Hi Christopher, Thanks for your elaborated reply.
Regarding your first question: No, i don't use the APR connector (port #443 i assume) & the tomcat-native jar. I do use the plain old HTTP connector in server.xml. So my only wish is to know what to write in those two attributes: keystoreFile - Which of the 4 files i have do i need to point to (my guess is the xxx.domainname.com.key )? keystorePass - What do i write in this attribute? When i issue my own certificate (using keytool) it was the password i used creating the certificate itself. I googled this & came across many sites. All explained the steps to initiate a request & import the certificate, BUT i think that i'm over those steps due to the fact that i have the .cer file at hand & all that is rest to do is to configure the connector. Thanks. Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Liav, > > On 11/13/2009 10:48 AM, Liav Ezer wrote: >> I need help configuring my http connector to be a secure one via SSL. > > Are you expecting to use tcnative in order to use an "APR" connector, or > do you want to use the plain-old Java HTTP connector? If you don't know > what I'm talking about, you want the Java one. It's important to > differentiate because the configurations are done differently. > >> I have the purchased certificate's (from a CA which i don't know who is) >> products in 4 different files: >> >> xxx.domainname.com.cer -> I don't know what is this file.. > > Neither do I. Look at the date stamps to see if it's relevant. > >> xxx.domainname.com.key -> I believe this is the encrypted key for the >> certificate > > Hopefully, you created this file yourself and haven't given it to > anyone. It should be a /private/ RSA key. > >> xxx.domainname.com.csr -> I believe this is the request > > .csr files are typically "certificate request" files, so yet, that seems > reasonable. > >> xxx.domainname.com.crt -> I believe this is the actual certificate >> issed >> by the CA > > Generally, .crt files are the actual certificates. They are usually > encrypted with a passphrase and can be unlocked using the .key file above. > >> 1. What should i write at the keystoreFile? - Which of the 4 files i have >> do >> i need to point to? >> 2. What do i write in the keystorePass attribute? > > That depends on whether you are using APR or not. See above. > >> 3. What should i do with the rest of those 4 files? > > xxx.domainname.com.key - keep this in a safe place, preferably /not/ on > your production server. > > xxx.domainname.com.csr - You can probably discard this file, but it > might be worth keeping around alongside your .key file. > > xxx.domainname.com.cer - It depends on what this file is. It might even > be a certificate file that has no password (which would be useful if you > were using Apache httpd, but you didn't mention that so I suspect it's > not useful to have such a certificate laying around). > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkr9tQwACgkQ9CaO5/Lv0PBsYwCguvk35Bo0kLXB1UYrYr2iIAX7 > JKYAnjViDJDfcUrz4BeYnr351+v4i8us > =BPyj > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/SSL-Configuration-Question-tp26338693p26343682.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
