware that there is no essential difference in term of
security between JSSE and OpenSSL security implementations?

- They may not be, but I shall get confirmation from them.

3. Do you plan to use client authentication via HTTPS or not? You are
mentioning truststoreFile later.
- Yes customer wants to use client authentication.

4. Is your server certificate self signed or signed by trusted CA? If you
don't use client authentication using HTTPS, and your server is signed by
trusted CA, perhaps there is no need to ship certificate with your
application.
- It is self signed.


On Mon, Jan 30, 2012 at 5:06 PM, Ognjen Blagojevic <
ognjen.d.blagojevic@gmail.com> wrote:

> Geet,
>
> Bottom-posting style is standard on this list (
> http://en.wikipedia.org/wiki/**Posting_style#Bottom-posting<http://en.wikipedia.org/wiki/Posting_style#Bottom-posting>
> ).
>
>
>
> On 30.1.2012 5:42, Geet Chandra wrote:
>
>> - The customer has got very secure environment...they don't want to use
>> the
>> *.keystore being shipped
>> with particular product.
>>
>
> Uhm... lots of questions here:
>
> 1. By "*.keystore", do you mean keystore or truststore? Do you understand
> the difference between them?
>
> 2. Is your customer aware that there is no essential difference in term of
> security between JSSE and OpenSSL security implementations?
>
> 3. Do you plan to use client authentication via HTTPS or not? You are
> mentioning truststoreFile later.
>
> 4. Is your server certificate self signed or signed by trusted CA? If you
> don't use client authentication using HTTPS, and your server is signed by
> trusted CA, perhaps there is no need to ship certificate with your
> application.
>
>
>
>  Is it possible to configure like this
>>
>> <Connector port="8446" maxHttpHeaderSize="8192"
>> protocol="org.apache.coyote.**http11.Http11Protocol" SSLEnabled="true"
>>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>>                enableLookups="false" disableUploadTimeout="true"
>>                acceptCount="100" scheme="https" secure="true"
>>                clientAuth="want" sslProtocol="TLS"
>>                keystoreFile="c:/tomcat.**keystore"
>>                truststoreFile ="C:/user.cer"
>>              />
>>      @END_ENABLESTANDALONEHTTPS@-->
>>
>
> No.
>
> Parameters keystoreFile and truststoreFile are to be used with Java
> keystores. For .cer files (OpenSSL) you must use APR connector and SSL*
> attributes. See:
>
> http://tomcat.apache.org/**tomcat-6.0-doc/apr.html#HTTPS<http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS>
>
> -Ognjen
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
Thanks & Regards
Geet

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message