Thank you Chris! Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His
Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -----Original Message----- > From: Christopher Schultz <ch...@christopherschultz.net> > Sent: Tuesday, September 26, 2023 5:49 PM > To: users@tomcat.apache.org > Subject: Re: SSLHostConfig question > > Jonm > > On 9/26/23 15:07, Mcalexander, Jon J. wrote: > > Thank you, but which format of the line is correct? > > > > certificateKeystoreType="pkcs12" > > > > or > > > > certificateKeystore="path to pfx file" type="pkcs12" > > https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-9.0- > doc/config/http.html*SSL_Support_- > _Certificate__;Iw!!F9svGWnIaVPGSwU!qCp4SoLLBDygK5Nnm9Rt0079tFHSD > 5l0E1FK_qlMaNuRe1gzbj65XM4I-eFo2lfYoP_1XSx20Ph_opEI- > ChtAbTAYVqev6Nm$ > > Here are the relevant attributes: > > certificateKeystoreFile : path to your file certificateKeystoreType : type of > keystore file type : type of /key/ (choose RSA, EC, or DSA - but don't choose > DSA) > > -chris > > >> -----Original Message----- > >> From: Mark Thomas <ma...@apache.org> > >> Sent: Tuesday, September 26, 2023 11:54 AM > >> To: users@tomcat.apache.org > >> Subject: Re: SSLHostConfig question > >> > >> On 26/09/2023 16:50, Christopher Schultz wrote: > >>> Jon, > >>> > >>> On 9/26/23 11:32, Mcalexander, Jon J. wrote: > >>>> I have a question around the SSLHostConfig SSL Connector in Tomcat. > >>>> In the <certificate ... /> section, if the SSL Certificate is in a > >>>> Windows PFS Keystore, is it appropriate to add > >>>> > >>>> certificateKeystoreType="PFX" > >>>> > >>>> or > >>>> > >>>> certificateKeystore="path to pfx file" type="PFX" > >>>> > >>>> I'm finding reference to certificateKeystoreType, but not in > >>>> regards to PKCS12/PFX types. > >>> > >>> I don't think Tomcat supports "PFX" files per-se, but the intertubes > >>> say that PFX is PKCS12, which IS supported. So try using "PKCS12" > >>> which I think is the default. > >> > >> Default for all keystore types is JKS. > >> > >> As Chris says, "pkcs12" should work. > >> > >> Mark > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
