On 15/12/2015 15:07, David Newman wrote: > When you use APR the SSL implementation is coming from openssl instead of > java. openssl has no use for java keystore files. So it becomes more like > an apache httpd config with separate files for keys and certificates.
True, but as of Tomcat 9 (and will hopefully be back-ported to an 8.1.x at some point) you can use Java keystores with OpenSSL. Mark > > On Tue, Dec 15, 2015 at 5:12 AM, Nithesh Kb <nitheshk...@gmail.com> wrote: > >> HI, >> I have build APR libraries Openssl and tc-native also i have created >> openssl libraries. both HTTP and HTTPS is working fine. >> >> *openssl genrsa -des3 -out server.key 2048 * >> *openssl req -new -key server.key -out server.csr* >> *cp server.key server.key.org <http://server.key.org>* >> *openssl rsa -in server.key.org <http://server.key.org> -out server.key* >> *openssl x509 -req -days 365 -in server.csr -signkey server.key -out >> server.crt* >> >> i get server.crt and server.key. >> >> I added this entry,in connector >> >> >> *protocol="org.apache.coyote.http11.Http11AprProtocol"* >> *SSLCertificateFile="/aa/server.crt"* >> *SSLCertificateKeyFile="/aa/server.key"* >> >> *If i do this much, it will work!!* >> >> *But the question is, is it possible to put these two certificate in >> keystore and can we add only that keystore in our connector ?* >> *something like, keystoreFile="/aa/tomcat.keystore"* >> >> *i tried this but didn't worked,* >> >> * >> http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore >> < >> http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore >>> * >> >> *please help me to understand these certificate stuffs. * >> >> >> >> *Thanks,* >> *Nithesh* >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
