Baran,
On 10.10.2014 21:06, Baran Topal wrote:
Then I received 2 files from the certificate authority, abc.com.cer
and abc.om.p7b
What certificates do those files contain?
<Connector port="443"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="server" keystoreFile="/path/to/JKSfile/your_site_name.jks"
keystorePass="your_keystore_password" />
Attribute maxSpareThreads is not listed in docs:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
You could also add protocol attribute to force JSSE connector (BIO or
NIO), to prevent connector auto-selection.
To clean the things up, I want to delete my keystore but is it fine if
I generate the key with another alias, e.g. tomcat as in the tomcat
documentation?
Private key necessary for encryption is in your keystore. If you delete
your private key, and generate new key pair in new keystore your signed
certificate becomes worthless. You will need to ask your CA (and,
possibly, pay) for another certificate.
If you just want to rename key in keystore, use "keytool -changealias".
2) I have the files, cer and crt (p7b), so is fine or should I need stg extra?
You would need complete certificate chain in order to set up HTTPS. You
need to check do you have a complete chain in cer file or not.
3) Is the order of import important?`first crt then cer?
If you have the complete chain in cer file, then you will just import
the cer file.
4) What are the correct import commands? Should I trust tomcat
documentation or authorities documentation?
In what parts the two are different? You should use keytool -importcert
command.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
