*Thanks David,Thomas.* If my understanding is not wrong. Till tomcat version 8, we need to provide cert and key separately for openssl ssl APR, like *(SSLCertificateFile="/aa/server.crt"SSLCertificateKeyFile="/aa/server.key")* But tomcat 9 we can use keystore to store cert and key and configure it to connector like *keystoreFile="/aa/tomcat.**keystore"*
*Thanks,* *Nithesh* On Tue, Dec 15, 2015 at 8:40 PM, Mark Thomas <ma...@apache.org> wrote: > On 15/12/2015 15:07, David Newman wrote: > > When you use APR the SSL implementation is coming from openssl instead of > > java. openssl has no use for java keystore files. So it becomes more > like > > an apache httpd config with separate files for keys and certificates. > > True, but as of Tomcat 9 (and will hopefully be back-ported to an 8.1.x > at some point) you can use Java keystores with OpenSSL. > > Mark > > > > > On Tue, Dec 15, 2015 at 5:12 AM, Nithesh Kb <nitheshk...@gmail.com> > wrote: > > > >> HI, > >> I have build APR libraries Openssl and tc-native also i have created > >> openssl libraries. both HTTP and HTTPS is working fine. > >> > >> *openssl genrsa -des3 -out server.key 2048 * > >> *openssl req -new -key server.key -out server.csr* > >> *cp server.key server.key.org <http://server.key.org>* > >> *openssl rsa -in server.key.org <http://server.key.org> -out > server.key* > >> *openssl x509 -req -days 365 -in server.csr -signkey server.key -out > >> server.crt* > >> > >> i get server.crt and server.key. > >> > >> I added this entry,in connector > >> > >> > >> *protocol="org.apache.coyote.http11.Http11AprProtocol"* > >> *SSLCertificateFile="/aa/server.crt"* > >> *SSLCertificateKeyFile="/aa/server.key"* > >> > >> *If i do this much, it will work!!* > >> > >> *But the question is, is it possible to put these two certificate in > >> keystore and can we add only that keystore in our connector ?* > >> *something like, keystoreFile="/aa/tomcat.keystore"* > >> > >> *i tried this but didn't worked,* > >> > >> * > >> > http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore > >> < > >> > http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore > >>> * > >> > >> *please help me to understand these certificate stuffs. * > >> > >> > >> > >> *Thanks,* > >> *Nithesh* > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
