You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "BONNET, Frank" <fr...@esiee.fr> on 2014/02/14 14:10:15 UTC
Generate pkcs12 certificates from offical COMODO certs
Hello
I have officials certificates for apache2 from COMODO that I would like to
import into tomcat ( pkcs12 ) if someone has links / infos to do this task
it would be a great help ( google doesn't help much )
thanks you
Re: Generate pkcs12 certificates from offical COMODO certs
Posted by Ognjen Blagojevic <og...@gmail.com>.
Frank,
On 15.2.2014 7:02, Frank BONNET wrote:
> seems to work without it !
I recommend that you always import intermediate certificates into the
keystore. If you don't, some clients / web browsers will find a way to
lookup for missing certificates, but others will fail.
Therefore, it is much better if you serve the complete chain (server
certificate + intermediate certificates) to the client.
If you are not sure if certificate chain served to the clients is
complete, there is plenty of on-line tools to check that for you.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Generate pkcs12 certificates from offical COMODO certs
Posted by Frank BONNET <fr...@esiee.fr>.
seems to work without it !
thanks
Envoyé de mon iPhone.
Le 14 févr. 2014 à 16:16, Ognjen Blagojevic
<og...@gmail.com> a écrit :
> Frank,
>
> On 14.2.2014 15:00, BONNET, Frank wrote:
>> the intermediate cert in the one named "chain" right ?
>
> Yes, it is usually named that way.
>
> -Ognjen
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Generate pkcs12 certificates from offical COMODO certs
Posted by Ognjen Blagojevic <og...@gmail.com>.
Frank,
On 14.2.2014 15:00, BONNET, Frank wrote:
> the intermediate cert in the one named "chain" right ?
Yes, it is usually named that way.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Generate pkcs12 certificates from offical COMODO certs
Posted by "BONNET, Frank" <fr...@esiee.fr>.
Hello Ognjen
the intermediate cert in the one named "chain" right ?
*Frank BONNET*
Systemes UNIX et Reseaux
ESIEE PARIS
01.45.92.66.17 - 06.70.37.37.69
2014-02-14 14:57 GMT+01:00 Ognjen Blagojevic <og...@gmail.com>
:
> Frank,
>
>
> On 14.2.2014 14:10, BONNET, Frank wrote:
>
>> I have officials certificates for apache2 from COMODO that I would like to
>> import into tomcat ( pkcs12 ) if someone has links / infos to do this
>> task
>> it would be a great help ( google doesn't help much )
>>
>
> You didn't mention if you have any preference whether you want to use:
>
> i. BIO or NIO HTTPS connectors (based on JSSE), or
> ii. APR HTTPS connector (based on OpenSSL).
>
> Since you mentioned that you want to use PKCS#12 format, I guess you are
> interested in JSSE connectors. If you want to use APR, then the procedure
> is different then the one described here.
>
>
> Let's say that you have
>
> 1. Server key in file server.key
> 2. Server certificate in file server.pem
> 3. Intermediate certificates in file intermediates.pem
>
> Then, all you need to do is:
>
> openssl pkcs12 -export -out keystore.p12 -name myserver -in server.pem
> -inkey server.key -certfile intermediates.pem
>
>
> Note that it is not necessary that intermediates.pem contains root
> certificate.
>
>
> Then, configure HTTPS connector in conf/server.xml as
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11Protocol"
> SSLEnabled="true" maxThreads="150" scheme="https"
> secure="true" clientAuth="false" sslProtocol="TLS"
> keystoreFile="keystore.p12" keyAlias="myserver"
> keystoreType="pkcs12" />
>
>
> I also recommend that if you check your ciphers strenth, and restrict them
> accordingly.
>
> -Ognjen
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Generate pkcs12 certificates from offical COMODO certs
Posted by Ognjen Blagojevic <og...@gmail.com>.
Frank,
On 14.2.2014 14:10, BONNET, Frank wrote:
> I have officials certificates for apache2 from COMODO that I would like to
> import into tomcat ( pkcs12 ) if someone has links / infos to do this task
> it would be a great help ( google doesn't help much )
You didn't mention if you have any preference whether you want to use:
i. BIO or NIO HTTPS connectors (based on JSSE), or
ii. APR HTTPS connector (based on OpenSSL).
Since you mentioned that you want to use PKCS#12 format, I guess you are
interested in JSSE connectors. If you want to use APR, then the
procedure is different then the one described here.
Let's say that you have
1. Server key in file server.key
2. Server certificate in file server.pem
3. Intermediate certificates in file intermediates.pem
Then, all you need to do is:
openssl pkcs12 -export -out keystore.p12 -name myserver -in server.pem
-inkey server.key -certfile intermediates.pem
Note that it is not necessary that intermediates.pem contains root
certificate.
Then, configure HTTPS connector in conf/server.xml as
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
secure="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="keystore.p12" keyAlias="myserver"
keystoreType="pkcs12" />
I also recommend that if you check your ciphers strenth, and restrict
them accordingly.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Generate pkcs12 certificates from offical COMODO certs
Posted by "BONNET, Frank" <fr...@esiee.fr>.
I need to convert/import from PEM format to P12
thanks
2014-02-14 14:14 GMT+01:00 Sanaullah <sa...@gmail.com>:
> Hi Frank,
>
> I am not expert with apache. can you please let me know which format of
> certificate you do have? pem, der, p12. and also in which format you would
> like to convert? or import
>
> Regards,
> Sanaullah
>
>
> On Fri, Feb 14, 2014 at 6:10 PM, BONNET, Frank <fr...@esiee.fr>wrote:
>
>> Hello
>>
>>
>> I have officials certificates for apache2 from COMODO that I would like to
>>
>> import into tomcat ( pkcs12 ) if someone has links / infos to do this
>> task
>>
>> it would be a great help ( google doesn't help much )
>>
>>
>> thanks you
>>
>
>