Jerry,
On 3/11/24 14:51, Jerry Lin wrote:
Hi Chris,
There is also this:
https://tomcat.apache.org/presentations.html#latest-lets-encrypt
It's very LE-focused, but it shows you how to programmatically trigger a
reload.
Thanks for your presentation and script. We are using Let's Encrypt, so
Hi Chris,
There is also this:
> https://tomcat.apache.org/presentations.html#latest-lets-encrypt
>
> It's very LE-focused, but it shows you how to programmatically trigger a
> reload.
>
Thanks for your presentation and script. We are using Let's Encrypt, so
your material is quite relevant.
Jerry
Jerry,
On 3/10/24 16:00, Jerry Lin wrote:
Hi Chuck,
Presumably, you mean “not behind https", since “Apache” refers to the
organization that develops and maintains a plethora of software products.
Yes, “not behind https" (I meant not behind an Apache HTTP server)
you can configure the TLS
> On Mar 10, 2024, at 15:00, Jerry Lin wrote:
>
> Hi Chuck,
>
> Presumably, you mean “not behind https", since “Apache” refers to the
>> organization that develops and maintains a plethora of software products.
>>
>
Spell checker got me - I meant “httpd”, not “https”.
- Chuck
-
Hi Chuck,
Presumably, you mean “not behind https", since “Apache” refers to the
> organization that develops and maintains a plethora of software products.
>
Yes, “not behind https" (I meant not behind an Apache HTTP server)
> you can configure the TLS config listener:
>
>
> https://tomcat.apac
> On Mar 10, 2024, at 12:39, Jerry Lin wrote:
>
> For those of us with a publicly accessible instance of Tomcat (e.g. not
> behind Apache), is there a good way of having a renewed SSL/HTTPS
> certificate take effect without restarting Tomcat?
Presumably, you mean “not behind https", since “Apac
how to reload SSL certificates without restarting Tomcat
Hello,
For those of us with a publicly accessible instance of Tomcat (e.g. not behind
Apache), is there a good way of having a renewed SSL/HTTPS certificate take
effect without restarting Tomcat?
Thank you,
Je
Hello,
For those of us with a publicly accessible instance of Tomcat (e.g. not
behind Apache), is there a good way of having a renewed SSL/HTTPS
certificate take effect without restarting Tomcat?
Thank you,
Jerry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Laurie,
On 5/17/18 11:33 AM, Laurie Miller-Cook wrote:
> I am very new to Tomcat so please bear with me.
Welcome.
> I currently have a Thawte certificate that is installed within IIS
> for our domain that is all managed by Rackspace.
>
> I now h
Hi Laurie,
This is what I do. I don't use keystore.
I use this within SSLHostConfig section.
> On May 17, 2018, at 11:33 AM, Laurie Miller-Cook
> wrote:
>
> Hi there,
>
> I am very new to Tomcat so please bear with me.
>
> I currently have a Thawte certificate that is installed within I
Hi there,
I am very new to Tomcat so please bear with me.
I currently have a Thawte certificate that is installed within IIS for our
domain that is all managed by Rackspace.
I now have a new server set-up with Tomcat 8.5.11 installed and have created a
keystore.
I have been supplied by Racksp
ent the settings in setenv and check
port 433 still works.
Mark
>
> Senthil
>
> On Wed, Aug 9, 2017 at 1:39 AM, Mark Thomas wrote:
>
>> On 08/08/17 21:03, dsenthil...@gmail.com wrote:
>>>
>>>> Hello,
>>>>
>>>> I have configured s
:
> On 08/08/17 21:03, dsenthil...@gmail.com wrote:
> >
> >> Hello,
> >>
> >> I have configured ssl certificates for below requirements:
> >>
> >> 1. Tomcat server certificate configuration in 'server.xml' file to run
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Senthil,
On 8/8/17 4:03 PM, dsenthil...@gmail.com wrote:
>
>> Hello,
>>
>> I have configured ssl certificates for below requirements:
>>
>> 1. Tomcat server certificate configuration in 'server.xml' f
On 08/08/17 21:03, dsenthil...@gmail.com wrote:
>
>> Hello,
>>
>> I have configured ssl certificates for below requirements:
>>
>> 1. Tomcat server certificate configuration in 'server.xml' file to run
>> tomcat server o
> Hello,
>
> I have configured ssl certificates for below requirements:
>
> 1. Tomcat server certificate configuration in 'server.xml' file to run tomcat
> server on port 443 and https
>
> minSpareThreads="25"
>
there's the tuto :
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
use sha2 root and intermediate and for the last use my_certificate
here's the repo :
https://certs.godaddy.com/repository/
Le 04/06/2016 00:18, Hardibo Pierre-Jean a écrit :
gdig2.crt is intermediat
gdig2.crt is intermediate my_certificate must be the last to configure so i
think bundle may be the root.
Le 04/06/2016 00:13, Conor Skyler a écrit :
Hello Pierre,
Yes, I contacted the technical support at GoDaddy and then basically told
me that I'm on my own and that I should find someone t
Hello Pierre,
Yes, I contacted the technical support at GoDaddy and then basically told
me that I'm on my own and that I should find someone that knows how to
handle the configuration -- that's all the aid they gave me.
I think that there two separate problems here.
First one, the mismatch betwee
there's all here no ?
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Le 03/06/2016 22:37, Conor Skyler a écrit :
Hi again,
At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
co
godaddy didn't give you instructions ?
Le 03/06/2016 22:37, Conor Skyler a écrit :
Hi again,
At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided
Hi again,
At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download) but the result was the same
Hi Daniel,
Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.
Warm regards,
-Conor
On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa wrote:
> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler
> wrote:
>
> > Hello list,
> >
> > I'm trying to i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardibo,
On 6/1/16 9:48 AM, Hardibo Pierre-Jean wrote:
> Hello, when i add the second, or i put only the second (tomcat2)
> browser doesn't reach the website but doesnt stop with error
> message.
If you connect with openssl s_client, can you see what
Hello, when i add the second, or i put only the second (tomcat2) browser
doesn't reach the website but doesnt stop with error message.
Le 31/05/2016 18:52, Christopher Schultz a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardibo,
On 5/31/16 10:33 AM, Hardibo Pierre-Jean wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardibo,
On 5/31/16 10:33 AM, Hardibo Pierre-Jean wrote:
> Hello, i made two startSSL's certificates because i could only add
> 5 domains once.
??!
> When i use SSLHostConfig for the domains of the first certificate
> all is working, but when i tr
Hello, i made two startSSL's certificates because i could only add 5
domains once.
When i use SSLHostConfig for the domains of the first certificate all is
working, but when i try to add other domains (2° certificate) websites
are no more accessible, there's few documentation about that and no
On Mon, May 30, 2016 at 11:26 PM, Conor Skyler
wrote:
> Hello list,
>
> I'm trying to install the certificates I bought from GoDaddy into my Tomcat
> server, however so far I've been unsuccessful to achieve this.
>
> My system specs are:
> OS: Amazon Linux (fully updated)
> Tomcat version: 8.0.32
Hello list,
I'm trying to install the certificates I bought from GoDaddy into my Tomcat
server, however so far I've been unsuccessful to achieve this.
My system specs are:
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk versi
Hi,
I am very new to JMX so maybe I miss an important piece that prevents me
from configuring SSL certificates in ProtocolHandler via JMX.
I just implemented modification of aliases property on Host via JMX
which seems to work fine. I would like to set for some of those aliases
SSL certificates
On 19/02/2016 15:23, Christopher Schultz wrote:
> Mark,
>
> On 2/18/16 5:15 PM, Mark Thomas wrote:
>> On 18/02/2016 22:03, James H. H. Lampert wrote:
>>> Out of morbid curiosity, is there a way to make a certificate
>>> update take effect without restarting Tomcat?
>
>> Sort of.
>
>> Set bindOnI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 2/18/16 5:15 PM, Mark Thomas wrote:
> On 18/02/2016 22:03, James H. H. Lampert wrote:
>> Out of morbid curiosity, is there a way to make a certificate
>> update take effect without restarting Tomcat?
>
> Sort of.
>
> Set bindOnInit on the c
On 18/02/2016 22:03, James H. H. Lampert wrote:
> Out of morbid curiosity, is there a way to make a certificate update
> take effect without restarting Tomcat?
Sort of.
Set bindOnInit on the connector to false.
Modify the config via JMX.
Then you should be able to use JMX to call stop() followe
Out of morbid curiosity, is there a way to make a certificate update
take effect without restarting Tomcat?
--
JHHL
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomca
> -Original Message-
> From: Rory Kelly [mailto:rory.ke...@fernsoftware.com]
> Sent: Monday, March 16, 2015 7:53 AM
> To: Tomcat Users List
> Subject: Multiple SSL certificates on one Instance
>
> Hey guys,
>
>
>
> I’ve a bad feeling what I’m trying t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Stefan,
On 3/16/15 5:03 PM, Stefan Frei wrote:
> 2 points:
>
> configure the reverse proxy is simpler.
s/simpler/possible/
> tomcat may be harder to troubleshoot issues.
Tomcat can't even do SNI at this point.
> i would take the prxy to do that
hi
2 points:
configure the reverse proxy is simpler.
tomcat may be harder to troubleshoot issues.
i would take the prxy to do that, in fact we use squid rev-proxy to
solve exact the same problem.
Regards
Stefan
2015-03-16 14:16 GMT+01:00 Mark Thomas :
> On 16/03/2015 12:53, Rory Kelly wrote:
On 16/03/2015 12:53, Rory Kelly wrote:
> Hey guys,
>
>
>
> I’ve a bad feeling what I’m trying to do is impossible, and I’m going to
> have to implement a different solution. Been hunting for an answer, but
> couldn’t find anything definite.
>
> I’m running Tomcat 8.0.18,
>
> Java 1.7.0_75-b13,
Hey guys,
I’ve a bad feeling what I’m trying to do is impossible, and I’m going to
have to implement a different solution. Been hunting for an answer, but
couldn’t find anything definite.
I’m running Tomcat 8.0.18,
Java 1.7.0_75-b13,
Ubuntu 14.04.
I have multiple sites running on Virtual H
On Wed, Nov 26, 2014 at 7:21 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> To whom it may concern,
>
> On 11/26/14 12:00 PM, Kernel freak wrote:
> > On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz <
> > ch...@christopher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
To whom it may concern,
On 11/26/14 12:00 PM, Kernel freak wrote:
> On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> To whom it may concern,
>
> On 11/26/14 9:03 AM, Kernel freak wrote:
After
On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> To whom it may concern,
>
> On 11/26/14 9:03 AM, Kernel freak wrote:
> > After arguing with the admins for all this time, I finally have the
> > few f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
To whom it may concern,
On 11/26/14 9:03 AM, Kernel freak wrote:
> After arguing with the admins for all this time, I finally have the
> few files ready. I have the following files :
>
> keystore.p12
That should contain your key. Can you confirm t
Hello,
After arguing with the admins for all this time, I finally have the few
files ready. I have the following files :
keystore.p12, server.crt, ssl-cert-snakeoil.key, domainname.com.ca-bundle,
domainname.com.crt domainname.com.csr domainname.com.key, vsftpd.pem.
I did the following as Christo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
To whom it may concern,
On 11/25/14 3:32 AM, Kernel freak wrote:
> I don't have the server.key and server.crt. I have root access to
> server, I can generate my own if necessary. I only have .crt and
> .ca-bundle file. Can you tell me what to do. Th
Hello Christopher,
I don't have the server.key and server.crt. I have root access to server, I
can generate my own if necessary. I only have .crt and .ca-bundle file. Can
you tell me what to do. Thank you very much for your help.
On Mon, Nov 24, 2014 at 7:48 PM, Christopher Schultz <
ch...@christ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Niranjan,
On 11/24/14 10:51 AM, Niranjan Babu Bommu wrote:
> I think you have create a keystore from the cert, please follow
> these instruction and ket me know.
>
> Create store with temporary key inside:
>
> keytool -genkey -alias -keystore you
it works for me with this conf.
On Mon, Nov 24, 2014 at 11:27 AM, Niranjan Babu Bommu <
niranjan.bo...@gmail.com> wrote:
> Are you able to see the 8443 port listening?
>
> nc -z 8443
>
> On Mon, Nov 24, 2014 at 11:25 AM, Kernel freak
> wrote:
>
>> I have added the certificate. I modified th
Are you able to see the 8443 port listening?
nc -z 8443
On Mon, Nov 24, 2014 at 11:25 AM, Kernel freak
wrote:
> I have added the certificate. I modified the server.xml code to add the
> following lines :
> maxThreads="150"
>scheme="https" secure="true" clientAuth="false"
> ss
I have added the certificate. I modified the server.xml code to add the
following lines :
Now when I open the application, it redirects to https, but it says unable
to connect, your connection to this website maynotbe encrypted. What am I
doing wrong?
On Mon, Nov 24, 2014 at 5:20 PM, Niranjan
Sorry, I did not notice that.
- *Import a root or intermediate CA certificate to an existing Java
keystore*
keytool -import -trustcacerts -alias root -file *ca.crt* -keystore
*yourkeystore.jks*
On Mon, Nov 24, 2014 at 11:02 AM, Kernel freak
wrote:
> Thank you, and what about the
Thank you, and what about the CA-Bundle file? Did you got a chance to look
at the question I have posted on Stackoverflow mentioned in the original
question?
On Mon, Nov 24, 2014 at 4:51 PM, Niranjan Babu Bommu <
niranjan.bo...@gmail.com> wrote:
> Hi Kernel,
>
> I think you have create a keystore
Hi Kernel,
I think you have create a keystore from the cert, please follow these
instruction and ket me know.
Create store with temporary key inside:
keytool -genkey -alias -keystore yourkeystore.jks -storepass
Hello1
Then delete existing entry:
keytool -delete -alias temp -keystore yourkeysto
Hello friends,
I am using apache tomcat and I would like to deploy a Spring-MVC
application which I am working on. In that, via Spring-Security I have
specified to use https which requires to install the SSL certificate on the
server.
I am running a Debian Wheezy server, and I have certificate fil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nithun,
On 4/1/14, 4:02 PM, Bomma, Nithun wrote:
> I want to get public & private keys from WebSphere and import into
> Tomcat.
>
> We have WebSphere certificates (Signed by Verisign) until 2015 and
we > want to use the same in tomcat.
Where are t
et]
Sent: Monday, March 31, 2014 2:58 PM
To: Tomcat Users List
Subject: Re: SSL Certificates
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ninthun,
On 3/31/14, 10:19 AM, Bomma, Nithun wrote:
> Hello,
>
> We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ninthun,
On 3/31/14, 10:19 AM, Bomma, Nithun wrote:
> Hello,
>
> We are using WebSphere v6.1 for SSO and we are moving to ForgeRock
> and it uses Apache Tomcat (v7.0.37)
>
> We are trying to import the certificates (Verisign) including the
> cha
On 3/31/14 10:32 AM, Blume Wolfgang wrote:
Hi,
If your certificate need not be changed,
then you need not create a new Certificate Signing Request (CSR) to get a
new certificate,
but only do the "Importing the Certificate" part of the description:
Import chain certificate, then your existing cert
..@gmail.com]
> Sent: Monday, March 31, 2014 10:39 AM
> To: Tomcat Users List
> Subject: Re: SSL Certificates
>
> On Mon, Mar 31, 2014 at 7:19 AM, Bomma, Nithun >wrote:
>
> > Hello,
> >
> > We are using WebSphere v6.1 for SSO and we are moving to ForgeRock an
ology (Operations)
AIM: nithunbomma
EMAIL: nithun.bo...@amtrak.com
Desk: 215-349-2065; ATS: 728-2065; Cell: 215-704-4981
-Original Message-
From: Leo Donahue [mailto:donahu...@gmail.com]
Sent: Monday, March 31, 2014 10:39 AM
To: Tomcat Users List
Subject: Re: SSL Certificates
On Mon, Mar 31,
On Mon, Mar 31, 2014 at 7:19 AM, Bomma, Nithun wrote:
> Hello,
>
> We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and it
> uses Apache Tomcat (v7.0.37)
>
> We are trying to import the certificates (Verisign) including the chain
> certificates from WebSphere to Tomcat.
>
> Have
Hello,
We are using WebSphere v6.1 for SSO and we are moving to ForgeRock and it uses
Apache Tomcat (v7.0.37)
We are trying to import the certificates (Verisign) including the chain
certificates from WebSphere to Tomcat.
Have any of you did this before? If yes, could you help us out?
Thanks,
On 17.1.2014 19:14, James H. H. Lampert wrote:
At this point, if you haven't already done so, I would strongly suggest
getting your CA's tech support in on this.
+1
Reserved IP addresses and internal server names are not unique on the
Internet, so the certificates for them may be reused in di
At this point, if you haven't already done so, I would strongly suggest
getting your CA's tech support in on this.
Of course, your latest posts also beg the question of why you would be
spending good money on a signed SSL certificate for an internal web
site, or why you'd be using an internal
Hi Ognjen,
Reading the pdf link you provided it seems that I should use ip based
certificates and for each different ip which needs certificate I will have
to request one.
I should use -ext san=ip:$ip instead of -ext san=dns:$host.
Then CA will not drop the details.
Regards,
Miten.
On Fri, J
If I remove internal /etc/hosts lookup entry should it resolve or you mean
CA just dropped subjectAltName even though I included. - miten
On Jan 17, 2014 7:31 PM, "Ognjen Blagojevic"
wrote:
> Miten,
>
> On 17.1.2014 14:33, Miten Mehta wrote:
>
>> The catalina.out complaines with SSL handshake sta
What's the alternative to using subjectAltName? I thought it was flexible
to make certificate portable across our development environments. Should I
use IP (internal instead)? - Miten.
On Jan 17, 2014 7:31 PM, "Ognjen Blagojevic"
wrote:
> Miten,
>
> On 17.1.2014 14:33, Miten Mehta wrote:
>
>> Th
Miten,
On 17.1.2014 14:33, Miten Mehta wrote:
The catalina.out complaines with SSL handshake stating No Name matching
mhoodws.ril.local found.
For security reasons, CA shouldn't sign any certificate containing
internal server name (either as CN, or subjectAltName):
"As of July 1, 2012, all
Hi James,
Thanks a lot. I followed your steps but seems I am getting different error
as if the signed certificate is not dns based. The original self signed
certificate was able to work fine in dns based format for keytool when I
imported it into client keystore.
below I created the self signed
Christopher Schultz wrote:
:)
Give me OpenSSL any day of the week. ;)
Dunno. Can't recall ever having any experience with it at all. Just DCM
(for securing IBM-proprietary servers, like their Secured Telnet [NOT
ssh] server and their various proprietary web-serving products), and
Keytool (f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 1/16/14, 6:18 PM, James H. H. Lampert wrote:
> Christopher Schultz wrote:
>> That is always true. But you don't need a certificate to create a
>> CSR.
> If Keytool and the Java Keystore format even recognize any
> difference between the c
Christopher Schultz wrote:
That is always true. But you don't need a certificate to create a CSR.
If Keytool and the Java Keystore format even recognize any difference
between the concepts of "keypair" and "self-signed certificate," it
would be news to me.
Speaking of one who regularly ins
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 1/16/14, 5:04 PM, James H. H. Lampert wrote:
> On 1/16/14 1:49 PM, Christopher Schultz wrote:
>> Why are you self-signing a certificate if you are going to get
>> it signed by a CA?
>
> A newly-created keypair in a Java keystore is, by de
On 1/16/14 1:49 PM, Christopher Schultz wrote:
Why are you self-signing a certificate if you are going to get it
signed by a CA?
A newly-created keypair in a Java keystore is, by definition, a
self-signed certificate. And you can't create a CSR without having a
keypair from which to create it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Miten,
On 1/16/14, 12:09 PM, Miten Mehta wrote:
> Hi,
>
> Adding more clarification for ease below.
>
> 1) create keystore.jks with self signed cert (alias tomcat).
Why are you self-signing a certificate if you are going to get it
signed by a CA?
? will existing become redundant ?
NO, the SIGNED certificate will, at least in effect, be MERGED with the
original certificate.
Deleting the original certificate from the keystore before importing the
signed one will render the signed certificate WORTHLESS.
--
James H. H. Lampert
---
Hi,
Step #4 is not correct; if you delete the existing certificate you would
have lost everything. Please follow the instruction given by James H. H.
Lampert.
Thanks,
Ike
From: Miten Mehta
To: users@tomcat.apache.org,
Date: 01/16/2014 11:09 AM
Subject:Re: SSL
Hi,
Adding more clarification for ease below.
1) create keystore.jks with self signed cert (alias tomcat).
2) generate old.csr and send for signing to CA
3) get back new.cer (signed certificate) and root.cer (root certificate)
4) delete existing cert from keystore.jks (alias tomcat)
5) import roo
On 1/16/14 9:01 AM, Miten Mehta wrote:
Hi,
I am understanding SSL for tomcat using
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html.
1)I create jks using self signed certificate using keytool.
2) I generate CSR from that keystore/certificate.
3) I get it signed by CA who gives me root cert
Hi,
I am understanding SSL for tomcat using
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html.
1)I create jks using self signed certificate using keytool.
2) I generate CSR from that keystore/certificate.
3) I get it signed by CA who gives me root certificate and signed
certificate.
4) I need
Thanks a lot Ognjen, The solution you provided worked very well.
-Original Message-
From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com]
Sent: Wednesday, March 06, 2013 3:31 PM
To: Tomcat Users List
Subject: Re: Error configuring tomcat with ssl certificates
Siddhi,
On
-Original Message-
From: Siddhi Borkar [mailto:siddhi_bor...@persistent.co.in]
Sent: 06 March 2013 15:12
To: Tomcat Users List
Subject: RE: Error configuring tomcat with ssl certificates
Thanks Brijesh,
The certificate that I am using is RSA based certificate, I tried listing the
RSA
Siddhi,
On 6.3.2013 10:41, Siddhi Borkar wrote:
The certificate that I am using is RSA based certificate, I tried listing the
RSA based ciphers in the server the xml, however it still gave me the same
error.
Any idea what else could be going wrong?
You didn't import your private key into
...@sonicwall.com]
Sent: Wednesday, March 06, 2013 12:25 PM
To: Tomcat Users List
Subject: RE: Error configuring tomcat with ssl certificates
-Original Message-
From: Siddhi Borkar [mailto:siddhi_bor...@persistent.co.in]
Sent: 06 March 2013 12:15
To: users@tomcat.apache.org
Subject: Error
-Original Message-
From: Siddhi Borkar [mailto:siddhi_bor...@persistent.co.in]
Sent: 06 March 2013 12:15
To: users@tomcat.apache.org
Subject: Error configuring tomcat with ssl certificates
Hi,
I need help configuring tomcat 6 will ssl certificates. I have been provided
with the
Hi,
I need help configuring tomcat 6 will ssl certificates. I have been provided
with the following
cacert.pem
prvkey.key
and sslcert.crt
I tried the following steps:
1) Generated a keystore using java keytool and the certificate file using
the following command.
keytool -import
> From: Peter Kleczka [mailto:pklec...@gmail.com]
> Subject: Re: Web app calls JMS over SSL - certificates
> What I would like to do is tell my application where my keystore
> files are located rather than load them through the JVM.
So what stops you from doing that? There are n
the
Tomcat server other than setting the keystore properties in the JVM VM
startup parameters.
On Tue, Feb 7, 2012 at 9:10 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> > From: Peter Kleczka [mailto:pklec...@gmail.com]
> > Subject: Re: Web app calls JMS over
> From: Peter Kleczka [mailto:pklec...@gmail.com]
> Subject: Re: Web app calls JMS over SSL - certificates
> I am using ActiveMQ and its activemq.xml file has a section where the
> keystore and truststore point to those files. So I assume that means that
> there is a way to set t
I am using ActiveMQ and its activemq.xml file has a section where the
keystore and truststore point to those files. So I assume that means that
there is a way to set these at runtime. Still leaves me with the question
of whether I can set these at runtime from my app on Tomcat.
On Mon, Feb 6, 2012
On 6 Feb 2012, at 23:10, Peter Kleczka wrote:
> Hello
>
> I have a web app on Tomcat 6.0.24. The app needs to call a JMS app on
> another server over SSL. I installed the keystore/truststore files in
> $CatalinaHome/conf/certs and set VM arguments so that the JVM knows where
> to find the certs.
On 12/08/2011 02:26, Darryl Lewis wrote:
> Our certificates are about to expire and I need to generate new ones for
> tomcat. I'm using keytool, but getting a strange error.
Please start an entirely new thread, rather than replying to an existing
email & just editing the subject & body (which is
Our certificates are about to expire and I need to generate new ones for
tomcat. I'm using keytool, but getting a strange error.
[root]# keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore
keystore
Enter keystore password:
keytool error: java.lang.Exception: Key pair not generated
Hi
> I'm not using XP, but a Unix server OS, and my domains are radically
different - so the wildcard cert won't work either.
This is not about the OS the tomcat is running on, but about the OS the
client browser is using...
There are certificates with multiple names (even radically different on
On 03/08/2010 06:46 PM, Richard Huntrods wrote:
Does anyone know if it is possible, or has anyone done this:
I have two applications running on a single server. The applications
use different domains and URLs, so the single Tomcat instance can
easily tell them apart. (Note: this part is curren
enu fourni.
> Date: Tue, 9 Mar 2010 08:38:40 -0500
> From: d...@cornell.edu
> To: users@tomcat.apache.org
> Subject: Re: Multiple SSL certificates on same server
>
> On 3/8/2010 6:46 PM, Richard Huntrods wrote:
> > Does anyone know if it is possible, or has anyone done thi
On 3/8/2010 6:46 PM, Richard Huntrods wrote:
> Does anyone know if it is possible, or has anyone done this:
>
> I have two applications running on a single server. The applications
> use different domains and URLs, so the single Tomcat instance can
> easily tell them apart. (Note: this part is curr
Hi,
Here's an idea for you:
You can use wildcard when generating your certificate, like *.domain.com,
assuming your servers using same domain.com.
Regards,
Leon Kolchinsky
On Tue, Mar 9, 2010 at 11:49, Crypto Sal wrote:
> On 03/08/2010 06:46 PM, Richard Huntrods wrote:
>
>> Does anyone know i
On 03/08/2010 06:46 PM, Richard Huntrods wrote:
Does anyone know if it is possible, or has anyone done this:
I have two applications running on a single server. The applications
use different domains and URLs, so the single Tomcat instance can
easily tell them apart. (Note: this part is curren
> -Original Message-
> From: Richard Huntrods [mailto:huntr...@nucleus.com]
> Sent: Monday, March 08, 2010 18:46
> To: users@tomcat.apache.org
> Subject: Multiple SSL certificates on same server
>
> Does anyone know if it is possible, or has anyone done
1 - 100 of 154 matches
Mail list logo
