-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To whom it may concern,
On 4/17/19 09:44, TurboChargedDad . wrote: > We terminated SSL above the tomcat layer using NGINX or Apache to > avoid the complexities that come with managing a JKS. I want to > hear all I can on this subject. It's not necessary to handle JKS files to use Tomcat for TLS termination . You can use PEM-encoded DER files (same as httpd, nginx, etc.) if you use any connector along with the OpenSSL engine. You can also use PKCS12 files (similar to JKS files, but much more standard) which openssl knows how to manipulate (as does Java's "keytool") with any JSSE-based crypto engine. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3VzcACgkQHPApP6U8 pFhOwxAAtd5d0UDSp1SEjZWKu+AX970vUTZIc+UxeWAWcwG20MjBeHa4PBzrJFIK QVduzNGBJvi2oez9QV3LCnLo2jkIgpZG6EC/+TBQSSfAn8iGrL7lc59vWXg551PC 8+llFd9q3M13dqyx824YijMPptwFxH36z0K2pr34ytZOP1g/QDUA07dW5rW2rJKF tdOkHIE/QvEE+iSQnrYQbNNknBk/grzbxDwg7lZupSi1UBY080Hc8aPzWknBADKh zPKt6942WMvrIDmK8yCQSgkqjG8QWrZfR5QNkvnkRN4rridK4TevYm6Da/QI46w3 NPSozJeNKGeaUylabH4jTcVBE3eynOcP0oyBJ7/MmMzu1a9jU9ar7mZmTlZEPaEV f3jxmfQ5m4AmbypNfwLzudo0ekVQceD33Ba04/VO9wGESMNSQTF6XIz69BSHvj1s KsIIFcgdWuVH5ae5UxgirWghecz2xZAu7BHXYtkPdLcmF/RgTR1lQQ34JDlB9VPM NdtZuVUWasnlWVGF4YDV6RzQwdhzGk4FUd38ULRzsc+ycyA0LtbdQfyear/N/dxl c4s+nPiub1lnggMbd990uPMhoy8AaEGq4GG6NyKXvBz1sUw72n27QO6tCEIinQSe E8OOofUgHAcLwuEQxLO/bvVnD77Vx95lxnIoludx51BvEM1ZbbU= =M18j -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
