tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: SSL Documentation Suggestion
Date Tue, 07 Aug 2012 16:47:50 GMT
Hash: SHA1


On 8/6/12 2:56 PM, David Landis wrote:
> I have a suggestion after just going through the process of 
> configuring SSL using this link:
>  I would recommend having completely separate sections for each of
> the SSL implementations (e.g APR or JSSE). The problem is, if you
> are unfamiliar with the process, it is ambiguous which
> implementation some of the steps are geared towards.
> For example, the line:
> "To create a new keystore from scratch, containing a single 
> self-signed Certificate, execute the following from a terminal
> command line..."
> My understanding (and I'm still not 100% sure!) is that this will
> not work if you are using Http11AprProtocol.

Well, you will have a perfectly valid keystore at that point, but
you're right: it won't be terribly useful.

> In that case you must follow different steps. Namely, you must do
> something like so:
> openssl req \ -x509 -nodes -days 365 \ -newkey rsa:1024 -keyout
> mycert.pem -out mycert.pem
> And I would suggest including a sample code fragment like that in
> the documentation in order to mirror the process outlined when
> using the keytool.
> In addition the section towards the end on CSR is similarly
> ambiguous.
> So overall, I think this particular page of the documentation
> leaves a lot to be desired. If there is any agreement on this
> point, I could attempt to contribute some of these changes if
> desired.

Documentation bug reports (especially with attached patches) are
always appreciated. Put everything into bugzilla. Be sure to indicate
which Tomcat version you are patching. Even better if you can use 'svn
diff' to generate your patches.

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message