Frank,
On 14.2.2014 14:10, BONNET, Frank wrote:
I have officials certificates for apache2 from COMODO that I would like to
import into tomcat ( pkcs12 ) if someone has links / infos to do this task
it would be a great help ( google doesn't help much )
You didn't mention if you have any preference whether you want to use:
i. BIO or NIO HTTPS connectors (based on JSSE), or
ii. APR HTTPS connector (based on OpenSSL).
Since you mentioned that you want to use PKCS#12 format, I guess you are
interested in JSSE connectors. If you want to use APR, then the
procedure is different then the one described here.
Let's say that you have
1. Server key in file server.key
2. Server certificate in file server.pem
3. Intermediate certificates in file intermediates.pem
Then, all you need to do is:
openssl pkcs12 -export -out keystore.p12 -name myserver -in server.pem
-inkey server.key -certfile intermediates.pem
Note that it is not necessary that intermediates.pem contains root
certificate.
Then, configure HTTPS connector in conf/server.xml as
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
secure="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="keystore.p12" keyAlias="myserver"
keystoreType="pkcs12" />
I also recommend that if you check your ciphers strenth, and restrict
them accordingly.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
