Re: Generate pkcs12 certificates from offical COMODO certs
Frank, On 15.2.2014 7:02, Frank BONNET wrote: seems to work without it ! I recommend that you always import intermediate certificates into the keystore. If you don't, some clients / web browsers will find a way to lookup for missing certificates, but others will fail. Therefore, it is much better if you serve the complete chain (server certificate + intermediate certificates) to the client. If you are not sure if certificate chain served to the clients is complete, there is plenty of on-line tools to check that for you. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Generate pkcs12 certificates from offical COMODO certs
Hello I have officials certificates for apache2 from COMODO that I would like to import into tomcat ( pkcs12 ) if someone has links / infos to do this task it would be a great help ( google doesn't help much ) thanks you
Re: Generate pkcs12 certificates from offical COMODO certs
Frank, On 14.2.2014 14:10, BONNET, Frank wrote: I have officials certificates for apache2 from COMODO that I would like to import into tomcat ( pkcs12 ) if someone has links / infos to do this task it would be a great help ( google doesn't help much ) You didn't mention if you have any preference whether you want to use: i. BIO or NIO HTTPS connectors (based on JSSE), or ii. APR HTTPS connector (based on OpenSSL). Since you mentioned that you want to use PKCS#12 format, I guess you are interested in JSSE connectors. If you want to use APR, then the procedure is different then the one described here. Let's say that you have 1. Server key in file server.key 2. Server certificate in file server.pem 3. Intermediate certificates in file intermediates.pem Then, all you need to do is: openssl pkcs12 -export -out keystore.p12 -name myserver -in server.pem -inkey server.key -certfile intermediates.pem Note that it is not necessary that intermediates.pem contains root certificate. Then, configure HTTPS connector in conf/server.xml as Connector port=443 protocol=org.apache.coyote.http11.Http11Protocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=keystore.p12 keyAlias=myserver keystoreType=pkcs12 / I also recommend that if you check your ciphers strenth, and restrict them accordingly. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Generate pkcs12 certificates from offical COMODO certs
I need to convert/import from PEM format to P12 thanks 2014-02-14 14:14 GMT+01:00 Sanaullah sanaulla...@gmail.com: Hi Frank, I am not expert with apache. can you please let me know which format of certificate you do have? pem, der, p12. and also in which format you would like to convert? or import Regards, Sanaullah On Fri, Feb 14, 2014 at 6:10 PM, BONNET, Frank frank.bon...@esiee.frwrote: Hello I have officials certificates for apache2 from COMODO that I would like to import into tomcat ( pkcs12 ) if someone has links / infos to do this task it would be a great help ( google doesn't help much ) thanks you
Re: Generate pkcs12 certificates from offical COMODO certs
Hello Ognjen the intermediate cert in the one named chain right ? *Frank BONNET* Systemes UNIX et Reseaux ESIEE PARIS 01.45.92.66.17 - 06.70.37.37.69 2014-02-14 14:57 GMT+01:00 Ognjen Blagojevic ognjen.d.blagoje...@gmail.com : Frank, On 14.2.2014 14:10, BONNET, Frank wrote: I have officials certificates for apache2 from COMODO that I would like to import into tomcat ( pkcs12 ) if someone has links / infos to do this task it would be a great help ( google doesn't help much ) You didn't mention if you have any preference whether you want to use: i. BIO or NIO HTTPS connectors (based on JSSE), or ii. APR HTTPS connector (based on OpenSSL). Since you mentioned that you want to use PKCS#12 format, I guess you are interested in JSSE connectors. If you want to use APR, then the procedure is different then the one described here. Let's say that you have 1. Server key in file server.key 2. Server certificate in file server.pem 3. Intermediate certificates in file intermediates.pem Then, all you need to do is: openssl pkcs12 -export -out keystore.p12 -name myserver -in server.pem -inkey server.key -certfile intermediates.pem Note that it is not necessary that intermediates.pem contains root certificate. Then, configure HTTPS connector in conf/server.xml as Connector port=443 protocol=org.apache.coyote.http11.Http11Protocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=keystore.p12 keyAlias=myserver keystoreType=pkcs12 / I also recommend that if you check your ciphers strenth, and restrict them accordingly. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Generate pkcs12 certificates from offical COMODO certs
Frank, On 14.2.2014 15:00, BONNET, Frank wrote: the intermediate cert in the one named chain right ? Yes, it is usually named that way. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Generate pkcs12 certificates from offical COMODO certs
seems to work without it ! thanks Envoyé de mon iPhone. Le 14 févr. 2014 à 16:16, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com a écrit : Frank, On 14.2.2014 15:00, BONNET, Frank wrote: the intermediate cert in the one named chain right ? Yes, it is usually named that way. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org