SSL Cert

[George Christiansen - PA <Ge...@capmark.com>]

Hello,

I'm trying to remove an SSL cert from a Tomcat instance. Can I just comment/remove the certs from server.xml and maintain SSL without the cert?

Thanks,

George



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: SSL Cert

[George Christiansen - PA <Ge...@capmark.com>]

I thought I could comment out the cert in server.xml and have traffic go to port 8843 without the cert. The cert I have is expired and I'm not going to renew because I don't need it any longer. 
Thanks,
George

________________________________________
From: Thomas Strauß [t.strauss@srs-management.de]
Sent: Tuesday, December 14, 2010 4:06 AM
To: Tomcat Users List
Subject: Re: SSL Cert

I do not understand the question, how do you want to use SSL without a cert?

Am 14.12.2010 um 02:15 schrieb George Christiansen - PA:

> Hello,
>
> I'm trying to remove an SSL cert from a Tomcat instance. Can I just comment/remove the certs from server.xml and maintain SSL without the cert?
>
> Thanks,
>
> George
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL Cert

[Thomas Strauß <t....@srs-management.de>]

I do not understand the question, how do you want to use SSL without a cert?

Am 14.12.2010 um 02:15 schrieb George Christiansen - PA:

> Hello,
> 
> I'm trying to remove an SSL cert from a Tomcat instance. Can I just comment/remove the certs from server.xml and maintain SSL without the cert?
> 
> Thanks,
> 
> George
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL Cert

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

George,

Please keep posts on the list for the benefit of others.

On 12/14/2010 5:23 PM, George Christiansen - PA wrote:
> If i do have the non-apr connector, and i need to confirm that, how 
> would i remove the cert from the keystore?

Look at the help for keytool (keytool --help). You're looking for
something like this:

$ keytool -delete -alias myOldDeadKey

You might have to do this, first:

$ keytool --list

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0H9nQACgkQ9CaO5/Lv0PAEOgCfctpARWCjznoCwyPhJF0O6NfK
T8MAn0umJrlSYuIJaac+X+JozxzsKSBs
=a61g
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL Cert

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

George,

On 12/13/2010 8:15 PM, George Christiansen - PA wrote:
> I'm trying to remove an SSL cert from a Tomcat instance. Can I just
> comment/remove the certs from server.xml and maintain SSL without the
> cert?

If you are using APR, then you specify the certificate in server.xml and
sure, you can just remove that configuration. Without a cert, of course,
you won't be able to serve SSL content.

If you are using a non-APR connector (BIO or NIO), you'll have to remove
the certificate from the keystore used by Tomcat -- it'll be mentioned
in the <Connector> configuration. Same comment about SSL availability
goes for this, too.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0HlsMACgkQ9CaO5/Lv0PAYXwCfawu+Yju/N9IJovkYcY+PFzZs
r/UAmwXE56CSdQQC5H95zQeNXPfbNX8e
=b5lk
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL Cert

[Tobias Crefeld <tc...@cataneo.eu>]

Am Mon, 13 Dec 2010 20:15:55 -0500
schrieb George Christiansen - PA <Ge...@capmark.com>:

> I'm trying to remove an SSL cert from a Tomcat instance. Can I just
> comment/remove the certs from server.xml and maintain SSL without the
> cert?

You can create a self-signed SSL-certificate instead.

Regards,
 Tobias.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org