tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Landis <>
Subject SSL Documentation Suggestion
Date Mon, 06 Aug 2012 18:56:23 GMT
I have a suggestion after just going through the process of
configuring SSL using this link:

I would recommend having completely separate sections for each of the
SSL implementations (e.g APR or JSSE). The problem is, if you are
unfamiliar with the process, it is ambiguous which implementation some
of the steps are geared towards.

For example, the line:

"To create a new keystore from scratch, containing a single
self-signed Certificate, execute the following from a terminal command

My understanding (and I'm still not 100% sure!) is that this will not
work if you are using Http11AprProtocol. In that case you must follow
different steps. Namely, you must do something like so:

openssl req \
  -x509 -nodes -days 365 \
  -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

And I would suggest including a sample code fragment like that in the
documentation in order to mirror the process outlined when using the

In addition the section towards the end on CSR is similarly ambiguous.

So overall, I think this particular page of the documentation leaves a
lot to be desired. If there is any agreement on this point, I could
attempt to contribute some of these changes if desired.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message