Re: Any successful SSL Implementation on Tomcat 9.0.69, Java 11, and Oracle ORDS 22.2?

Thu, 23 Feb 2023 00:21:25 -0800 

On 22/02/2023 19:59, James Boggs wrote:
Has anyone been able to complete a successful SSL Implementation on Tomcat 9.0.69, Java 11, and Oracle ORDS 22.2? 


We had SSL working with Tomcat 9.0.65, Java 8, and ORDS 21, on an Oracle 
19c database with Oracle APEX 21 (on Windows Server 2012).


Now ORDS requires Java 11 which does not have a JRE like Java 8 had.


After upgrading the software and installing Java 11, we used Java 11 to 
create a new Keystore which is type PKCS#12, then created a SSL 
certificate request file with type RSA, sent that off, and received back 
a download text file we saved as a “.cer” certificate file type, it 
contains a BEGIN and END with a single block of text in between.



Importing that into the keystore does not seem to work and it seems 
there is new syntax required for the Tomcat server.xml file.


Tomcat TLS configuration has not changed between 9.0.65 and 9.0.69.


The company also had a PKCS#7 (.p7b) file and a chain file that is a 
.p7c file type.


Research makes it seem like both Tomcat and ORDS require PKCS#12


I can't speak for ORDS but Tomcat has no such requirement.


but the 
company only provides me a PKCS7, and any attempts to convert it to 
PKCS#12 don’t work as a keyfile is not provided to us.



TLS configuration can be tricky. Everything has to be exactly right or 
it just doesn't work and the error messages are not always clear about 
what the problem is.



It sounds like this is a case of needing to ensure that the Tomcat TLS 
configuration matches the files you have. with that in mind:


What was the command you used to generate the new key?

What was the command you used to generate the certificate signing request?


What was the working Connector configuration you used for TLS in your 
previous, working configuration?



What is the Connector configuration you are using for TLS in your 
current configuration?



We should be able to get TLS working for Tomcat. For ORDS, you'll need 
to speak to Oracle support.


Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to