tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geet Chandra <gee...@gmail.com>
Subject Re: How to configure certificate file (*.cer) in Tomcat 6
Date Thu, 02 Feb 2012 02:05:16 GMT
Thanks Chris!!!

Please tell steps to configure *.cer certificate file.


On Wed, Feb 1, 2012 at 2:18 AM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Geet,
>
> On 1/29/12 11:42 PM, Geet Chandra wrote:
> >> Actually I don't want to use "keytool -import" command to import
> >> the *.cer file into *.keystore file.
> >>
> >>> Any particular reason for your preference?
> >
> > - The customer has got very secure environment...they don't want to
> > use the *.keystore being shipped with particular product.
>
> You can create your own keystore. Just remember that it has to have
> the server key as well as the certificate itself.
>
> >> - I am using Tomcat 6.x, J2EE based web application on Windows
> >> 2003 64 bit R2, SP2 OS.
>
> Very secure environment, eh?
>
> > Is it possible to configure like this
> >
> > <Connector port="8446" maxHttpHeaderSize="8192"
> > protocol="org.apache.coyote.http11.Http11Protocol"
> > SSLEnabled="true" maxThreads="150" minSpareThreads="25"
> > maxSpareThreads="75" enableLookups="false"
> > disableUploadTimeout="true" acceptCount="100" scheme="https"
> > secure="true" clientAuth="want" sslProtocol="TLS"
> > keystoreFile="c:/tomcat.keystore" truststoreFile ="C:/user.cer"
>
> It doesn't work that way. I think the only trust store types usable by
> Tomcat are "JKS" which are those that "keytool" creates and maintains.
>
> > Please let me know the correct syntax to configure "user.cer" in
> > server.xml
>
> You'll have to use APR (which uses OpenSSL) in order to use bare
> certificate files like that.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk8oU6wACgkQ9CaO5/Lv0PALNwCdEH8p8SV9kkcrh56exib2IhOu
> PvgAnj2wpRkBQ1oU2DOO/dUwG6lET6eu
> =1+X5
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
Thanks & Regards
Geet

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message