Correct. You won't need any of the SSL info in server.xml. John
-----Original Message----- From: Hawkins, Keith (Keith) [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 1:03 PM To: John Roth Cc: Tomcat Users List Subject: RE: How many SSL certificates are needed for Tomcat with IIS? John, Thanks for clarifying this for me. Makes the SSL integration much simpler. I assume that if IIS is providing the SSL that I should leave the SSL connector section of the Tomcat server.xml file commented out. Correct? Thanks again for your help! -Keith -----Original Message----- From: John Roth [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 11:43 AM To: 'Tomcat Users List' Cc: Hawkins, Keith (Keith) Subject: RE: How many SSL certificates are needed for Tomcat with IIS? Exactly: Only the service that provides SSL needs the certificate, in the case of IIS/Isapi_redirect, only IIS needs the certificate. IIS does the encryption/decryption, and passes the "clear text" data to Tomcat. TC still knows that it was encrypted, and is passed the cert info, but doesn't need to know anything about SSL. Thanks, john -----Original Message----- From: Hawkins, Keith (Keith) [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 11:29 AM To: John Roth Cc: Tomcat Users List Subject: RE: How many SSL certificates are needed for Tomcat with IIS? John, Thanks for your reply to my post. If I understand you correctly, I may not need to bother with the keystore at all. If IIS is the web server, and I have an SSL certificate installed in IIS, then I don't need to have an additional certificate stored in a keystore file for Tomcat to use. True? Does this hold true when I am using the isapi_redirector to have Tomcat serve servlets/JSP pages? Thanks, Keith -----Original Message----- From: John Roth [mailto:[EMAIL PROTECTED]] Sent: Monday, April 15, 2002 9:24 AM To: 'Tomcat Users List'; 'Hugh Brien' Subject: RE: How many SSL certificates are needed for Tomcat with IIS? Also, each server sends a machine+server specific character set to Verisign (or any other certifier). For example: a keystore generated CertRequest will create a different request than an IIS generated CertRequest, all other things being equal (IP address, domain name, etc.). In a normal Web Server/Tomcat (App) Server environment, the Web Server is what is responsible for SSL encryption. This is the same regardless of the web server (IIS, Apache, Netscape, or any other). In some environments Tomcat is the web server, hence the SSL support in Tomcat. Summary: Only the web server needs the certificate. If this is IIS, you must generate the request via IIS. If the web server is going to be Tomcat, via the HTTPConnector, use keystore to generate the request. John -----Original Message----- From: Hugh Brien [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 14, 2002 12:44 AM To: Tomcat Users List Subject: Re: How many SSL certificates are needed for Tomcat with IIS? What was the error? Did you search for the error code to see if anyone had the same problem? Certs are based on 509 however there are extensions that different vendors support. r, Hugh ----- Original Message ----- From: "Hawkins, Keith (Keith)" <[EMAIL PROTECTED]> To: "tomcat-user" <[EMAIL PROTECTED]> Sent: Friday, April 12, 2002 5:46 PM Subject: How many SSL certificates are needed for Tomcat with IIS? I generated CSR via Sun's keytool, sent it to verisign, and imported the resulting certificate into a keystore file. I tried to get IIS to import this certificate, but it rejects it. Do I have to request the certificate from IIS? Do I need to have two certificates, one for tomcat and one for IIS? Thanks, Keith -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
winmail.dat
Description: application/ms-tnef
-- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>