Which HTTP connector are you using? Mark
"J.V." <jvsr...@gmail.com> wrote: >I am generating a self signed cert using open SSL with the following >commands > >openssl req -x509 -notes -days 365 -newkey rsa:2048 -keyout >privateKey.key -out ca.crt > >I accept all the defaults when prompted except for 'Common Name' and >enter my IP address there. > >This generates : ca.crt > >It then export this to a ca.p12 with: > $openssl pkcs12 -export -in ca.crt -inkey privateKey.key -out ca.p12 > >I then copy this file to $TOMCAT_HOME/conf/a.keystore > >Then I run this command >$open ssl pkcs12 -in ca.p12 -out ca.pem -clcerts -nokeys -nodes > >and copy this to $TOMCAT_HOME/conf/ca.pem > >Before doing this, I remove some junk at the top of the file before >---BEGIN CERTIFICATE ---- > >--- >I then modify my server.xml and open port 8443 and point to the >a.keystore file. > >This seems to work OK. > >However when I generate a.keystore and ca.pem using BouncyCastle, the >certs do not seem to work but I have all the same settings. When >generating in pure Java, I am required to install the JCE to generate >the keys. I am not sure why openssl does not require some download or >license to generate the RSA keys and why it lets me generate with a key > >size of 2048 without some sort of extension (openssl must have some >export controls correct)? > >My first question is: > >1) Why does the first method (using openssl) work? Would I not need to > >apply JCE to my local jdk/jre when running Tomcat for the certs to >work? > >2) What is wrong with generating the keys in Java? >I am essentially following this: >http://blog.thilinamb.com/2010/01/how-to-generate-self-signed.html > >Except there is no keystore to initially load so I skipped that part. > >any help on generating a self signed cert in Java that would mirror the > >openssl generation would be greatly appreciated. > >J.V. > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
