DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6004>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6004 Cannot configure keystoreType Summary: Cannot configure keystoreType Product: Tomcat 3 Version: 3.3 Final Platform: All OS/Version: Other Status: NEW Severity: Enhancement Priority: Other Component: Config AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The HTTPS configuration in Tomcat 3.3a is lacking an important feature: You cannot configure the keystore type. Well, the feature is "almost" there, as the org.apache.tomcat.util.net.SSLSocketFactory *does* support the "keystoreType" attribute. Only, it is not passed to the factory in org.apache.tomcat.modules.server.PoolTcpConnector. So fixing this should be easy (untested): Just add an public void setKeystoreType( String k ) { attributes.put( "keystoreType", k); } to PoolTcpConnector.java Why this is needed: The default keystore type is JKS, which is almost useless in real life because you cannot import your existing PKCS12 keys/certificates. Only keys generated by keytool itself work. Unfortunately this is not an option if you have paid big bucks to have your key certified by a CA. Workaround: Use mod_jk and let mod_ssl handle all encryption. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
