Geet,
Bottom-posting style is standard on this list
(http://en.wikipedia.org/wiki/Posting_style#Bottom-posting).
On 30.1.2012 5:42, Geet Chandra wrote:
- The customer has got very secure environment...they don't want to use the
*.keystore being shipped
with particular product.
Uhm... lots of questions here:
1. By "*.keystore", do you mean keystore or truststore? Do you
understand the difference between them?
2. Is your customer aware that there is no essential difference in term
of security between JSSE and OpenSSL security implementations?
3. Do you plan to use client authentication via HTTPS or not? You are
mentioning truststoreFile later.
4. Is your server certificate self signed or signed by trusted CA? If
you don't use client authentication using HTTPS, and your server is
signed by trusted CA, perhaps there is no need to ship certificate with
your application.
Is it possible to configure like this
<Connector port="8446" maxHttpHeaderSize="8192"
protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="want" sslProtocol="TLS"
keystoreFile="c:/tomcat.keystore"
truststoreFile ="C:/user.cer"
/>
@END_ENABLESTANDALONEHTTPS@-->
No.
Parameters keystoreFile and truststoreFile are to be used with Java
keystores. For .cer files (OpenSSL) you must use APR connector and SSL*
attributes. See:
http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
