Re: how to reload SSL certificates without restarting Tomcat

Jerry, On 3/11/24 14:51, Jerry Lin wrote: Hi Chris, There is also this: https://tomcat.apache.org/presentations.html#latest-lets-encrypt It's very LE-focused, but it shows you how to programmatically trigger a reload. Thanks for your presentation and script. We are using Let's Encrypt, so

Re: how to reload SSL certificates without restarting Tomcat

Hi Chris, There is also this: > https://tomcat.apache.org/presentations.html#latest-lets-encrypt > > It's very LE-focused, but it shows you how to programmatically trigger a > reload. > Thanks for your presentation and script. We are using Let's Encrypt, so your material is quite relevant.

Re: how to reload SSL certificates without restarting Tomcat

Jerry, On 3/10/24 16:00, Jerry Lin wrote: Hi Chuck, Presumably, you mean “not behind https", since “Apache” refers to the organization that develops and maintains a plethora of software products. Yes, “not behind https" (I meant not behind an Apache HTTP server) you can configure the

Re: how to reload SSL certificates without restarting Tomcat

> On Mar 10, 2024, at 15:00, Jerry Lin wrote: > > Hi Chuck, > > Presumably, you mean “not behind https", since “Apache” refers to the >> organization that develops and maintains a plethora of software products. >> > Spell checker got me - I meant “httpd”, not “https”. - Chuck

Re: how to reload SSL certificates without restarting Tomcat

Hi Chuck, Presumably, you mean “not behind https", since “Apache” refers to the > organization that develops and maintains a plethora of software products. > Yes, “not behind https" (I meant not behind an Apache HTTP server) > you can configure the TLS config listener: > > >

Re: how to reload SSL certificates without restarting Tomcat

> On Mar 10, 2024, at 12:39, Jerry Lin wrote: > > For those of us with a publicly accessible instance of Tomcat (e.g. not > behind Apache), is there a good way of having a renewed SSL/HTTPS > certificate take effect without restarting Tomcat? Presumably, you mean “not behind https", since

AW: how to reload SSL certificates without restarting Tomcat

how to reload SSL certificates without restarting Tomcat Hello, For those of us with a publicly accessible instance of Tomcat (e.g. not behind Apache), is there a good way of having a renewed SSL/HTTPS certificate take effect without restarting Tomcat? Thank you, Je

how to reload SSL certificates without restarting Tomcat

Hello, For those of us with a publicly accessible instance of Tomcat (e.g. not behind Apache), is there a good way of having a renewed SSL/HTTPS certificate take effect without restarting Tomcat? Thank you, Jerry

Re: SSL Certificates and Tomcat 8.5.11

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Laurie, On 5/17/18 11:33 AM, Laurie Miller-Cook wrote: > I am very new to Tomcat so please bear with me. Welcome. > I currently have a Thawte certificate that is installed within IIS > for our domain that is all managed by Rackspace. > > I now

Re: SSL Certificates and Tomcat 8.5.11

Hi Laurie, This is what I do. I don't use keystore. I use this within SSLHostConfig section. > On May 17, 2018, at 11:33 AM, Laurie Miller-Cook > wrote: > > Hi there, > > I am very new to Tomcat so please bear with me. > > I currently have a Thawte

SSL Certificates and Tomcat 8.5.11

Hi there, I am very new to Tomcat so please bear with me. I currently have a Thawte certificate that is installed within IIS for our domain that is all managed by Rackspace. I now have a new server set-up with Tomcat 8.5.11 installed and have created a keystore. I have been supplied by

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

he settings in setenv and check port 433 still works. Mark > > Senthil > > On Wed, Aug 9, 2017 at 1:39 AM, Mark Thomas <ma...@apache.org> wrote: > >> On 08/08/17 21:03, dsenthil...@gmail.com wrote: >>> >>>> Hello, >>>> >>&

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

;ma...@apache.org> wrote: > On 08/08/17 21:03, dsenthil...@gmail.com wrote: > > > >> Hello, > >> > >> I have configured ssl certificates for below requirements: > >> > >> 1. Tomcat server certificate configuration in 's

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Senthil, On 8/8/17 4:03 PM, dsenthil...@gmail.com wrote: > >> Hello, >> >> I have configured ssl certificates for below requirements: >> >> 1. Tomcat server certificate configuration in 'server.xml' file &g

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

On 08/08/17 21:03, dsenthil...@gmail.com wrote: > >> Hello, >> >> I have configured ssl certificates for below requirements: >> >> 1. Tomcat server certificate configuration in 'server.xml' file to run >> tomcat server on port 443

Tomcat8 - How to configure ssl certificates for both https and two-way authentication

> Hello, > > I have configured ssl certificates for below requirements: > > 1. Tomcat server certificate configuration in 'server.xml' file to run tomcat > server on port 443 and https > > minSpareThreads="25" >maxS

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

there's the tuto : https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 use sha2 root and intermediate and for the last use my_certificate here's the repo : https://certs.godaddy.com/repository/ Le 04/06/2016 00:18, Hardibo Pierre-Jean a écrit : gdig2.crt is

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

gdig2.crt is intermediate my_certificate must be the last to configure so i think bundle may be the root. Le 04/06/2016 00:13, Conor Skyler a écrit : Hello Pierre, Yes, I contacted the technical support at GoDaddy and then basically told me that I'm on my own and that I should find someone

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

Hello Pierre, Yes, I contacted the technical support at GoDaddy and then basically told me that I'm on my own and that I should find someone that knows how to handle the configuration -- that's all the aid they gave me. I think that there two separate problems here. First one, the mismatch

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

there's all here no ? https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 Le 03/06/2016 22:37, Conor Skyler a écrit : Hi again, At this point I don't know what else to try: I carefully gone through the process stated at GoDaddy's website once again trying different

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

godaddy didn't give you instructions ? Le 03/06/2016 22:37, Conor Skyler a écrit : Hi again, At this point I don't know what else to try: I carefully gone through the process stated at GoDaddy's website once again trying different combinations with the certificates (as the instructions

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

Hi again, At this point I don't know what else to try: I carefully gone through the process stated at GoDaddy's website once again trying different combinations with the certificates (as the instructions provided by GoDaddy doesn't match the certificates you download) but the result was the same

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

Hi Daniel, Thank you very much for stepping in, I’m processing a new set of certificates that I hope to try tomorrow. Warm regards, -Conor On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa wrote: > On Mon, May 30, 2016 at 11:26 PM, Conor Skyler >

Re: using SSLHostConfig on tomcat 9 in order to get 2 SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hardibo, On 6/1/16 9:48 AM, Hardibo Pierre-Jean wrote: > Hello, when i add the second, or i put only the second (tomcat2) > browser doesn't reach the website but doesnt stop with error > message. If you connect with openssl s_client, can you see

Re: using SSLHostConfig on tomcat 9 in order to get 2 SSL certificates

Hello, when i add the second, or i put only the second (tomcat2) browser doesn't reach the website but doesnt stop with error message. Le 31/05/2016 18:52, Christopher Schultz a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardibo, On 5/31/16 10:33 AM, Hardibo Pierre-Jean wrote:

Re: using SSLHostConfig on tomcat 9 in order to get 2 SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardibo, On 5/31/16 10:33 AM, Hardibo Pierre-Jean wrote: > Hello, i made two startSSL's certificates because i could only add > 5 domains once. ??! > When i use SSLHostConfig for the domains of the first certificate > all is working, but when i

using SSLHostConfig on tomcat 9 in order to get 2 SSL certificates

Hello, i made two startSSL's certificates because i could only add 5 domains once. When i use SSLHostConfig for the domains of the first certificate all is working, but when i try to add other domains (2° certificate) websites are no more accessible, there's few documentation about that and no

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

On Mon, May 30, 2016 at 11:26 PM, Conor Skyler wrote: > Hello list, > > I'm trying to install the certificates I bought from GoDaddy into my Tomcat > server, however so far I've been unsuccessful to achieve this. > > My system specs are: > OS: Amazon Linux (fully updated)

Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

Hello list, I'm trying to install the certificates I bought from GoDaddy into my Tomcat server, however so far I've been unsuccessful to achieve this. My system specs are: OS: Amazon Linux (fully updated) Tomcat version: 8.0.32, installed from the repos Java version: $ java -version openjdk

TC9: Configuring ProtocolHandler SSL certificates (SSLHostConfig) via JMX

Hi, I am very new to JMX so maybe I miss an important piece that prevents me from configuring SSL certificates in ProtocolHandler via JMX. I just implemented modification of aliases property on Host via JMX which seems to work fine. I would like to set for some of those aliases SSL certificates

Re: Updating SSL certificates

On 19/02/2016 15:23, Christopher Schultz wrote: > Mark, > > On 2/18/16 5:15 PM, Mark Thomas wrote: >> On 18/02/2016 22:03, James H. H. Lampert wrote: >>> Out of morbid curiosity, is there a way to make a certificate >>> update take effect without restarting Tomcat? > >> Sort of. > >> Set

Re: Updating SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 2/18/16 5:15 PM, Mark Thomas wrote: > On 18/02/2016 22:03, James H. H. Lampert wrote: >> Out of morbid curiosity, is there a way to make a certificate >> update take effect without restarting Tomcat? > > Sort of. > > Set bindOnInit on the

Re: Updating SSL certificates

On 18/02/2016 22:03, James H. H. Lampert wrote: > Out of morbid curiosity, is there a way to make a certificate update > take effect without restarting Tomcat? Sort of. Set bindOnInit on the connector to false. Modify the config via JMX. Then you should be able to use JMX to call stop()

Updating SSL certificates

Out of morbid curiosity, is there a way to make a certificate update take effect without restarting Tomcat? -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail:

RE: Multiple SSL certificates on one Instance

-Original Message- From: Rory Kelly [mailto:rory.ke...@fernsoftware.com] Sent: Monday, March 16, 2015 7:53 AM To: Tomcat Users List Subject: Multiple SSL certificates on one Instance Hey guys, I’ve a bad feeling what I’m trying to do is impossible, and I’m going to have

Re: Multiple SSL certificates on one Instance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Stefan, On 3/16/15 5:03 PM, Stefan Frei wrote: 2 points: configure the reverse proxy is simpler. s/simpler/possible/ tomcat may be harder to troubleshoot issues. Tomcat can't even do SNI at this point. i would take the prxy to do that, in

Re: Multiple SSL certificates on one Instance

On 16/03/2015 12:53, Rory Kelly wrote: Hey guys, I’ve a bad feeling what I’m trying to do is impossible, and I’m going to have to implement a different solution. Been hunting for an answer, but couldn’t find anything definite. I’m running Tomcat 8.0.18, Java 1.7.0_75-b13, Ubuntu

Multiple SSL certificates on one Instance

Hey guys, I’ve a bad feeling what I’m trying to do is impossible, and I’m going to have to implement a different solution. Been hunting for an answer, but couldn’t find anything definite. I’m running Tomcat 8.0.18, Java 1.7.0_75-b13, Ubuntu 14.04. I have multiple sites running on Virtual

Re: Multiple SSL certificates on one Instance

hi 2 points: configure the reverse proxy is simpler. tomcat may be harder to troubleshoot issues. i would take the prxy to do that, in fact we use squid rev-proxy to solve exact the same problem. Regards Stefan 2015-03-16 14:16 GMT+01:00 Mark Thomas ma...@apache.org: On 16/03/2015 12:53,

Re: Deploying .ca-bundle file .crt file as SSL certificates

On Wed, Nov 26, 2014 at 7:21 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 11/26/14 12:00 PM, Kernel freak wrote: On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz ch...@christopherschultz.net

Re: Deploying .ca-bundle file .crt file as SSL certificates

Hello, After arguing with the admins for all this time, I finally have the few files ready. I have the following files : keystore.p12, server.crt, ssl-cert-snakeoil.key, domainname.com.ca-bundle, domainname.com.crt domainname.com.csr domainname.com.key, vsftpd.pem. I did the following as

Re: Deploying .ca-bundle file .crt file as SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 11/26/14 9:03 AM, Kernel freak wrote: After arguing with the admins for all this time, I finally have the few files ready. I have the following files : keystore.p12 That should contain your key. Can you confirm that

Re: Deploying .ca-bundle file .crt file as SSL certificates

On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 11/26/14 9:03 AM, Kernel freak wrote: After arguing with the admins for all this time, I finally have the few files ready.

Re: Deploying .ca-bundle file .crt file as SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 11/26/14 12:00 PM, Kernel freak wrote: On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz ch...@christopherschultz.net wrote: To whom it may concern, On 11/26/14 9:03 AM, Kernel freak wrote: After arguing

Re: Deploying .ca-bundle file .crt file as SSL certificates

Hello Christopher, I don't have the server.key and server.crt. I have root access to server, I can generate my own if necessary. I only have .crt and .ca-bundle file. Can you tell me what to do. Thank you very much for your help. On Mon, Nov 24, 2014 at 7:48 PM, Christopher Schultz

Re: Deploying .ca-bundle file .crt file as SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 11/25/14 3:32 AM, Kernel freak wrote: I don't have the server.key and server.crt. I have root access to server, I can generate my own if necessary. I only have .crt and .ca-bundle file. Can you tell me what to do.

Deploying .ca-bundle file .crt file as SSL certificates

Hello friends, I am using apache tomcat and I would like to deploy a Spring-MVC application which I am working on. In that, via Spring-Security I have specified to use https which requires to install the SSL certificate on the server. I am running a Debian Wheezy server, and I have certificate

Re: Deploying .ca-bundle file .crt file as SSL certificates

Hi Kernel, I think you have create a keystore from the cert, please follow these instruction and ket me know. Create store with temporary key inside: keytool -genkey -alias alias name -keystore yourkeystore.jks -storepass Hello1 Then delete existing entry: keytool -delete -alias temp -keystore

Re: Deploying .ca-bundle file .crt file as SSL certificates

Thank you, and what about the CA-Bundle file? Did you got a chance to look at the question I have posted on Stackoverflow mentioned in the original question? On Mon, Nov 24, 2014 at 4:51 PM, Niranjan Babu Bommu niranjan.bo...@gmail.com wrote: Hi Kernel, I think you have create a keystore

Re: Deploying .ca-bundle file .crt file as SSL certificates

Sorry, I did not notice that. - *Import a root or intermediate CA certificate to an existing Java keystore* keytool -import -trustcacerts -alias root -file *ca.crt* -keystore *yourkeystore.jks* On Mon, Nov 24, 2014 at 11:02 AM, Kernel freak kernelfr...@gmail.com wrote: Thank

Re: Deploying .ca-bundle file .crt file as SSL certificates

I have added the certificate. I modified the server.xml code to add the following lines : Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/root/.keystore keystorepass=password

Re: Deploying .ca-bundle file .crt file as SSL certificates

Are you able to see the 8443 port listening? nc -z ipaddress 8443 On Mon, Nov 24, 2014 at 11:25 AM, Kernel freak kernelfr...@gmail.com wrote: I have added the certificate. I modified the server.xml code to add the following lines : Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true

Re: Deploying .ca-bundle file .crt file as SSL certificates

it works for me with this conf. Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true address=IPADDRESS executor=THREADNAME scheme=https secure=true keystoreFile=PATH of keystore file keystorePass=PASSWRD

Re: Deploying .ca-bundle file .crt file as SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Niranjan, On 11/24/14 10:51 AM, Niranjan Babu Bommu wrote: I think you have create a keystore from the cert, please follow these instruction and ket me know. Create store with temporary key inside: keytool -genkey -alias alias name

RE: SSL Certificates

: Monday, March 31, 2014 2:58 PM To: Tomcat Users List Subject: Re: SSL Certificates -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ninthun, On 3/31/14, 10:19 AM, Bomma, Nithun wrote: Hello, We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and it uses Apache Tomcat (v7.0.37

Re: SSL Certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nithun, On 4/1/14, 4:02 PM, Bomma, Nithun wrote: I want to get public private keys from WebSphere and import into Tomcat. We have WebSphere certificates (Signed by Verisign) until 2015 and we want to use the same in tomcat. Where are the

SSL Certificates

Hello, We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and it uses Apache Tomcat (v7.0.37) We are trying to import the certificates (Verisign) including the chain certificates from WebSphere to Tomcat. Have any of you did this before? If yes, could you help us out? Thanks,

Re: SSL Certificates

On Mon, Mar 31, 2014 at 7:19 AM, Bomma, Nithun nithun.bo...@amtrak.comwrote: Hello, We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and it uses Apache Tomcat (v7.0.37) We are trying to import the certificates (Verisign) including the chain certificates from WebSphere to

RE: SSL Certificates

(Operations) AIM: nithunbomma EMAIL: nithun.bo...@amtrak.com Desk: 215-349-2065; ATS: 728-2065; Cell: 215-704-4981 -Original Message- From: Leo Donahue [mailto:donahu...@gmail.com] Sent: Monday, March 31, 2014 10:39 AM To: Tomcat Users List Subject: Re: SSL Certificates On Mon, Mar 31, 2014

Re: SSL Certificates

List Subject: Re: SSL Certificates On Mon, Mar 31, 2014 at 7:19 AM, Bomma, Nithun nithun.bo...@amtrak.com wrote: Hello, We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and it uses Apache Tomcat (v7.0.37) We are trying to import the certificates (Verisign) including

Re: SSL Certificates

On 3/31/14 10:32 AM, Blume Wolfgang wrote: Hi, If your certificate need not be changed, then you need not create a new Certificate Signing Request (CSR) to get a new certificate, but only do the Importing the Certificate part of the description: Import chain certificate, then your existing

Re: SSL Certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ninthun, On 3/31/14, 10:19 AM, Bomma, Nithun wrote: Hello, We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and it uses Apache Tomcat (v7.0.37) We are trying to import the certificates (Verisign) including the chain

Re: SSL certificates

Hi James, Thanks a lot. I followed your steps but seems I am getting different error as if the signed certificate is not dns based. The original self signed certificate was able to work fine in dns based format for keytool when I imported it into client keystore. below I created the self

Re: SSL certificates

Miten, On 17.1.2014 14:33, Miten Mehta wrote: The catalina.out complaines with SSL handshake stating No Name matching mhoodws.ril.local found. For security reasons, CA shouldn't sign any certificate containing internal server name (either as CN, or subjectAltName): As of July 1, 2012, all

Re: SSL certificates

What's the alternative to using subjectAltName? I thought it was flexible to make certificate portable across our development environments. Should I use IP (internal instead)? - Miten. On Jan 17, 2014 7:31 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Miten, On 17.1.2014 14:33,

Re: SSL certificates

If I remove internal /etc/hosts lookup entry should it resolve or you mean CA just dropped subjectAltName even though I included. - miten On Jan 17, 2014 7:31 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Miten, On 17.1.2014 14:33, Miten Mehta wrote: The catalina.out complaines

Re: SSL certificates

Hi Ognjen, Reading the pdf link you provided it seems that I should use ip based certificates and for each different ip which needs certificate I will have to request one. I should use -ext san=ip:$ip instead of -ext san=dns:$host. Then CA will not drop the details. Regards, Miten. On Fri,

Re: SSL certificates

At this point, if you haven't already done so, I would strongly suggest getting your CA's tech support in on this. Of course, your latest posts also beg the question of why you would be spending good money on a signed SSL certificate for an internal web site, or why you'd be using an internal

Re: SSL certificates

On 17.1.2014 19:14, James H. H. Lampert wrote: At this point, if you haven't already done so, I would strongly suggest getting your CA's tech support in on this. +1 Reserved IP addresses and internal server names are not unique on the Internet, so the certificates for them may be reused in

SSL certificates

Hi, I am understanding SSL for tomcat using http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html. 1)I create jks using self signed certificate using keytool. 2) I generate CSR from that keystore/certificate. 3) I get it signed by CA who gives me root certificate and signed certificate. 4) I

Re: SSL certificates

On 1/16/14 9:01 AM, Miten Mehta wrote: Hi, I am understanding SSL for tomcat using http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html. 1)I create jks using self signed certificate using keytool. 2) I generate CSR from that keystore/certificate. 3) I get it signed by CA who gives me root

Re: SSL certificates

Hi, Adding more clarification for ease below. 1) create keystore.jks with self signed cert (alias tomcat). 2) generate old.csr and send for signing to CA 3) get back new.cer (signed certificate) and root.cer (root certificate) 4) delete existing cert from keystore.jks (alias tomcat) 5) import

Re: SSL certificates

:Re: SSL certificates Hi, Adding more clarification for ease below. 1) create keystore.jks with self signed cert (alias tomcat). 2) generate old.csr and send for signing to CA 3) get back new.cer (signed certificate) and root.cer (root certificate) 4) delete existing cert from keystore.jks

Re: SSL certificates

? will existing become redundant ? NO, the SIGNED certificate will, at least in effect, be MERGED with the original certificate. Deleting the original certificate from the keystore before importing the signed one will render the signed certificate WORTHLESS. -- James H. H. Lampert

Re: SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Miten, On 1/16/14, 12:09 PM, Miten Mehta wrote: Hi, Adding more clarification for ease below. 1) create keystore.jks with self signed cert (alias tomcat). Why are you self-signing a certificate if you are going to get it signed by a CA?

Re: SSL certificates

On 1/16/14 1:49 PM, Christopher Schultz wrote: Why are you self-signing a certificate if you are going to get it signed by a CA? A newly-created keypair in a Java keystore is, by definition, a self-signed certificate. And you can't create a CSR without having a keypair from which to create

Re: SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 1/16/14, 5:04 PM, James H. H. Lampert wrote: On 1/16/14 1:49 PM, Christopher Schultz wrote: Why are you self-signing a certificate if you are going to get it signed by a CA? A newly-created keypair in a Java keystore is, by

Re: SSL certificates

Christopher Schultz wrote: That is always true. But you don't need a certificate to create a CSR. shrug If Keytool and the Java Keystore format even recognize any difference between the concepts of keypair and self-signed certificate, it would be news to me. shrug Speaking of one who

Re: SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 1/16/14, 6:18 PM, James H. H. Lampert wrote: Christopher Schultz wrote: That is always true. But you don't need a certificate to create a CSR. shrug If Keytool and the Java Keystore format even recognize any difference between the

Re: SSL certificates

Christopher Schultz wrote: :) Give me OpenSSL any day of the week. ;) Dunno. Can't recall ever having any experience with it at all. Just DCM (for securing IBM-proprietary servers, like their Secured Telnet [NOT ssh] server and their various proprietary web-serving products), and Keytool

RE: Error configuring tomcat with ssl certificates

06, 2013 12:25 PM To: Tomcat Users List Subject: RE: Error configuring tomcat with ssl certificates -Original Message- From: Siddhi Borkar [mailto:siddhi_bor...@persistent.co.in] Sent: 06 March 2013 12:15 To: users@tomcat.apache.org Subject: Error configuring tomcat with ssl certificates

Re: Error configuring tomcat with ssl certificates

Siddhi, On 6.3.2013 10:41, Siddhi Borkar wrote: The certificate that I am using is RSA based certificate, I tried listing the RSA based ciphers in the server the xml, however it still gave me the same error. Connector port=443 protocol=HTTP/1.1 SSLEnabled=true

RE: Error configuring tomcat with ssl certificates

-Original Message- From: Siddhi Borkar [mailto:siddhi_bor...@persistent.co.in] Sent: 06 March 2013 15:12 To: Tomcat Users List Subject: RE: Error configuring tomcat with ssl certificates Thanks Brijesh, The certificate that I am using is RSA based certificate, I tried listing the RSA

RE: Error configuring tomcat with ssl certificates

Thanks a lot Ognjen, The solution you provided worked very well. -Original Message- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Wednesday, March 06, 2013 3:31 PM To: Tomcat Users List Subject: Re: Error configuring tomcat with ssl certificates Siddhi

Error configuring tomcat with ssl certificates

Hi, I need help configuring tomcat 6 will ssl certificates. I have been provided with the following cacert.pem prvkey.key and sslcert.crt I tried the following steps: 1) Generated a keystore using java keytool and the certificate file using the following command. keytool -import

RE: Error configuring tomcat with ssl certificates

-Original Message- From: Siddhi Borkar [mailto:siddhi_bor...@persistent.co.in] Sent: 06 March 2013 12:15 To: users@tomcat.apache.org Subject: Error configuring tomcat with ssl certificates Hi, I need help configuring tomcat 6 will ssl certificates. I have been provided

Re: Web app calls JMS over SSL - certificates

I am using ActiveMQ and its activemq.xml file has a section where the keystore and truststore point to those files. So I assume that means that there is a way to set these at runtime. Still leaves me with the question of whether I can set these at runtime from my app on Tomcat. On Mon, Feb 6,

RE: Web app calls JMS over SSL - certificates

From: Peter Kleczka [mailto:pklec...@gmail.com] Subject: Re: Web app calls JMS over SSL - certificates I am using ActiveMQ and its activemq.xml file has a section where the keystore and truststore point to those files. So I assume that means that there is a way to set these at runtime

Re: Web app calls JMS over SSL - certificates

it on the Tomcat server other than setting the keystore properties in the JVM VM startup parameters. On Tue, Feb 7, 2012 at 9:10 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Peter Kleczka [mailto:pklec...@gmail.com] Subject: Re: Web app calls JMS over SSL - certificates I am

RE: Web app calls JMS over SSL - certificates

From: Peter Kleczka [mailto:pklec...@gmail.com] Subject: Re: Web app calls JMS over SSL - certificates What I would like to do is tell my application where my keystore files are located rather than load them through the JVM. So what stops you from doing that? There are numerous ways

Re: Web app calls JMS over SSL - certificates

On 6 Feb 2012, at 23:10, Peter Kleczka pklec...@gmail.com wrote: Hello I have a web app on Tomcat 6.0.24. The app needs to call a JMS app on another server over SSL. I installed the keystore/truststore files in $CatalinaHome/conf/certs and set VM arguments so that the JVM knows where to

Re: Generating SSL certificates

On 12/08/2011 02:26, Darryl Lewis wrote: Our certificates are about to expire and I need to generate new ones for tomcat. I'm using keytool, but getting a strange error. Please start an entirely new thread, rather than replying to an existing email just editing the subject body (which is

Generating SSL certificates

Our certificates are about to expire and I need to generate new ones for tomcat. I'm using keytool, but getting a strange error. [root]# keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore keystore Enter keystore password: keytool error: java.lang.Exception: Key pair not

AW: Multiple SSL certificates on same server

Hi I'm not using XP, but a Unix server OS, and my domains are radically different - so the wildcard cert won't work either. sigh This is not about the OS the tomcat is running on, but about the OS the client browser is using... There are certificates with multiple names (even radically

RE: Multiple SSL certificates on same server

Mar 2010 08:38:40 -0500 From: d...@cornell.edu To: users@tomcat.apache.org Subject: Re: Multiple SSL certificates on same server On 3/8/2010 6:46 PM, Richard Huntrods wrote: Does anyone know if it is possible, or has anyone done this: I have two applications running on a single server

Re: Multiple SSL certificates on same server

On 3/8/2010 6:46 PM, Richard Huntrods wrote: Does anyone know if it is possible, or has anyone done this: I have two applications running on a single server. The applications use different domains and URLs, so the single Tomcat instance can easily tell them apart. (Note: this part is

RE: Multiple SSL certificates on same server

On 03/08/2010 06:46 PM, Richard Huntrods wrote: Does anyone know if it is possible, or has anyone done this: I have two applications running on a single server. The applications use different domains and URLs, so the single Tomcat instance can easily tell them apart. (Note: this part is

Multiple SSL certificates on same server

Does anyone know if it is possible, or has anyone done this: I have two applications running on a single server. The applications use different domains and URLs, so the single Tomcat instance can easily tell them apart. (Note: this part is currently working just fine).

RE: Multiple SSL certificates on same server

-Original Message- From: Richard Huntrods [mailto:huntr...@nucleus.com] Sent: Monday, March 08, 2010 18:46 To: users@tomcat.apache.org Subject: Multiple SSL certificates on same server Does anyone know if it is possible, or has anyone done this: I have two applications

Re: Multiple SSL certificates on same server

On 03/08/2010 06:46 PM, Richard Huntrods wrote: Does anyone know if it is possible, or has anyone done this: I have two applications running on a single server. The applications use different domains and URLs, so the single Tomcat instance can easily tell them apart. (Note: this part is

  1   2   >