>(2) JSSE uses one keyfile (the keystore). PureTLS uses three, the >keyfile, the CA file, and the random file. I need to add new >directives to ServerSocketFactory to propagate those.
I couldn't tell you how many questions I've got after releasing my SSL documentation for tomcat 3.2/3.3. The recurrent question was about how to create CA/CERTS. Since mod_ssl for Apache HTTPD server use the same files organisation/format (PEM) than PureTLS, and now there is tools (http://www.openca.org/) to create a complete PKI, having tomcat using such standard will help people use tomcat in SSL. A big +1 so for the PureTLS Cert/Key pem. I even like to have server cert and key in differents files (à la mod_ssl), and even use the code from Bojan 'PasswordPrompter' when the key is protected by password.... -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
