tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com>
Subject Re: Tomcat 6 SSL issue
Date Mon, 13 Oct 2014 08:55:49 GMT
Baran,

On 10.10.2014 21:06, Baran Topal wrote:
> Then I received 2 files from the certificate authority, abc.com.cer
> and abc.om.p7b

What certificates do those files contain?


> <Connector port="443"
> maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75" enableLookups="false"
> disableUploadTimeout="true" acceptCount="100"
> scheme="https" secure="true" SSLEnabled="true"
> clientAuth="false" sslProtocol="TLS"
> keyAlias="server" keystoreFile="/path/to/JKSfile/your_site_name.jks"
> keystorePass="your_keystore_password" />

Attribute maxSpareThreads is not listed in docs:

   http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

You could also add protocol attribute to force JSSE connector (BIO or 
NIO), to prevent connector auto-selection.


> To clean the things up, I want to delete my keystore but is it fine if
> I generate the key with another alias, e.g. tomcat as in the tomcat
> documentation?

Private key necessary for encryption is in your keystore. If you delete 
your private key, and generate new key pair in new keystore your signed 
certificate becomes worthless. You will need to ask your CA (and, 
possibly, pay) for another certificate.

If you just want to rename key in keystore, use "keytool -changealias".


> 2) I have the files, cer and crt (p7b), so is fine or should I need stg extra?

You would need complete certificate chain in order to set up HTTPS. You 
need to check do you have a complete chain in cer file or not.


> 3) Is the order of import important?`first crt then cer?

If you have the complete chain in cer file, then you will just import 
the cer file.


> 4) What are the correct import commands? Should I trust tomcat
> documentation or authorities documentation?

In what parts the two are different? You should use keytool -importcert 
command.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message