You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by George Christiansen - PA <Ge...@capmark.com> on 2010/12/14 02:15:55 UTC
SSL Cert
Hello,
I'm trying to remove an SSL cert from a Tomcat instance. Can I just comment/remove the certs from server.xml and maintain SSL without the cert?
Thanks,
George
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL Cert
Posted by George Christiansen - PA <Ge...@capmark.com>.
I thought I could comment out the cert in server.xml and have traffic go to port 8843 without the cert. The cert I have is expired and I'm not going to renew because I don't need it any longer.
Thanks,
George
________________________________________
From: Thomas Strauß [t.strauss@srs-management.de]
Sent: Tuesday, December 14, 2010 4:06 AM
To: Tomcat Users List
Subject: Re: SSL Cert
I do not understand the question, how do you want to use SSL without a cert?
Am 14.12.2010 um 02:15 schrieb George Christiansen - PA:
> Hello,
>
> I'm trying to remove an SSL cert from a Tomcat instance. Can I just comment/remove the certs from server.xml and maintain SSL without the cert?
>
> Thanks,
>
> George
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL Cert
Posted by Thomas Strauß <t....@srs-management.de>.
I do not understand the question, how do you want to use SSL without a cert?
Am 14.12.2010 um 02:15 schrieb George Christiansen - PA:
> Hello,
>
> I'm trying to remove an SSL cert from a Tomcat instance. Can I just comment/remove the certs from server.xml and maintain SSL without the cert?
>
> Thanks,
>
> George
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL Cert
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
George,
Please keep posts on the list for the benefit of others.
On 12/14/2010 5:23 PM, George Christiansen - PA wrote:
> If i do have the non-apr connector, and i need to confirm that, how
> would i remove the cert from the keystore?
Look at the help for keytool (keytool --help). You're looking for
something like this:
$ keytool -delete -alias myOldDeadKey
You might have to do this, first:
$ keytool --list
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk0H9nQACgkQ9CaO5/Lv0PAEOgCfctpARWCjznoCwyPhJF0O6NfK
T8MAn0umJrlSYuIJaac+X+JozxzsKSBs
=a61g
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL Cert
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
George,
On 12/13/2010 8:15 PM, George Christiansen - PA wrote:
> I'm trying to remove an SSL cert from a Tomcat instance. Can I just
> comment/remove the certs from server.xml and maintain SSL without the
> cert?
If you are using APR, then you specify the certificate in server.xml and
sure, you can just remove that configuration. Without a cert, of course,
you won't be able to serve SSL content.
If you are using a non-APR connector (BIO or NIO), you'll have to remove
the certificate from the keystore used by Tomcat -- it'll be mentioned
in the <Connector> configuration. Same comment about SSL availability
goes for this, too.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk0HlsMACgkQ9CaO5/Lv0PAYXwCfawu+Yju/N9IJovkYcY+PFzZs
r/UAmwXE56CSdQQC5H95zQeNXPfbNX8e
=b5lk
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL Cert
Posted by Tobias Crefeld <tc...@cataneo.eu>.
Am Mon, 13 Dec 2010 20:15:55 -0500
schrieb George Christiansen - PA <Ge...@capmark.com>:
> I'm trying to remove an SSL cert from a Tomcat instance. Can I just
> comment/remove the certs from server.xml and maintain SSL without the
> cert?
You can create a self-signed SSL-certificate instead.
Regards,
Tobias.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org