tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Wildcard certificates
Date Wed, 17 Apr 2019 16:41:27 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

To whom it may concern,

On 4/17/19 09:44, TurboChargedDad . wrote:
> We terminated SSL above the tomcat layer using NGINX or Apache to
> avoid the complexities that come with managing a JKS.  I want to
> hear all I can on this subject.

It's not necessary to handle JKS files to use Tomcat for TLS termination
.

You can use PEM-encoded DER files (same as httpd, nginx, etc.) if you
use any connector along with the OpenSSL engine.

You can also use PKCS12 files (similar to JKS files, but much more
standard) which openssl knows how to manipulate (as does Java's
"keytool") with any JSSE-based crypto engine.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3VzcACgkQHPApP6U8
pFhOwxAAtd5d0UDSp1SEjZWKu+AX970vUTZIc+UxeWAWcwG20MjBeHa4PBzrJFIK
QVduzNGBJvi2oez9QV3LCnLo2jkIgpZG6EC/+TBQSSfAn8iGrL7lc59vWXg551PC
8+llFd9q3M13dqyx824YijMPptwFxH36z0K2pr34ytZOP1g/QDUA07dW5rW2rJKF
tdOkHIE/QvEE+iSQnrYQbNNknBk/grzbxDwg7lZupSi1UBY080Hc8aPzWknBADKh
zPKt6942WMvrIDmK8yCQSgkqjG8QWrZfR5QNkvnkRN4rridK4TevYm6Da/QI46w3
NPSozJeNKGeaUylabH4jTcVBE3eynOcP0oyBJ7/MmMzu1a9jU9ar7mZmTlZEPaEV
f3jxmfQ5m4AmbypNfwLzudo0ekVQceD33Ba04/VO9wGESMNSQTF6XIz69BSHvj1s
KsIIFcgdWuVH5ae5UxgirWghecz2xZAu7BHXYtkPdLcmF/RgTR1lQQ34JDlB9VPM
NdtZuVUWasnlWVGF4YDV6RzQwdhzGk4FUd38ULRzsc+ycyA0LtbdQfyear/N/dxl
c4s+nPiub1lnggMbd990uPMhoy8AaEGq4GG6NyKXvBz1sUw72n27QO6tCEIinQSe
E8OOofUgHAcLwuEQxLO/bvVnD77Vx95lxnIoludx51BvEM1ZbbU=
=M18j
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message