-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Liav,
On 11/13/2009 10:48 AM, Liav Ezer wrote: > I need help configuring my http connector to be a secure one via SSL. Are you expecting to use tcnative in order to use an "APR" connector, or do you want to use the plain-old Java HTTP connector? If you don't know what I'm talking about, you want the Java one. It's important to differentiate because the configurations are done differently. > I have the purchased certificate's (from a CA which i don't know who is) > products in 4 different files: > > xxx.domainname.com.cer -> I don't know what is this file.. Neither do I. Look at the date stamps to see if it's relevant. > xxx.domainname.com.key -> I believe this is the encrypted key for the > certificate Hopefully, you created this file yourself and haven't given it to anyone. It should be a /private/ RSA key. > xxx.domainname.com.csr -> I believe this is the request .csr files are typically "certificate request" files, so yet, that seems reasonable. > xxx.domainname.com.crt -> I believe this is the actual certificate issed > by the CA Generally, .crt files are the actual certificates. They are usually encrypted with a passphrase and can be unlocked using the .key file above. > 1. What should i write at the keystoreFile? - Which of the 4 files i have do > i need to point to? > 2. What do i write in the keystorePass attribute? That depends on whether you are using APR or not. See above. > 3. What should i do with the rest of those 4 files? xxx.domainname.com.key - keep this in a safe place, preferably /not/ on your production server. xxx.domainname.com.csr - You can probably discard this file, but it might be worth keeping around alongside your .key file. xxx.domainname.com.cer - It depends on what this file is. It might even be a certificate file that has no password (which would be useful if you were using Apache httpd, but you didn't mention that so I suspect it's not useful to have such a certificate laying around). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr9tQwACgkQ9CaO5/Lv0PBsYwCguvk35Bo0kLXB1UYrYr2iIAX7 JKYAnjViDJDfcUrz4BeYnr351+v4i8us =BPyj -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
