You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Geet Chandra <ge...@gmail.com> on 2012/02/02 03:05:16 UTC
Re: How to configure certificate file (*.cer) in Tomcat 6
Thanks Chris!!!
Please tell steps to configure *.cer certificate file.
On Wed, Feb 1, 2012 at 2:18 AM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Geet,
>
> On 1/29/12 11:42 PM, Geet Chandra wrote:
> >> Actually I don't want to use "keytool -import" command to import
> >> the *.cer file into *.keystore file.
> >>
> >>> Any particular reason for your preference?
> >
> > - The customer has got very secure environment...they don't want to
> > use the *.keystore being shipped with particular product.
>
> You can create your own keystore. Just remember that it has to have
> the server key as well as the certificate itself.
>
> >> - I am using Tomcat 6.x, J2EE based web application on Windows
> >> 2003 64 bit R2, SP2 OS.
>
> Very secure environment, eh?
>
> > Is it possible to configure like this
> >
> > <Connector port="8446" maxHttpHeaderSize="8192"
> > protocol="org.apache.coyote.http11.Http11Protocol"
> > SSLEnabled="true" maxThreads="150" minSpareThreads="25"
> > maxSpareThreads="75" enableLookups="false"
> > disableUploadTimeout="true" acceptCount="100" scheme="https"
> > secure="true" clientAuth="want" sslProtocol="TLS"
> > keystoreFile="c:/tomcat.keystore" truststoreFile ="C:/user.cer"
>
> It doesn't work that way. I think the only trust store types usable by
> Tomcat are "JKS" which are those that "keytool" creates and maintains.
>
> > Please let me know the correct syntax to configure "user.cer" in
> > server.xml
>
> You'll have to use APR (which uses OpenSSL) in order to use bare
> certificate files like that.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk8oU6wACgkQ9CaO5/Lv0PALNwCdEH8p8SV9kkcrh56exib2IhOu
> PvgAnj2wpRkBQ1oU2DOO/dUwG6lET6eu
> =1+X5
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Thanks & Regards
Geet
Re: How to configure certificate file (*.cer) in Tomcat 6
Posted by Pid <pi...@pidster.com>.
On 02/02/2012 05:06, Geet Chandra wrote:
> Thanks Dale!!!
Please stop top-posting. Please post your reply below each relevant
part of the previous email.
> Few more questions
Like this.
> 1. As I have exported *.cer as I have using Digital Badge in Internet
> Explorer.Can I use the same *.cer to configure in server.xml.If not, how
> can I generate the same file.
Huh?
http://www.google.co.uk/search?q=digital+badge
p
> 2. How can I generate ca2cert.pem file to use in server.xml
>
> On Thu, Feb 2, 2012 at 10:04 AM, Dale Ogilvie <Da...@trimble.com>wrote:
>
>> FYI, Here's how we did it with APR for local workstation SSL.
>>
>> Download APR from here: http://tomcat.apache.org/download-native.cgi
>>
>> Copy the files (openssl.exe and tc-native.dll) into the tomcat bin
>> directory
>>
>> Set up your SSL connector, pointing to your CA signed server
>> SSLCertificateFile and the CA as SSLCACertificateFile:
>>
>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLS"
>> SSLCertificateFile="c:/temp/localhost.cer"
>> SSLCACertificateFile="c:/temp/ca2cert.pem"
>> />
>>
>> -----Original Message-----
>> From: Geet Chandra [mailto:geetcs@gmail.com]
>> Sent: Thursday, 2 February 2012 3:05 p.m.
>> To: Tomcat Users List
>> Subject: Re: How to configure certificate file (*.cer) in Tomcat 6
>>
>> Thanks Chris!!!
>>
>> Please tell steps to configure *.cer certificate file.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
--
[key:62590808]
Re: How to configure certificate file (*.cer) in Tomcat 6
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Geet,
On 2/2/12 12:06 AM, Geet Chandra wrote:
> Thanks Dale!!!
>
> Few more questions
>
> 1. As I have exported *.cer as I have using Digital Badge in
> Internet Explorer.Can I use the same *.cer to configure in
> server.xml.If not, how can I generate the same file.
>
> 2. How can I generate ca2cert.pem file to use in server.xml
http://lmgtfy.com/?q=convert+cer+to+pem
- -chris
PS lmgtfy needs a site like lmlmgtfy so I don't have to type so much.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8qot8ACgkQ9CaO5/Lv0PCidQCgm/tUvxQdyIkLSENwaAVueMD7
DaYAn0YTuvOOYTayh6XAVZ1UcQCza+sA
=EN25
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to configure certificate file (*.cer) in Tomcat 6
Posted by Geet Chandra <ge...@gmail.com>.
Thanks Dale!!!
Few more questions
1. As I have exported *.cer as I have using Digital Badge in Internet
Explorer.Can I use the same *.cer to configure in server.xml.If not, how
can I generate the same file.
2. How can I generate ca2cert.pem file to use in server.xml
On Thu, Feb 2, 2012 at 10:04 AM, Dale Ogilvie <Da...@trimble.com>wrote:
> FYI, Here's how we did it with APR for local workstation SSL.
>
> Download APR from here: http://tomcat.apache.org/download-native.cgi
>
> Copy the files (openssl.exe and tc-native.dll) into the tomcat bin
> directory
>
> Set up your SSL connector, pointing to your CA signed server
> SSLCertificateFile and the CA as SSLCACertificateFile:
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> SSLCertificateFile="c:/temp/localhost.cer"
> SSLCACertificateFile="c:/temp/ca2cert.pem"
> />
>
> -----Original Message-----
> From: Geet Chandra [mailto:geetcs@gmail.com]
> Sent: Thursday, 2 February 2012 3:05 p.m.
> To: Tomcat Users List
> Subject: Re: How to configure certificate file (*.cer) in Tomcat 6
>
> Thanks Chris!!!
>
> Please tell steps to configure *.cer certificate file.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Thanks & Regards
Geet
Re: How to configure certificate file (*.cer) in Tomcat 6
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dale,
On 2/1/12 11:34 PM, Dale Ogilvie wrote:
> FYI, Here's how we did it with APR for local workstation SSL.
>
> Download APR from here:
> http://tomcat.apache.org/download-native.cgi
Nit: that's tcnative, not APR. tcnative requires APR, but they are
separate things.
> Copy the files (openssl.exe and tc-native.dll) into the tomcat
> bin directory
Note that you'll also need libapr.dll.
Also, I believe you'll have to set
"-Djava.library.path=%CATALINA_BASE%\bin", otherwise the JVM won't
find the libraries.
> Set up your SSL connector, pointing to your CA signed server
> SSLCertificateFile and the CA as SSLCACertificateFile:
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true" clientAuth="false"
> sslProtocol="TLS" SSLCertificateFile="c:/temp/localhost.cer"
> SSLCACertificateFile="c:/temp/ca2cert.pem" />
Just make sure that everything is in PEM form.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8qooIACgkQ9CaO5/Lv0PB/cwCgxDDHRBD/h7JfjjSdeRz4Q9g1
EK8AoKbF0/cLo/zz4vYV1pXmjP21Z8/c
=czvq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: How to configure certificate file (*.cer) in Tomcat 6
Posted by Dale Ogilvie <Da...@trimble.com>.
FYI, Here's how we did it with APR for local workstation SSL.
Download APR from here: http://tomcat.apache.org/download-native.cgi
Copy the files (openssl.exe and tc-native.dll) into the tomcat bin
directory
Set up your SSL connector, pointing to your CA signed server
SSLCertificateFile and the CA as SSLCACertificateFile:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="c:/temp/localhost.cer"
SSLCACertificateFile="c:/temp/ca2cert.pem"
/>
-----Original Message-----
From: Geet Chandra [mailto:geetcs@gmail.com]
Sent: Thursday, 2 February 2012 3:05 p.m.
To: Tomcat Users List
Subject: Re: How to configure certificate file (*.cer) in Tomcat 6
Thanks Chris!!!
Please tell steps to configure *.cer certificate file.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org