I have a suggestion after just going through the process of configuring SSL using this link:
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration I would recommend having completely separate sections for each of the SSL implementations (e.g APR or JSSE). The problem is, if you are unfamiliar with the process, it is ambiguous which implementation some of the steps are geared towards. For example, the line: "To create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line..." My understanding (and I'm still not 100% sure!) is that this will not work if you are using Http11AprProtocol. In that case you must follow different steps. Namely, you must do something like so: openssl req \ -x509 -nodes -days 365 \ -newkey rsa:1024 -keyout mycert.pem -out mycert.pem And I would suggest including a sample code fragment like that in the documentation in order to mirror the process outlined when using the keytool. In addition the section towards the end on CSR is similarly ambiguous. So overall, I think this particular page of the documentation leaves a lot to be desired. If there is any agreement on this point, I could attempt to contribute some of these changes if desired. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
