You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Raminder Singh <Ra...@infosys.com> on 2009/04/22 11:06:11 UTC
Steps to configure Tomcat 5.0 with PKCS#11 support
Hi,
We are using tomcat 5.0.28 and JDK 1.5.10. Now, there is some requirement to use tomcat with PKCS#11 support.
Initial study shows that a hardware token would be needed for this.
1) Is minimum tomcat version 5.5 is must for this?
2) Is this hardware requirement is mandatory? Or any other way is possible?
3) what additional changes would be required at server.xml level for PKCS#11 support.
Regards,
Raminder Singh
**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
for the use of the addressee(s). If you are not the intended recipient, please
notify the sender by e-mail and delete the original message. Further, you are not
to copy, disclose, or distribute this e-mail or its contents to any other person and
any such actions are unlawful. This e-mail may contain viruses. Infosys has taken
every reasonable precaution to minimize this risk, but is not liable for any damage
you may sustain as a result of any virus in this e-mail. You should carry out your
own virus checks before opening the e-mail or attachment. Infosys reserves the
right to monitor and review the content of all messages sent to or from this e-mail
address. Messages sent to or from this e-mail address may be stored on the
Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***
Re: Steps to configure Tomcat 5.0 with PKCS#11 support
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Raminder,
On 4/22/2009 5:06 AM, Raminder Singh wrote:
> We are using tomcat 5.0.28 and JDK 1.5.10. Now, there is some
> requirement to use tomcat with PKCS#11 support. Initial study shows
> that a hardware token would be needed for this.
>
> 1) Is minimum tomcat version 5.5 is must for this?
It appears so.
> 2) Is this hardware requirement is mandatory? Or any other way
> is possible?
Well, PKCS#11 is traditionally used with hardware, but a software token
is also acceptable.
> 3) what additional changes would be required at server.xml
> level for PKCS#11 support.
RTFM:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
There are also references in the list archives:
http://marc.info/?l=tomcat-user&m=118066767827013&w=2
Unfortunately, that doesn't seem to be the right answer:
http://marc.info/?l=tomcat-user&m=118073747704071&w=2
...although the OP might not be properly configuring their keystore.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknvfisACgkQ9CaO5/Lv0PBwwACfYoeFfvGsOcUfMKb+fU4ZJG6R
Mw8AoId5zZdQvqY+HZmkbC4dS8UPc4a2
=Cg6t
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org