Hello Ognjen
the intermediate cert in the one named chain right ?
*Frank BONNET*
Systemes UNIX et Reseaux
ESIEE PARIS
01.45.92.66.17 - 06.70.37.37.69
2014-02-14 14:57 GMT+01:00 Ognjen Blagojevic ognjen.d.blagoje...@gmail.com
:
Frank,
On 14.2.2014 14:10, BONNET, Frank wrote:
I have officials certificates for apache2 from COMODO that I would like to
import into tomcat ( pkcs12 ) if someone has links / infos to do this
task
it would be a great help ( google doesn't help much )
You didn't mention if you have any preference whether you want to use:
i. BIO or NIO HTTPS connectors (based on JSSE), or
ii. APR HTTPS connector (based on OpenSSL).
Since you mentioned that you want to use PKCS#12 format, I guess you are
interested in JSSE connectors. If you want to use APR, then the procedure
is different then the one described here.
Let's say that you have
1. Server key in file server.key
2. Server certificate in file server.pem
3. Intermediate certificates in file intermediates.pem
Then, all you need to do is:
openssl pkcs12 -export -out keystore.p12 -name myserver -in server.pem
-inkey server.key -certfile intermediates.pem
Note that it is not necessary that intermediates.pem contains root
certificate.
Then, configure HTTPS connector in conf/server.xml as
Connector port=443
protocol=org.apache.coyote.http11.Http11Protocol
SSLEnabled=true maxThreads=150 scheme=https
secure=true clientAuth=false sslProtocol=TLS
keystoreFile=keystore.p12 keyAlias=myserver
keystoreType=pkcs12 /
I also recommend that if you check your ciphers strenth, and restrict them
accordingly.
-Ognjen
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
