-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Laurie,
On 5/17/18 11:33 AM, Laurie Miller-Cook wrote:
> I am very new to Tomcat so please bear with me.
Welcome.
> I currently have a Thawte certificate that is installed within IIS
> for our domain that is all managed by Rackspace.
>
> I now h
Hi Laurie,
This is what I do. I don't use keystore.
I use this within SSLHostConfig section.
> On May 17, 2018, at 11:33 AM, Laurie Miller-Cook
> wrote:
>
> Hi there,
>
> I am very new to Tomcat so please bear with me.
>
> I currently have a Thawte certificate that is installed within I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nithun,
On 4/1/14, 4:02 PM, Bomma, Nithun wrote:
> I want to get public & private keys from WebSphere and import into
> Tomcat.
>
> We have WebSphere certificates (Signed by Verisign) until 2015 and
we > want to use the same in tomcat.
Where are t
et]
Sent: Monday, March 31, 2014 2:58 PM
To: Tomcat Users List
Subject: Re: SSL Certificates
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ninthun,
On 3/31/14, 10:19 AM, Bomma, Nithun wrote:
> Hello,
>
> We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ninthun,
On 3/31/14, 10:19 AM, Bomma, Nithun wrote:
> Hello,
>
> We are using WebSphere v6.1 for SSO and we are moving to ForgeRock
> and it uses Apache Tomcat (v7.0.37)
>
> We are trying to import the certificates (Verisign) including the
> cha
On 3/31/14 10:32 AM, Blume Wolfgang wrote:
Hi,
If your certificate need not be changed,
then you need not create a new Certificate Signing Request (CSR) to get a
new certificate,
but only do the "Importing the Certificate" part of the description:
Import chain certificate, then your existing cert
..@gmail.com]
> Sent: Monday, March 31, 2014 10:39 AM
> To: Tomcat Users List
> Subject: Re: SSL Certificates
>
> On Mon, Mar 31, 2014 at 7:19 AM, Bomma, Nithun >wrote:
>
> > Hello,
> >
> > We are using WebSphere v6.1 for SSO and we are moving to ForgeRock an
ology (Operations)
AIM: nithunbomma
EMAIL: nithun.bo...@amtrak.com
Desk: 215-349-2065; ATS: 728-2065; Cell: 215-704-4981
-Original Message-
From: Leo Donahue [mailto:donahu...@gmail.com]
Sent: Monday, March 31, 2014 10:39 AM
To: Tomcat Users List
Subject: Re: SSL Certificates
On Mon, Mar 31,
On Mon, Mar 31, 2014 at 7:19 AM, Bomma, Nithun wrote:
> Hello,
>
> We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and it
> uses Apache Tomcat (v7.0.37)
>
> We are trying to import the certificates (Verisign) including the chain
> certificates from WebSphere to Tomcat.
>
> Have
On 17.1.2014 19:14, James H. H. Lampert wrote:
At this point, if you haven't already done so, I would strongly suggest
getting your CA's tech support in on this.
+1
Reserved IP addresses and internal server names are not unique on the
Internet, so the certificates for them may be reused in di
At this point, if you haven't already done so, I would strongly suggest
getting your CA's tech support in on this.
Of course, your latest posts also beg the question of why you would be
spending good money on a signed SSL certificate for an internal web
site, or why you'd be using an internal
Hi Ognjen,
Reading the pdf link you provided it seems that I should use ip based
certificates and for each different ip which needs certificate I will have
to request one.
I should use -ext san=ip:$ip instead of -ext san=dns:$host.
Then CA will not drop the details.
Regards,
Miten.
On Fri, J
If I remove internal /etc/hosts lookup entry should it resolve or you mean
CA just dropped subjectAltName even though I included. - miten
On Jan 17, 2014 7:31 PM, "Ognjen Blagojevic"
wrote:
> Miten,
>
> On 17.1.2014 14:33, Miten Mehta wrote:
>
>> The catalina.out complaines with SSL handshake sta
What's the alternative to using subjectAltName? I thought it was flexible
to make certificate portable across our development environments. Should I
use IP (internal instead)? - Miten.
On Jan 17, 2014 7:31 PM, "Ognjen Blagojevic"
wrote:
> Miten,
>
> On 17.1.2014 14:33, Miten Mehta wrote:
>
>> Th
Miten,
On 17.1.2014 14:33, Miten Mehta wrote:
The catalina.out complaines with SSL handshake stating No Name matching
mhoodws.ril.local found.
For security reasons, CA shouldn't sign any certificate containing
internal server name (either as CN, or subjectAltName):
"As of July 1, 2012, all
Hi James,
Thanks a lot. I followed your steps but seems I am getting different error
as if the signed certificate is not dns based. The original self signed
certificate was able to work fine in dns based format for keytool when I
imported it into client keystore.
below I created the self signed
Christopher Schultz wrote:
:)
Give me OpenSSL any day of the week. ;)
Dunno. Can't recall ever having any experience with it at all. Just DCM
(for securing IBM-proprietary servers, like their Secured Telnet [NOT
ssh] server and their various proprietary web-serving products), and
Keytool (f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 1/16/14, 6:18 PM, James H. H. Lampert wrote:
> Christopher Schultz wrote:
>> That is always true. But you don't need a certificate to create a
>> CSR.
> If Keytool and the Java Keystore format even recognize any
> difference between the c
Christopher Schultz wrote:
That is always true. But you don't need a certificate to create a CSR.
If Keytool and the Java Keystore format even recognize any difference
between the concepts of "keypair" and "self-signed certificate," it
would be news to me.
Speaking of one who regularly ins
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 1/16/14, 5:04 PM, James H. H. Lampert wrote:
> On 1/16/14 1:49 PM, Christopher Schultz wrote:
>> Why are you self-signing a certificate if you are going to get
>> it signed by a CA?
>
> A newly-created keypair in a Java keystore is, by de
On 1/16/14 1:49 PM, Christopher Schultz wrote:
Why are you self-signing a certificate if you are going to get it
signed by a CA?
A newly-created keypair in a Java keystore is, by definition, a
self-signed certificate. And you can't create a CSR without having a
keypair from which to create it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Miten,
On 1/16/14, 12:09 PM, Miten Mehta wrote:
> Hi,
>
> Adding more clarification for ease below.
>
> 1) create keystore.jks with self signed cert (alias tomcat).
Why are you self-signing a certificate if you are going to get it
signed by a CA?
? will existing become redundant ?
NO, the SIGNED certificate will, at least in effect, be MERGED with the
original certificate.
Deleting the original certificate from the keystore before importing the
signed one will render the signed certificate WORTHLESS.
--
James H. H. Lampert
---
Hi,
Step #4 is not correct; if you delete the existing certificate you would
have lost everything. Please follow the instruction given by James H. H.
Lampert.
Thanks,
Ike
From: Miten Mehta
To: users@tomcat.apache.org,
Date: 01/16/2014 11:09 AM
Subject:Re: SSL
Hi,
Adding more clarification for ease below.
1) create keystore.jks with self signed cert (alias tomcat).
2) generate old.csr and send for signing to CA
3) get back new.cer (signed certificate) and root.cer (root certificate)
4) delete existing cert from keystore.jks (alias tomcat)
5) import roo
On 1/16/14 9:01 AM, Miten Mehta wrote:
Hi,
I am understanding SSL for tomcat using
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html.
1)I create jks using self signed certificate using keytool.
2) I generate CSR from that keystore/certificate.
3) I get it signed by CA who gives me root cert
26 matches
Mail list logo
