Re: [OT] Install Comodo SSL in Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Peter,
On 1/29/20 2:26 PM, logo wrote:
> Chris,
>
>> Am 29.01.2020 um 16:59 schrieb Christopher Schultz
>> :
>>
> Peter,
>
> On 1/28/20 6:02 PM, logo wrote:
> honorCipherOrder="true" protocols="TLSv1.2+TLSv1.3"
> ciphers="HIGH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POL
Y13
>
>
05:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA
> -AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA2
56
>
>
:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SH
> A256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-S
HA
>
>
:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:D
> HE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-
AE
>
>
S256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256
> :AES128-SHA:AES256-SHA:!DSS">
>
>
> certificateKeystoreFile="${catalina.base}/conf/ssl/tomcat.p 12"
> certificateKeystorePassword="changeit"
> certificateKeyAlias="tomcat" type="RSA" />
>
> P12 is created with
> openssl pkcs12 -export -in tomcat.crt -inkey tomcat.key
> -certfile chain.pem -out tomcat.p12 -name tomcat -CAfile
> ca.crt -caname root -passout pass:changeit
> Seems to be valid and working ;-) .
>
> Hmm. What version of Java? Perhaps Java has gotten better about
> detecting the type of keystore? Also, Tomcat respects the value of
> -Djavax.net.ssl.keyStoreType so if (a) you are explicitly setting
> it to PKCS12 or (b) your Java version is doing that, then you don't
> need to specify it, as it's the default.
>
>> openjdk 11.0.6+10-post-Debian-1 and no JAVA_OPTS for certs…
It must just be the new default. :)
- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4yELkACgkQHPApP6U8
pFgBfBAAvtW/NMZo/AVXYUFsA5GocrYfZDqwgE2B95M+9tFbBKTetuYBqzrOTKSx
AKiIU+0MGmqx0DUEPCgLh3prakJJtimhW+7JzM8i1nPEyhv242w8Y4+tsp9kwE5H
TQYsYhci3ydxQGP2QnwxbZdlxkgn4ngnEA1d6TuCp77E4Bi8rlglG7sB1IQhM3O9
yMY/60HBuIa3XTrdEdo2g5AKzQJ7AwjjWKpn3g0LtZBX0F3l/1S6jJIhCeLKHaWv
YbeIzJRUmGFE0XA6fTQXpN7XqWM617wlETdoSkWaGqUdAy2oHs6lO3mctqlQL4h6
TotSju1OKch7nbCntCludoNHVqawzSDSQSClkox3BnJ6jVIivVxUQ/8Ccs4opecv
XFChhCxBnnwd/rBwo1oNtP6K3/ekBtcHOIJhxtZ72BIhFbAT7PZeBstz4vN5isUQ
zzJo4prGhqd4CbgAKGvB5LtvpD3gltTgrtoKEz7k0XwMQ3AlqM2SjxE749HBeNlB
ZEeAIsrKTMzu+1UYXDOo2YOf7im8+5jCSuQJaL0DmgiLrIEEqi3hVPz3W07ZWAOh
766uqw0n7/HzTJ61bOO+gif3UGWS0b+fvLtNW+wHA6B0eMxgV9jWJudXtoOiRL8j
am6Ewv4dG6eJUlJcC2ZzHeLZMygoYbjY5rIBqb0o3O5CuiNNA3Q=
=Cz2L
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Install Comodo SSL in Tomcat
Chris, > Am 29.01.2020 um 16:59 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > > On 1/28/20 6:02 PM, logo wrote: >>> >> protocols="TLSv1.2+TLSv1.3" >>> ciphers="HIGH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY13 > 05:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA > - -AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 > :DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SH > A256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA > :ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:D > HE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AE > S256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256 > :AES128-SHA:AES256-SHA:!DSS"> >>> >>> > >> certificateKeystorePassword="changeit" >>> certificateKeyAlias="tomcat" type="RSA" /> >> >>> P12 is created with >> >>> openssl pkcs12 -export -in tomcat.crt -inkey tomcat.key -certfile >>> chain.pem -out tomcat.p12 -name tomcat -CAfile ca.crt -caname >>> root -passout pass:changeit >> >> >>> Seems to be valid and working ;-) . > > Hmm. What version of Java? Perhaps Java has gotten better about > detecting the type of keystore? Also, Tomcat respects the value of > - -Djavax.net.ssl.keyStoreType so if (a) you are explicitly setting it > to PKCS12 or (b) your Java version is doing that, then you don't need > to specify it, as it's the default. openjdk 11.0.6+10-post-Debian-1 and no JAVA_OPTS for certs… > > - -chris > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4xq8sACgkQHPApP6U8 > pFiQoBAAh85sDX5Q0aSMLyU5wQCsP2CPrA0iiaLwiU/rZ4Xr38mn8xW1lKAodjX8 > enLvHnRsfvQk+spXtNCsN4W0lh1ZCt2Y9bkO44AtlsCMHTaCgx3XgzuXUSxmkg1+ > ZsNv0jEWqslI0MwEZIzs8tlPbEg3EydjSF8kXf5fcygxA50FfR1o1ysY0cJNO2Z2 > 1pJDdueZPy0TzBquVAX9b+d9ElZk8QeavSJ4H8lFkj9Mjdj4XeqevuT/VayJKe34 > hBrdCJfXgLh+xq251eMxjSSIxXC5B3tK0SE5IeyZyBxd5KBq4HmN8q/rJcWmvfMd > U+HUlvG0GugoodPnz2XklbJlW1J78uuhT81/sWp2PIiig7So/QSOJgpCuInJAdoh > wCaO1aZfYABxJSCbbZGEtT22ybilgA9rnocsuGjI5Wrxo3dBxzMQ9Y0QB56/bkEN > ZT2NnynXfEwVMlXqgnSqxga1hCW82wCfw8meZtye5Pc7QyvJDoEUqveakvNvjEIy > 3OminOdu6KuIEjcLy2OJLs2voBqDuZToOwg3xSYEq07pPapd9xqnKcRGihv4j6aQ > y5JZq+4oc0i4e286KB1OhDGposRcfWJfFWNSwk7ijKVlA6aAF/OfM9EAAlm3fWU7 > AkkpJslBQrxghCUhhPSrdUfNOCEQpHzOaCEUlyLRk1pY/52FGwQ= > =ANtK > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Install Comodo SSL in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 1/28/20 6:02 PM, logo wrote: >> > protocols="TLSv1.2+TLSv1.3" >> ciphers="HIGH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY13 05:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA - -AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 :DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SH A256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA :ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:D HE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AE S256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256 :AES128-SHA:AES256-SHA:!DSS"> >> >> > certificateKeystorePassword="changeit" >> certificateKeyAlias="tomcat" type="RSA" /> > >> P12 is created with > >> openssl pkcs12 -export -in tomcat.crt -inkey tomcat.key -certfile >> chain.pem -out tomcat.p12 -name tomcat -CAfile ca.crt -caname >> root -passout pass:changeit > > >> Seems to be valid and working ;-) . Hmm. What version of Java? Perhaps Java has gotten better about detecting the type of keystore? Also, Tomcat respects the value of - -Djavax.net.ssl.keyStoreType so if (a) you are explicitly setting it to PKCS12 or (b) your Java version is doing that, then you don't need to specify it, as it's the default. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4xq8sACgkQHPApP6U8 pFiQoBAAh85sDX5Q0aSMLyU5wQCsP2CPrA0iiaLwiU/rZ4Xr38mn8xW1lKAodjX8 enLvHnRsfvQk+spXtNCsN4W0lh1ZCt2Y9bkO44AtlsCMHTaCgx3XgzuXUSxmkg1+ ZsNv0jEWqslI0MwEZIzs8tlPbEg3EydjSF8kXf5fcygxA50FfR1o1ysY0cJNO2Z2 1pJDdueZPy0TzBquVAX9b+d9ElZk8QeavSJ4H8lFkj9Mjdj4XeqevuT/VayJKe34 hBrdCJfXgLh+xq251eMxjSSIxXC5B3tK0SE5IeyZyBxd5KBq4HmN8q/rJcWmvfMd U+HUlvG0GugoodPnz2XklbJlW1J78uuhT81/sWp2PIiig7So/QSOJgpCuInJAdoh wCaO1aZfYABxJSCbbZGEtT22ybilgA9rnocsuGjI5Wrxo3dBxzMQ9Y0QB56/bkEN ZT2NnynXfEwVMlXqgnSqxga1hCW82wCfw8meZtye5Pc7QyvJDoEUqveakvNvjEIy 3OminOdu6KuIEjcLy2OJLs2voBqDuZToOwg3xSYEq07pPapd9xqnKcRGihv4j6aQ y5JZq+4oc0i4e286KB1OhDGposRcfWJfFWNSwk7ijKVlA6aAF/OfM9EAAlm3fWU7 AkkpJslBQrxghCUhhPSrdUfNOCEQpHzOaCEUlyLRk1pY/52FGwQ= =ANtK -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Install Comodo SSL in Tomcat
Chris, > Am 28.01.2020 um 19:35 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > > On 1/28/20 12:24 PM, Peter Kreuser wrote: >>> Am 28.01.2020 um 18:02 schrieb Christopher Schultz >>> : >>> >>> You have to say certificateKeystoreType="PKCS12" (for >>> , or keystoreType="PKCS12" for ) as well >>> in your config. >> >> You don‘t need that in the new SSLHostConfig, right? I don‘t have >> that attribute and it works... ??? > > I'd need to see your configuration, and know what type of keystore you > are using. > P12 is created with openssl pkcs12 -export -in tomcat.crt -inkey tomcat.key -certfile chain.pem -out tomcat.p12 -name tomcat -CAfile ca.crt -caname root -passout pass:changeit Seems to be valid and working ;-) . Peter > - -chris > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wfw4ACgkQHPApP6U8 > pFhm5A//e0VNCvCklGGFfNNxNdamDuzbaZZ3e/aCQeW85dat+rsHZDZKrPgb5MYz > 7nwjgxooe0TcvkaXzaB/pJGD21ImntWtiTl42MyvPXmZl0PXyXjRGA2/XcQj/Yji > vTWyVKl1TiH5s0fiIZrQZ0M6lTfQ7T2eVnTzX5MjQwin9zDzRDPl77Dbatn57d4H > heMY4GgS7XfHrH/EN5jJvU+vXOKI/bS61ujM28+A1dJnEECduIZbsTQTSDah903t > X/09b8jqUTPJNAQLIfk5/KQS2arhP2Nsoplsy+8a/KOJisRLRWZpoSga4N/CBc3D > CoslAJM1w+za6BV+xKuZSP795ZiuqF34jnb36LTOkiaXcCrKrm4B35ImvCtSOgYX > FvC4NJq+t4f3AVnvNkqaN6ygJifveI4g86C46r8A40YUFSydbQoKiwrDUGvbN+jq > 568014A/p7n0k4N48KPyVZmH8x8NwlBE3n0V4/KW1kXikGUDcyFOoXp+g+nMhRpV > l/I9US8rrBnJbkIlZLOibxI5LzRQ0mqMmspHaqzkl7zGWnP3EwvI1KysgpkotJ+i > shAaY5z1IWg6i5w1iZK/JzOkpixBBZR4ckMAanZXV5UQaW06Swkc81C4vfpJoNAO > qZINTga45uXg2/Wt5xkNjkv9+P5KVnPiVb3YhtGH4b1wRaI9qaQ= > =E1yB > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
Re: [OT] Install Comodo SSL in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 1/28/20 12:24 PM, Peter Kreuser wrote: >> Am 28.01.2020 um 18:02 schrieb Christopher Schultz >> : >> >> You have to say certificateKeystoreType="PKCS12" (for >> , or keystoreType="PKCS12" for ) as well >> in your config. > > You don‘t need that in the new SSLHostConfig, right? I don‘t have > that attribute and it works... ??? I'd need to see your configuration, and know what type of keystore you are using. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wfw4ACgkQHPApP6U8 pFhm5A//e0VNCvCklGGFfNNxNdamDuzbaZZ3e/aCQeW85dat+rsHZDZKrPgb5MYz 7nwjgxooe0TcvkaXzaB/pJGD21ImntWtiTl42MyvPXmZl0PXyXjRGA2/XcQj/Yji vTWyVKl1TiH5s0fiIZrQZ0M6lTfQ7T2eVnTzX5MjQwin9zDzRDPl77Dbatn57d4H heMY4GgS7XfHrH/EN5jJvU+vXOKI/bS61ujM28+A1dJnEECduIZbsTQTSDah903t X/09b8jqUTPJNAQLIfk5/KQS2arhP2Nsoplsy+8a/KOJisRLRWZpoSga4N/CBc3D CoslAJM1w+za6BV+xKuZSP795ZiuqF34jnb36LTOkiaXcCrKrm4B35ImvCtSOgYX FvC4NJq+t4f3AVnvNkqaN6ygJifveI4g86C46r8A40YUFSydbQoKiwrDUGvbN+jq 568014A/p7n0k4N48KPyVZmH8x8NwlBE3n0V4/KW1kXikGUDcyFOoXp+g+nMhRpV l/I9US8rrBnJbkIlZLOibxI5LzRQ0mqMmspHaqzkl7zGWnP3EwvI1KysgpkotJ+i shAaY5z1IWg6i5w1iZK/JzOkpixBBZR4ckMAanZXV5UQaW06Swkc81C4vfpJoNAO qZINTga45uXg2/Wt5xkNjkv9+P5KVnPiVb3YhtGH4b1wRaI9qaQ= =E1yB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Install Comodo SSL in Tomcat
Chris, > Am 28.01.2020 um 18:02 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 1/28/20 11:30 AM, Peter Kreuser wrote: >> Peter Kreuser >>> Am 28.01.2020 um 16:34 schrieb Christopher Schultz >>> : >>> >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >>> >>> Peter, >>> >>> On 1/27/20 3:35 PM, logo wrote: Could you try openssl pkcs12 -export -in my.crt -inkey my.key -name tomcat -certfile my.ca-bundle -out my.jks <<— the output of pkcs12 is already a jks!!! and -name tomcat is the alias >>> >>> openssl cannot generate JKS files (fortunately!). If there is a >>> format worse than PKCS12, it's JKS. pkcs12 creates PKCS12 files. >> Oh I remember that... Dang. Never mind JKS, >> >>> Java can read PKCS12 files and they are even deprecating JKS and >>> JCEKS in favor of PKCS12, so you don't even have to use keytool >>> anymore. >> >> That was my point. With the openssl oneliner, tomcat/java would be >> able to read the created p12 file. So name it appropriately my.p12 >> and Léonard should be fine, right? > > You have to say certificateKeystoreType="PKCS12" (for , > or keystoreType="PKCS12" for ) as well in your config. You don‘t need that in the new SSLHostConfig, right? I don‘t have that attribute and it works... ??? Peter > - -chris > >>> -BEGIN PGP SIGNATURE- Comment: Using GnuPG with >>> Thunderbird - https://www.enigmail.net/ >>> >>> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wVGYACgkQHPApP6U8 >>> pFhaXw//dJcRnA6Q8HUWWgubTA6jlPu85e4LoOxk4qExgCD9P5z3YnqS1Y6YqsmP >>> yrTykv/A2vA84ZgAetDU1IASQ08MYXsl4poSFMMOdLRPKEd1MlBzWo+yfR0+e79M >>> fWaZ6TbSioXTktWyLZspAaAM5ElFsvgRpktY6pY1+R042BoIj/NwQOsN7OiWWPE+ >>> sJVFRODD9cZ45MvuRdCli07hDqBmFrpOCdYYz2FIp2ANdce2N4W8GF64AgnQ5K6T >>> 6ofA5HeLjWLmJgrrPuO09lNF2DROufBICz6sDP81UdrfLYEYQO2csFQx+8VSArFy >>> Ph3iEp17HR/hkf3ztRe+5frXQxba9vKHyzVrT3nDjMCvVTUUN41kOd41PkAmyqAx >>> Jy6hAwRRiXP5a47g7RXfNF5wDzY7taKVwVblRLa8qrzi3ub3VYmpdIH29g0b3W8F >>> YbTMTQLUyzDog4yPyTcGwDqkBw8B9Z9dOg+ak005mrjsGBBx/FDpSvgQo0kOvmrG >>> YvrUvShrnBpPM3BC27Y46WnqwrJMGbrk2FeHtlvrlND+QFZ50IiTf/VPBGisN8+h >>> pjUcC1UfvTWgH6YpBtdjSJkAjJZAQWchGG1WflR4St1aIyML95yDkZQcbrLHzgN/ >>> hgzocAzSWakkYppdwzgfuIdwpOsjzh1ld5fuoo0ibwhpBQdmMew= =NdCj >>> -END PGP SIGNATURE- >>> >>> - >>> >>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> - >> >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4waQgACgkQHPApP6U8 > pFg1BhAAl9GJyuglklWROZOWmor0dOQoFtPsPqDi/4FvGiU9QbbodNJv2FEfa+To > XU3VpD9AfUasuRcNcvvWaYCg+wsbeglYvp94RtO++mQsT7uMqJ1efynWJ+YH/Hbd > aTgD9GFIzQjBWpo/5OU9ws2kxGlKKRM+z8haQ0MklRY6R84IZKN7IW7B0Xm4uuWn > +qfBapA0j8SJQ6RQiA5paujFTmx3WYW1rVMSZR7lXcxwLs1lrvaRWvWN4gUMhqA+ > QHf9LZATcA4FDj5vkWetMN4pbC266rTdKMl4Uss0WeED6u2CmX/tCfWA3hqc1tL5 > 2WyZTnnuT8n5SIXRFaqlqMP29PHXE9vTjvZ/ydsUNB72vOh6C3ucFShs98mu5rNW > WtC0k1Z7pBwh9pIkeFUY1d/p2AkWxHG4lfTN9fiE60nXn317xGhKQzYx46DSbibq > qum/RVt98uzM2pft9a76n+xhA+YBb0Poq+4XpIWb6wIVrJ6GV8AAwX1s3vDXMjvR > IC8MsR1nI3YD69slKH6q1zzQsAuh6+qGbNG3DnQYP+WsTwuD0LlGcjkGwPyUMceo > A7BioOSzdVtiwMjtsYAGux/9auc3403vPb3GPXOXBvjP23x7eGW4PZhTlT7k2DRg > P5WpfVUPyZ0tJU41xA+eEQ/iBMg0Qn8sOAYy+FQf8obhrUgybpw= > =Z1+f > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Install Comodo SSL in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 1/28/20 11:30 AM, Peter Kreuser wrote: > Peter Kreuser >> Am 28.01.2020 um 16:34 schrieb Christopher Schultz >> : >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> Peter, >> >> On 1/27/20 3:35 PM, logo wrote: >>> Could you try openssl pkcs12 -export -in my.crt -inkey my.key >>> -name tomcat -certfile my.ca-bundle -out my.jks <<— the >>> output of pkcs12 is already a jks!!! and -name tomcat is the >>> alias >> >> openssl cannot generate JKS files (fortunately!). If there is a >> format worse than PKCS12, it's JKS. pkcs12 creates PKCS12 files. > Oh I remember that... Dang. Never mind JKS, > >> Java can read PKCS12 files and they are even deprecating JKS and >> JCEKS in favor of PKCS12, so you don't even have to use keytool >> anymore. > > That was my point. With the openssl oneliner, tomcat/java would be > able to read the created p12 file. So name it appropriately my.p12 > and Léonard should be fine, right? You have to say certificateKeystoreType="PKCS12" (for , or keystoreType="PKCS12" for ) as well in your config. - -chris >> -BEGIN PGP SIGNATURE- Comment: Using GnuPG with >> Thunderbird - https://www.enigmail.net/ >> >> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wVGYACgkQHPApP6U8 >> pFhaXw//dJcRnA6Q8HUWWgubTA6jlPu85e4LoOxk4qExgCD9P5z3YnqS1Y6YqsmP >> yrTykv/A2vA84ZgAetDU1IASQ08MYXsl4poSFMMOdLRPKEd1MlBzWo+yfR0+e79M >> fWaZ6TbSioXTktWyLZspAaAM5ElFsvgRpktY6pY1+R042BoIj/NwQOsN7OiWWPE+ >> sJVFRODD9cZ45MvuRdCli07hDqBmFrpOCdYYz2FIp2ANdce2N4W8GF64AgnQ5K6T >> 6ofA5HeLjWLmJgrrPuO09lNF2DROufBICz6sDP81UdrfLYEYQO2csFQx+8VSArFy >> Ph3iEp17HR/hkf3ztRe+5frXQxba9vKHyzVrT3nDjMCvVTUUN41kOd41PkAmyqAx >> Jy6hAwRRiXP5a47g7RXfNF5wDzY7taKVwVblRLa8qrzi3ub3VYmpdIH29g0b3W8F >> YbTMTQLUyzDog4yPyTcGwDqkBw8B9Z9dOg+ak005mrjsGBBx/FDpSvgQo0kOvmrG >> YvrUvShrnBpPM3BC27Y46WnqwrJMGbrk2FeHtlvrlND+QFZ50IiTf/VPBGisN8+h >> pjUcC1UfvTWgH6YpBtdjSJkAjJZAQWchGG1WflR4St1aIyML95yDkZQcbrLHzgN/ >> hgzocAzSWakkYppdwzgfuIdwpOsjzh1ld5fuoo0ibwhpBQdmMew= =NdCj >> -END PGP SIGNATURE- >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4waQgACgkQHPApP6U8 pFg1BhAAl9GJyuglklWROZOWmor0dOQoFtPsPqDi/4FvGiU9QbbodNJv2FEfa+To XU3VpD9AfUasuRcNcvvWaYCg+wsbeglYvp94RtO++mQsT7uMqJ1efynWJ+YH/Hbd aTgD9GFIzQjBWpo/5OU9ws2kxGlKKRM+z8haQ0MklRY6R84IZKN7IW7B0Xm4uuWn +qfBapA0j8SJQ6RQiA5paujFTmx3WYW1rVMSZR7lXcxwLs1lrvaRWvWN4gUMhqA+ QHf9LZATcA4FDj5vkWetMN4pbC266rTdKMl4Uss0WeED6u2CmX/tCfWA3hqc1tL5 2WyZTnnuT8n5SIXRFaqlqMP29PHXE9vTjvZ/ydsUNB72vOh6C3ucFShs98mu5rNW WtC0k1Z7pBwh9pIkeFUY1d/p2AkWxHG4lfTN9fiE60nXn317xGhKQzYx46DSbibq qum/RVt98uzM2pft9a76n+xhA+YBb0Poq+4XpIWb6wIVrJ6GV8AAwX1s3vDXMjvR IC8MsR1nI3YD69slKH6q1zzQsAuh6+qGbNG3DnQYP+WsTwuD0LlGcjkGwPyUMceo A7BioOSzdVtiwMjtsYAGux/9auc3403vPb3GPXOXBvjP23x7eGW4PZhTlT7k2DRg P5WpfVUPyZ0tJU41xA+eEQ/iBMg0Qn8sOAYy+FQf8obhrUgybpw= =Z1+f -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Install Comodo SSL in Tomcat
Chris, Peter Kreuser > Am 28.01.2020 um 16:34 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > > On 1/27/20 3:35 PM, logo wrote: >> Could you try >> openssl pkcs12 -export -in my.crt -inkey my.key -name tomcat >> -certfile my.ca-bundle -out my.jks <<— the output of pkcs12 is >> already a jks!!! and -name tomcat is the alias > > openssl cannot generate JKS files (fortunately!). If there is a format > worse than PKCS12, it's JKS. pkcs12 creates PKCS12 files. Oh I remember that... Dang. Never mind JKS, > Java can read PKCS12 files and they are even deprecating JKS and JCEKS > in favor of PKCS12, so you don't even have to use keytool anymore. That was my point. With the openssl oneliner, tomcat/java would be able to read the created p12 file. So name it appropriately my.p12 and Léonard should be fine, right? Peter > - -chris > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wVGYACgkQHPApP6U8 > pFhaXw//dJcRnA6Q8HUWWgubTA6jlPu85e4LoOxk4qExgCD9P5z3YnqS1Y6YqsmP > yrTykv/A2vA84ZgAetDU1IASQ08MYXsl4poSFMMOdLRPKEd1MlBzWo+yfR0+e79M > fWaZ6TbSioXTktWyLZspAaAM5ElFsvgRpktY6pY1+R042BoIj/NwQOsN7OiWWPE+ > sJVFRODD9cZ45MvuRdCli07hDqBmFrpOCdYYz2FIp2ANdce2N4W8GF64AgnQ5K6T > 6ofA5HeLjWLmJgrrPuO09lNF2DROufBICz6sDP81UdrfLYEYQO2csFQx+8VSArFy > Ph3iEp17HR/hkf3ztRe+5frXQxba9vKHyzVrT3nDjMCvVTUUN41kOd41PkAmyqAx > Jy6hAwRRiXP5a47g7RXfNF5wDzY7taKVwVblRLa8qrzi3ub3VYmpdIH29g0b3W8F > YbTMTQLUyzDog4yPyTcGwDqkBw8B9Z9dOg+ak005mrjsGBBx/FDpSvgQo0kOvmrG > YvrUvShrnBpPM3BC27Y46WnqwrJMGbrk2FeHtlvrlND+QFZ50IiTf/VPBGisN8+h > pjUcC1UfvTWgH6YpBtdjSJkAjJZAQWchGG1WflR4St1aIyML95yDkZQcbrLHzgN/ > hgzocAzSWakkYppdwzgfuIdwpOsjzh1ld5fuoo0ibwhpBQdmMew= > =NdCj > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Install Comodo SSL in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 1/27/20 3:35 PM, logo wrote: > Could you try > > openssl pkcs12 -export -in my.crt -inkey my.key -name tomcat > -certfile my.ca-bundle -out my.jks <<— the output of pkcs12 is > already a jks!!! and -name tomcat is the alias openssl cannot generate JKS files (fortunately!). If there is a format worse than PKCS12, it's JKS. pkcs12 creates PKCS12 files. Java can read PKCS12 files and they are even deprecating JKS and JCEKS in favor of PKCS12, so you don't even have to use keytool anymore. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wVGYACgkQHPApP6U8 pFhaXw//dJcRnA6Q8HUWWgubTA6jlPu85e4LoOxk4qExgCD9P5z3YnqS1Y6YqsmP yrTykv/A2vA84ZgAetDU1IASQ08MYXsl4poSFMMOdLRPKEd1MlBzWo+yfR0+e79M fWaZ6TbSioXTktWyLZspAaAM5ElFsvgRpktY6pY1+R042BoIj/NwQOsN7OiWWPE+ sJVFRODD9cZ45MvuRdCli07hDqBmFrpOCdYYz2FIp2ANdce2N4W8GF64AgnQ5K6T 6ofA5HeLjWLmJgrrPuO09lNF2DROufBICz6sDP81UdrfLYEYQO2csFQx+8VSArFy Ph3iEp17HR/hkf3ztRe+5frXQxba9vKHyzVrT3nDjMCvVTUUN41kOd41PkAmyqAx Jy6hAwRRiXP5a47g7RXfNF5wDzY7taKVwVblRLa8qrzi3ub3VYmpdIH29g0b3W8F YbTMTQLUyzDog4yPyTcGwDqkBw8B9Z9dOg+ak005mrjsGBBx/FDpSvgQo0kOvmrG YvrUvShrnBpPM3BC27Y46WnqwrJMGbrk2FeHtlvrlND+QFZ50IiTf/VPBGisN8+h pjUcC1UfvTWgH6YpBtdjSJkAjJZAQWchGG1WflR4St1aIyML95yDkZQcbrLHzgN/ hgzocAzSWakkYppdwzgfuIdwpOsjzh1ld5fuoo0ibwhpBQdmMew= =NdCj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
