Re: Insert key-store implementation into Tomcat Connector

[Mark Boon]

Thank you for the information.

Mark Boon

On 5/2/18, 3:35 AM, "Mark Thomas"  wrote:

On 02/05/18 01:48, Mark Boon wrote:
> In the Tomcat TLS Connecter configuration, there’s the 
trustManagerClassName that can be set to a Java implementation of the 
X509TrustManager interface. There’s also a configuration called keystoreFile 
from which it will read the certificate-key pair to set up the SSL connection. 
I was wondering if there’s also a way to configure a class that will provide 
the SSL certificate? My company would like to plug in their own mechanism to 
store and retrieve certificates, rather than the Java Key Store.
> 
> I have seen references to a keystoreProvider, but I have been unable to 
find anything that provides an example how that is to be used, so I’m not sure 
that serves for what I’m looking for.
> 
> Any pointer to how that could be accomplished would be highly appreciated.

Writing a custom Keystore provider would be the most portable solution.


https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.oracle.com_javase_8_docs_technotes_guides_security_crypto_HowToImplAProvider.html=DwIDaQ=uilaK90D4TOVoH58JNXRgQ=_kwXikaSZUUarF811P_o9Q=8HmxxPHbEVv5mWXdTWFydzyBxICcZhOKruAGLF3F5xU=Y4hc81hr--crgkyPquO5rADDFJ-2uJTEv3oC6WtbCKU=

has some pointers.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Insert key-store implementation into Tomcat Connector

[Mark Thomas]

On 02/05/18 01:48, Mark Boon wrote:
> In the Tomcat TLS Connecter configuration, there’s the trustManagerClassName 
> that can be set to a Java implementation of the X509TrustManager interface. 
> There’s also a configuration called keystoreFile from which it will read the 
> certificate-key pair to set up the SSL connection. I was wondering if there’s 
> also a way to configure a class that will provide the SSL certificate? My 
> company would like to plug in their own mechanism to store and retrieve 
> certificates, rather than the Java Key Store.
> 
> I have seen references to a keystoreProvider, but I have been unable to find 
> anything that provides an example how that is to be used, so I’m not sure 
> that serves for what I’m looking for.
> 
> Any pointer to how that could be accomplished would be highly appreciated.

Writing a custom Keystore provider would be the most portable solution.

https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html

has some pointers.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Insert key-store implementation into Tomcat Connector

[Mark Boon]

In the Tomcat TLS Connecter configuration, there’s the trustManagerClassName 
that can be set to a Java implementation of the X509TrustManager interface. 
There’s also a configuration called keystoreFile from which it will read the 
certificate-key pair to set up the SSL connection. I was wondering if there’s 
also a way to configure a class that will provide the SSL certificate? My 
company would like to plug in their own mechanism to store and retrieve 
certificates, rather than the Java Key Store.

I have seen references to a keystoreProvider, but I have been unable to find 
anything that provides an example how that is to be used, so I’m not sure that 
serves for what I’m looking for.

Any pointer to how that could be accomplished would be highly appreciated.

Mark Boon