tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: SSL Documentation Suggestion
Date Tue, 07 Aug 2012 16:47:50 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David,

On 8/6/12 2:56 PM, David Landis wrote:
> I have a suggestion after just going through the process of 
> configuring SSL using this link:
> 
> http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
>
>  I would recommend having completely separate sections for each of
> the SSL implementations (e.g APR or JSSE). The problem is, if you
> are unfamiliar with the process, it is ambiguous which
> implementation some of the steps are geared towards.
> 
> For example, the line:
> 
> "To create a new keystore from scratch, containing a single 
> self-signed Certificate, execute the following from a terminal
> command line..."
> 
> My understanding (and I'm still not 100% sure!) is that this will
> not work if you are using Http11AprProtocol.

Well, you will have a perfectly valid keystore at that point, but
you're right: it won't be terribly useful.

> In that case you must follow different steps. Namely, you must do
> something like so:
> 
> openssl req \ -x509 -nodes -days 365 \ -newkey rsa:1024 -keyout
> mycert.pem -out mycert.pem
> 
> And I would suggest including a sample code fragment like that in
> the documentation in order to mirror the process outlined when
> using the keytool.
> 
> In addition the section towards the end on CSR is similarly
> ambiguous.
> 
> So overall, I think this particular page of the documentation
> leaves a lot to be desired. If there is any agreement on this
> point, I could attempt to contribute some of these changes if
> desired.

Documentation bug reports (especially with attached patches) are
always appreciated. Put everything into bugzilla. Be sure to indicate
which Tomcat version you are patching. Even better if you can use 'svn
diff' to generate your patches.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAhRrYACgkQ9CaO5/Lv0PBpeACeKeNnDdgcaebUeGy7aeCxjwih
t5UAoMOD1zoVwTHSyChn8gSdYCTKcCGc
=G7IA
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message