-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ognjen,
On 10/26/13, 6:47 PM, Ognjen Blagojevic wrote: > Chris, > > On 26.10.2013 23:39, Chris Arnold wrote: >> Tomcat 7.0.42 on SLES11. I am following >> http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration >> >> to secure tomcat. I have uncommented the SSL HTTP section. The >> configuration section of that doc, importing the certificate: i >> have a go daddy bundle in crt format. I can download the cert >> bundle from go daddy for tomcat but it also is a crt file. Do i >> have to run this exact command: >> >> openssl pkcs12 -export -in mycert.crt -inkey mykey.key \ -out >> mycert.p12 -name tomcat -CAfile myCA.crt \ -caname root -chain > > It looks ok to me. Does it work for you? > > It will create PKCS#12 keystore file (mycert.p12), so you may: > > 1. add parameter keystoreType="pkcs12" to your HTTPS connector, and > use that file, or 2. convert PKCS#12 keystore to Java Keystore > format, and use default keystore type (JKS). > > This is both possible, only if you plan to use either BIO or NIO > HTTP connector. If you plan to use APR, connector configuration is > completely different. I've been having some trouble lately converting keys and certs from OpenSSL format into Java's JKS format. I follow all of the magical incantations I can find online to convert key+cert into a Java keystore but I get no love. Is there a decent guide anywhere for how to do this? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSbnYVAAoJEBzwKT+lPKRYa9wP/0OFuBG5EySMixPWt3y/H07w 4AE+P1NI877g4+ec8I2S2y7KGeHi9kxZ/5WzgOwnzGFddt930xVpzlb0FlMiIqZC Y1OAkKSYm92W2+RA6Vf6SkKuHe9t0deDfrhuY87tU1n0JBg4MnQn7jvMxg/sowi5 axb0vuNYrCnMhtW13KtLeSWlgBnZiD3X2jpZkh8tg3O24S31uzxwFEigzIoYpPj+ 3JTNeEeehAUgLe0o9uXC7+3135q4sipL9H32HDses00RhRd6TLYu9nZUsYjN6Kyl 31J3sescbxrDOQ/ex+c1ESmaAbIgnklOP0i5lRE2IqlnH/VFFZKaAhS6qyZPCLW3 ynI/2Tlo4I1ZfIcYpMQh5eFSv8gsATwkh9DaPhnazCdTymlLbaMiuceZvfWHc3/L spI4HIciE1RbAjeiA1TMUIsL/wrtUXelAbG1wegVFPkFKr5wQifk3Bfb2ayoy5pA kckziemb89Rif8wnO1wuA8ZPb4nKdvbX1QfUXIp3KI8GrQ0pM3ixURDelqituPw8 t2Jk3RZ545vukJtOaOeyCtBUwA8Ej44SLz29/tPb5jvhyo9dxwts6HPg0UKqycfB LAd32e6UrO8won0EdPYjgLayvcpo7kNt+KcgaqccvN+LdX/6RkEoiTEQ75ilrxkP DR67odtPTEgKE9nD4EJm =AD/Q -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
