Re: [OT] Install Comodo SSL in Tomcat

logo Wed, 29 Jan 2020 11:27:13 -0800

Chris,

> Am 29.01.2020 um 16:59 schrieb Christopher Schultz 
> <ch...@christopherschultz.net>:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Peter,
> 
> On 1/28/20 6:02 PM, logo wrote:
>>> <SSLHostConfig hostName=„tomcat.x.xxx" honorCipherOrder="true" 
>>> protocols="TLSv1.2+TLSv1.3" 
>>> ciphers="HIGH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY13
> 05:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA
> - -AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
> :DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SH
> A256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA
> :ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:D
> HE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AE
> S256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256
> :AES128-SHA:AES256-SHA:!DSS">
>>> 
>>> 
> <Certificate certificateKeystoreFile="${catalina.base}/conf/ssl/tomcat.p
> 12"
>>> certificateKeystorePassword="changeit" 
>>> certificateKeyAlias="tomcat" type="RSA" /> </SSLHostConfig>
>> 
>>> P12 is created with
>> 
>>> openssl pkcs12 -export -in tomcat.crt -inkey tomcat.key -certfile
>>> chain.pem -out tomcat.p12 -name tomcat -CAfile ca.crt -caname
>>> root -passout pass:changeit
>> 
>> 
>>> Seems to be valid and working ;-) .
> 
> Hmm. What version of Java? Perhaps Java has gotten better about
> detecting the type of keystore? Also, Tomcat respects the value of
> - -Djavax.net.ssl.keyStoreType so if (a) you are explicitly setting it
> to PKCS12 or (b) your Java version is doing that, then you don't need
> to specify it, as it's the default.


openjdk 11.0.6+10-post-Debian-1 and no JAVA_OPTS for certs…

> 
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> 
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4xq8sACgkQHPApP6U8
> pFiQoBAAh85sDX5Q0aSMLyU5wQCsP2CPrA0iiaLwiU/rZ4Xr38mn8xW1lKAodjX8
> enLvHnRsfvQk+spXtNCsN4W0lh1ZCt2Y9bkO44AtlsCMHTaCgx3XgzuXUSxmkg1+
> ZsNv0jEWqslI0MwEZIzs8tlPbEg3EydjSF8kXf5fcygxA50FfR1o1ysY0cJNO2Z2
> 1pJDdueZPy0TzBquVAX9b+d9ElZk8QeavSJ4H8lFkj9Mjdj4XeqevuT/VayJKe34
> hBrdCJfXgLh+xq251eMxjSSIxXC5B3tK0SE5IeyZyBxd5KBq4HmN8q/rJcWmvfMd
> U+HUlvG0GugoodPnz2XklbJlW1J78uuhT81/sWp2PIiig7So/QSOJgpCuInJAdoh
> wCaO1aZfYABxJSCbbZGEtT22ybilgA9rnocsuGjI5Wrxo3dBxzMQ9Y0QB56/bkEN
> ZT2NnynXfEwVMlXqgnSqxga1hCW82wCfw8meZtye5Pc7QyvJDoEUqveakvNvjEIy
> 3OminOdu6KuIEjcLy2OJLs2voBqDuZToOwg3xSYEq07pPapd9xqnKcRGihv4j6aQ
> y5JZq+4oc0i4e286KB1OhDGposRcfWJfFWNSwk7ijKVlA6aAF/OfM9EAAlm3fWU7
> AkkpJslBQrxghCUhhPSrdUfNOCEQpHzOaCEUlyLRk1pY/52FGwQ=
> =ANtK
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Install Comodo SSL in Tomcat

Reply via email to