I have an backend application that runs under Tomcat. It does not serve Web pages. It depends on various services that use SSL in one way or another:
1) It connects with a vendor's Web Service over https:, which depends on one of the certificates in the default cacerts file 2) It connects with another vendor's Web Service over https: but this one depends on a CA certificate issued by the vendor. 3) It makes SSL-encrypted connections to a MySQL database using a self-generated SSL certificate. I can get this to work by using keytool and importing the entire cacerts keystore, the self-generated CA cert for mysql, and the second vendor's ca cert into a single truststore, then Setting system properties to point at this at app startup. But this feels like a real hack. Is there a better way? I would like some way to configure Tomcat to form a truststore out of all three elements without physically merging different certificates into a truststore file. I am not sure whether Tomcat uses the various truststore configuration parameters for inbound and outbound SSL requests, or for inbound only. Is there a better way to make this work? Or if not, is it possible to use keytool to build a truststore that automatically "includes" whatever the default cacerts happens to be? Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
