[image: Inline image 1]
Got this mail! , Does it means can we use keystore for APR protocol using this new TC-native ?? Thanks, Nithesh > > On Wed, Dec 16, 2015 at 1:09 PM, Garcia Aparici, Carlos <cgapar...@indra.es> wrote: > In many of our tomcats we use the pfx directly on the conector. Its > similar to a keystore > > > Enviado de Samsung Mobile > > > > -------- Mensaje original -------- > De: Nithesh Kb <nitheshk...@gmail.com> > Fecha: 15/12/2015 16:21 (GMT+01:00) > Para: Tomcat Users List <users@tomcat.apache.org> > Asunto: Re: Tomcat APR protocol SSL certificate information. > > > *Thanks David,Thomas.* > If my understanding is not wrong. > Till tomcat version 8, we need to provide cert and key separately for > openssl ssl APR, like > > *(SSLCertificateFile="/aa/server.crt"SSLCertificateKeyFile="/aa/server.key")* > But tomcat 9 we can use keystore to store cert and key and configure it to > connector like *keystoreFile="/aa/tomcat.**keystore"* > > *Thanks,* > *Nithesh* > > On Tue, Dec 15, 2015 at 8:40 PM, Mark Thomas <ma...@apache.org> wrote: > > > On 15/12/2015 15:07, David Newman wrote: > > > When you use APR the SSL implementation is coming from openssl instead > of > > > java. openssl has no use for java keystore files. So it becomes more > > like > > > an apache httpd config with separate files for keys and certificates. > > > > True, but as of Tomcat 9 (and will hopefully be back-ported to an 8.1.x > > at some point) you can use Java keystores with OpenSSL. > > > > Mark > > > > > > > > On Tue, Dec 15, 2015 at 5:12 AM, Nithesh Kb <nitheshk...@gmail.com> > > wrote: > > > > > >> HI, > > >> I have build APR libraries Openssl and tc-native also i have created > > >> openssl libraries. both HTTP and HTTPS is working fine. > > >> > > >> *openssl genrsa -des3 -out server.key 2048 * > > >> *openssl req -new -key server.key -out server.csr* > > >> *cp server.key server.key.org <http://server.key.org>* > > >> *openssl rsa -in server.key.org <http://server.key.org> -out > > server.key* > > >> *openssl x509 -req -days 365 -in server.csr -signkey server.key -out > > >> server.crt* > > >> > > >> i get server.crt and server.key. > > >> > > >> I added this entry,in connector > > >> > > >> > > >> *protocol="org.apache.coyote.http11.Http11AprProtocol"* > > >> *SSLCertificateFile="/aa/server.crt"* > > >> *SSLCertificateKeyFile="/aa/server.key"* > > >> > > >> *If i do this much, it will work!!* > > >> > > >> *But the question is, is it possible to put these two certificate in > > >> keystore and can we add only that keystore in our connector ?* > > >> *something like, keystoreFile="/aa/tomcat.keystore"* > > >> > > >> *i tried this but didn't worked,* > > >> > > >> * > > >> > > > http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore > > >> < > > >> > > > http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore > > >>> * > > >> > > >> *please help me to understand these certificate stuffs. * > > >> > > >> > > >> > > >> *Thanks,* > > >> *Nithesh* > > >> > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > ________________________________ > Este correo electrónico y, en su caso, cualquier fichero anexo al mismo, > contiene información de carácter confidencial exclusivamente dirigida a su > destinatario o destinatarios. Si no es vd. el destinatario indicado, queda > notificado que la lectura, utilización, divulgación y/o copia sin > autorización está prohibida en virtud de la legislación vigente. En el caso > de haber recibido este correo electrónico por error, se ruega notificar > inmediatamente esta circunstancia mediante reenvío a la dirección > electrónica del remitente. > Evite imprimir este mensaje si no es estrictamente necesario. > > This email and any file attached to it (when applicable) contain(s) > confidential information that is exclusively addressed to its recipient(s). > If you are not the indicated recipient, you are informed that reading, > using, disseminating and/or copying it without authorisation is forbidden > in accordance with the legislation in effect. If you have received this > email by mistake, please immediately notify the sender of the situation by > resending it to their email address. > Avoid printing this message if it is not absolutely necessary. >
