tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Savard <daniel.sav...@gmail.com>
Subject Re: [Tomcat 9.0.37] Https / SSL on Windows server 2016 with windows certificate store
Date Sun, 12 Jul 2020 17:39:34 GMT
Le sam. 11 juil. 2020 à 17:52, Valentin <xeno.gera@gmail.com> a écrit :

> Hello,
>
> I try to configure my tomcat 9.0.37 installed on a windows server 2016 to
> use a certificate located in *cert:LocalMachine\My*
>
> I mention that I am an administrator of this machine.
> This certificate is also used by IIS.
>
> What I did was to configure my server.xml file like this :
>
> <Connector port="8443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
>                SSLEnabled="true"
>                maxThreads="150" scheme="https" secure="true"
>                keyAlias="myserver.domain.com"
>                keystoreFile=""
>                keystorePass=""
>                keystoreType="Windows-My"
>                clientAuth="false" sslProtocol="TLS" />
>
> The error I got in tomcat logs was that the keyAlias doesn't exist but I
> used the CN mentioned in the description of my certificate.
>
> Is it possible for tomcat to use the windows certificate store ?
> The only link I found about this was :
> https://bz.apache.org/bugzilla/show_bug.cgi?id=56021
>
> Thanks for your help
>
> Valentin.M
>

In documentation:
http://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore

"Tomcat currently operates only on JKS, PKCS11 or PKCS12 format keystores."

Windows local certificates are stored in the Windows registry.
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores

Since IIS is a Windows-only product, this is the simple thing for them to
do. Tomcat runs on various platforms and should support open and neutral
keystore formats instead.

-----------------
Daniel Savard

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message