tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Baran Topal <jazziiil...@gmail.com>
Subject Re: Tomcat 6 SSL issue
Date Thu, 16 Oct 2014 17:20:45 GMT
Thanks for prompt response. I simply missed your mail.

I did the new CSR with the new private key.

"You could also add protocol attribute to force JSSE connector (BIO or
NIO), to prevent connector auto-selection."
1) What is the protocol attribute and where to add it?
2) I think those old cer and crt is not applicable anymore. Correct?
3) So, what is the fundamental difference in cer and crt? I received cer as
my friend told me it's the intermediate one, whereas crt is not.
4) What would be aliases for cer and crt? Any alias is fine? or it must
match with the alias for private key?

Regards.


2014-10-13 10:55 GMT+02:00 Ognjen Blagojevic <ognjen.d.blagojevic@gmail.com>
:

> Baran,
>
> On 10.10.2014 21:06, Baran Topal wrote:
>
>> Then I received 2 files from the certificate authority, abc.com.cer
>> and abc.om.p7b
>>
>
> What certificates do those files contain?
>
>
>  <Connector port="443"
>> maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
>> maxSpareThreads="75" enableLookups="false"
>> disableUploadTimeout="true" acceptCount="100"
>> scheme="https" secure="true" SSLEnabled="true"
>> clientAuth="false" sslProtocol="TLS"
>> keyAlias="server" keystoreFile="/path/to/JKSfile/your_site_name.jks"
>> keystorePass="your_keystore_password" />
>>
>
> Attribute maxSpareThreads is not listed in docs:
>
>   http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
>
> You could also add protocol attribute to force JSSE connector (BIO or
> NIO), to prevent connector auto-selection.
>
>
>  To clean the things up, I want to delete my keystore but is it fine if
>> I generate the key with another alias, e.g. tomcat as in the tomcat
>> documentation?
>>
>
> Private key necessary for encryption is in your keystore. If you delete
> your private key, and generate new key pair in new keystore your signed
> certificate becomes worthless. You will need to ask your CA (and, possibly,
> pay) for another certificate.
>
> If you just want to rename key in keystore, use "keytool -changealias".
>
>
>  2) I have the files, cer and crt (p7b), so is fine or should I need stg
>> extra?
>>
>
> You would need complete certificate chain in order to set up HTTPS. You
> need to check do you have a complete chain in cer file or not.
>
>
>  3) Is the order of import important?`first crt then cer?
>>
>
> If you have the complete chain in cer file, then you will just import the
> cer file.
>
>
>  4) What are the correct import commands? Should I trust tomcat
>> documentation or authorities documentation?
>>
>
> In what parts the two are different? You should use keytool -importcert
> command.
>
> -Ognjen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message