-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Don,
On 11/28/17 4:55 PM, Don Flinn wrote: >>> In fact, I think you are using PEM-encoded DER files and not a >>> packaged keystore, even though your SSLHostConfig's >>> keystoreType is set to "PKCS12". > > Yes, I am using PEM files. Got to read more on DER files. PEM is an encoding, while DER is really the file format. It's like saying "is this file text/plain or UTF-8?" This is a great read for almost anyone who cares about x509 certificates : https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-ce r-vs-pem-certificates-and-how-to-convert-them > So do I just drop the keystoreType="PKCS12" from the connector? Theoretically, yes. The keystoreType is only used when there is a keystore and not "certificate files", etc. >> If there's anything inaccurate on the Tomcat site > > No, I was talking about other sites, not the Tomcat site. I've > been reading all over the internet for that which seems related. > My statement was a caution to not believe everything you read. > 'Trust but verify' Mark has given a number of presentations on TLS and they are very accessible. Have a look at the slides (and some audio/video) on the "presentations" page on the Tomcat site. Each of them has a varying level of "introductoryness", but I think the more recent ones like "Introduction to Tomcat and TLS" from TomcatCon in Miami are probably the best ones to see for beginners. > Your e-mail has been very helpful, not only to me, but I believe > to others. With respect to the Tomcat site, I think a lot of what > you wrote would be very helpful there. For example, the Tomcat > write up on SSL describes how to do self signed certificates and > fleetingly mentions that if you have a certificate from a CA that > you could use e.g. openssl and then refers the reader to their java > documentation and openssl documentation. Not too helpful to the > security/Tomcat novice. Agreed. Would you care to write some new documentation and/or prepare a patch for the site? IT's usually best when beginners write for their own audience. I, for example, understand it backwards and forwards so when I write I have a skewed perspective. Writing as a beginner can re-focus the narrative for a different audience. If you need any help grabbing the site from svn, etc. please just ask. > Thanks for your patience and help. You are more important than the software. No, really: https://blogs.apache.org/foundation/entry/asf_15_community_over_code - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloexiYdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiY1Q//SLRGAzEuc2QzyvK9 svCG+s0HKA1QY+ubtdmoy+czFtm1b857uQ6L0Zo8KCp+edzYvTyd7iupGjPngEqr 5B9qRV3bcu3jsvMUcXEFe779MjjKsSX+m0jF8/9A1RtOvtEqqemlC6Q5AVuSZZUf usSrTjXV2XyVlEtv0J5Rw+hMtLUpRwppg1LKAX5ZflHdhA1Zdq+TH6NSbLQlPr1z WRzpLuOfSpt6Cnx2Kfqcwgop0EqCyPFcIqC3o2V+ONDQh4Z7FOdUNn70O03ympDg fRMZbo8o0mX6RyjSk0nDFEfXLv2lafPoOrE5OUMvnuN4bZ472Jpq3nDtl0ZwYSIy IcjXnfw+NUNTcIkJVz0K009/K/U8U4O4NBm5IBW4uFa2yapx717pB8H/Fmr6LvEr FuIZG6wODc7YtN3kqbHR8J/3N1n3q6SM3CXyyjfazN0Kur0e4FOIE5WagzZTwQSm K7LJsuIu84sVEShPcTB2CvTsaawJQj7clCM+eZngejuvuxSiwiC0u0zWKfoPDD8Z bbXY69RJ0F1iKw7rgj+tr1KOxoNaDyHV8ys7CKinuG32hb37qzntygLrGZ0ZPOQZ pUTuSsm1Zn/Zd/3oLWIhXJ9UZA5OfwhYYt6YwaTo4JYLhB1IsiVl9qqdzo2CQLIY UHuG7kdiTBEig/ej+/RBOLZSI0k= =6iU6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
