tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Secure Tomcat With SSL
Date Mon, 28 Oct 2013 14:35:01 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ognjen,

On 10/26/13, 6:47 PM, Ognjen Blagojevic wrote:
> Chris,
> 
> On 26.10.2013 23:39, Chris Arnold wrote:
>> Tomcat 7.0.42 on SLES11. I am following 
>> http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
>>
>> 
to secure tomcat. I have uncommented the SSL HTTP section. The
>> configuration section of that doc, importing the certificate: i
>> have a go daddy bundle in crt format. I can download the cert
>> bundle from go daddy for tomcat but it also is a crt file. Do i
>> have to run this exact command:
>> 
>> openssl pkcs12 -export -in mycert.crt -inkey mykey.key \ -out
>> mycert.p12 -name tomcat -CAfile myCA.crt \ -caname root -chain
> 
> It looks ok to me. Does it work for you?
> 
> It will create PKCS#12 keystore file (mycert.p12), so you may:
> 
> 1. add parameter keystoreType="pkcs12" to your HTTPS connector, and
> use that file, or 2. convert PKCS#12 keystore to Java Keystore
> format, and use default keystore type (JKS).
> 
> This is both possible, only if you plan to use either BIO or NIO
> HTTP connector. If you plan to use APR, connector configuration is
> completely different.

I've been having some trouble lately converting keys and certs from
OpenSSL format into Java's JKS format. I follow all of the magical
incantations I can find online to convert key+cert into a Java
keystore but I get no love. Is there a decent guide anywhere for how
to do this?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSbnYVAAoJEBzwKT+lPKRYa9wP/0OFuBG5EySMixPWt3y/H07w
4AE+P1NI877g4+ec8I2S2y7KGeHi9kxZ/5WzgOwnzGFddt930xVpzlb0FlMiIqZC
Y1OAkKSYm92W2+RA6Vf6SkKuHe9t0deDfrhuY87tU1n0JBg4MnQn7jvMxg/sowi5
axb0vuNYrCnMhtW13KtLeSWlgBnZiD3X2jpZkh8tg3O24S31uzxwFEigzIoYpPj+
3JTNeEeehAUgLe0o9uXC7+3135q4sipL9H32HDses00RhRd6TLYu9nZUsYjN6Kyl
31J3sescbxrDOQ/ex+c1ESmaAbIgnklOP0i5lRE2IqlnH/VFFZKaAhS6qyZPCLW3
ynI/2Tlo4I1ZfIcYpMQh5eFSv8gsATwkh9DaPhnazCdTymlLbaMiuceZvfWHc3/L
spI4HIciE1RbAjeiA1TMUIsL/wrtUXelAbG1wegVFPkFKr5wQifk3Bfb2ayoy5pA
kckziemb89Rif8wnO1wuA8ZPb4nKdvbX1QfUXIp3KI8GrQ0pM3ixURDelqituPw8
t2Jk3RZ545vukJtOaOeyCtBUwA8Ej44SLz29/tPb5jvhyo9dxwts6HPg0UKqycfB
LAd32e6UrO8won0EdPYjgLayvcpo7kNt+KcgaqccvN+LdX/6RkEoiTEQ75ilrxkP
DR67odtPTEgKE9nD4EJm
=AD/Q
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message