tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Using a P7B certificate file
Date Tue, 10 Sep 2013 21:19:09 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James,

On 9/10/13 1:12 PM, James H. H. Lampert wrote:
> We have a customer that wants to apply an existing multi-domain 
> certificate to the tomcat server in our application.
> 
> The only thing is, all we've seen is a P7B file, not a keystore,
> and we don't even know what sort of keystore they used to generate
> the original CSR.

"P7B" is otherwise known as a PKCS#7 file and usually contains a
certificate. Does the file contain *only* a certificate, or does it
also contain the key that was used to generate the CSR? If you have
the cert but not the key, you won't be able to use it for serving HTTPS.

> The only time a similar situation came up in the past was when
> somebody jumped the gun, and assumed that since the Tomcat server
> was running on an AS/400, it would use keystores and certificates
> created through IBM's Digital Certificate Manager, in IBM's
> proprietary format. All I can say about that is that I hope they
> either got their money back for the totally unusable keystore, or
> got credit on the correct one.

Most CAs will re-issue certificates for the same hostname with a
reasonable explanation.

> Needless to say, we generally take full control of certificate 
> installation, in order to reduce the potential for expensive 
> mistakes.
> 
> At any rate, what can be done with this customer who wants to use
> their multi-domain certificate in Tomcat?

Let's start with what you've actually got. You said you have a file.
What's in the file?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSL4zMAAoJEBzwKT+lPKRYCsgP/i29HaX0liAzys1ULHGRTWra
OObCfl0tCTQ0pI/UndnLWYpfryka4J18UdlxNcwGC5UwoMCXb3nFLCexgJFBROew
1I21wBvo7ZthsnDDRht9Vr4ja+6GS5YKyQkFSLFwOz2niSNJqhgd5BiUKPENAmq4
N64I222B7zDOyY4HbPEjpGamJ4ZigYZMKGU7PzjVuuv4vMdgXNWF7n9W5jaavIZC
Y7n/Y+4hUYEl6JBjfsWogprwhKFk46mzo+mhEvRGGuUiDAjxcR4lyI8R0oDz/Xpp
hIoaS7m4s3z4SuAB0OAUkzWPsui8CyJweSHkcD382bswqvmd9AuaLCiRGyWOf5j0
aPMA0GZUYXe+cYOkgBa53Rx8Ud3mELUPiS08/LLO9Add2qIzCjI3XcxcpwcCMvxR
hjdbuKzS50doQHc5nv+CQ+LYtbCWmvRRscvj8y8UcqbIddwK8ML1Jqij9Jeb7IQF
qZIzpQWMWJ6qvzmepz6f5+P/1PdoT6hT25O5KKcYj+ZRhSQo07euU4j+q95ZV5zX
3b1VoTB6RwVMRth14cEd6KKfVP9FXupkL/uwp+cNxRP6KXC81JL2Y0WbE0PcTsI2
pMhtqu69RY7kBuikNfYkEPsQVcrs8z/TPMXTQHs/lhoPXavHnxskbSn5xS3PmrUX
5e5y9NJ+3rUrBO8b+oMe
=SHPO
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message