On 16/12/2015 13:26, Nithesh Kb wrote: > [image: Inline image 1] > > > Got this mail! , > Does it means can we use keystore for APR protocol using this new TC-native > ??
It needs changes on the Tomcat side as well. Those are currently only available in the 9.0.x source tree. They will be included in the next 9.0.x release. Mark > > > > Thanks, > Nithesh > >> >> > On Wed, Dec 16, 2015 at 1:09 PM, Garcia Aparici, Carlos <cgapar...@indra.es> > wrote: > >> In many of our tomcats we use the pfx directly on the conector. Its >> similar to a keystore >> >> >> Enviado de Samsung Mobile >> >> >> >> -------- Mensaje original -------- >> De: Nithesh Kb <nitheshk...@gmail.com> >> Fecha: 15/12/2015 16:21 (GMT+01:00) >> Para: Tomcat Users List <users@tomcat.apache.org> >> Asunto: Re: Tomcat APR protocol SSL certificate information. >> >> >> *Thanks David,Thomas.* >> If my understanding is not wrong. >> Till tomcat version 8, we need to provide cert and key separately for >> openssl ssl APR, like >> >> *(SSLCertificateFile="/aa/server.crt"SSLCertificateKeyFile="/aa/server.key")* >> But tomcat 9 we can use keystore to store cert and key and configure it to >> connector like *keystoreFile="/aa/tomcat.**keystore"* >> >> *Thanks,* >> *Nithesh* >> >> On Tue, Dec 15, 2015 at 8:40 PM, Mark Thomas <ma...@apache.org> wrote: >> >>> On 15/12/2015 15:07, David Newman wrote: >>>> When you use APR the SSL implementation is coming from openssl instead >> of >>>> java. openssl has no use for java keystore files. So it becomes more >>> like >>>> an apache httpd config with separate files for keys and certificates. >>> >>> True, but as of Tomcat 9 (and will hopefully be back-ported to an 8.1.x >>> at some point) you can use Java keystores with OpenSSL. >>> >>> Mark >>> >>>> >>>> On Tue, Dec 15, 2015 at 5:12 AM, Nithesh Kb <nitheshk...@gmail.com> >>> wrote: >>>> >>>>> HI, >>>>> I have build APR libraries Openssl and tc-native also i have created >>>>> openssl libraries. both HTTP and HTTPS is working fine. >>>>> >>>>> *openssl genrsa -des3 -out server.key 2048 * >>>>> *openssl req -new -key server.key -out server.csr* >>>>> *cp server.key server.key.org <http://server.key.org>* >>>>> *openssl rsa -in server.key.org <http://server.key.org> -out >>> server.key* >>>>> *openssl x509 -req -days 365 -in server.csr -signkey server.key -out >>>>> server.crt* >>>>> >>>>> i get server.crt and server.key. >>>>> >>>>> I added this entry,in connector >>>>> >>>>> >>>>> *protocol="org.apache.coyote.http11.Http11AprProtocol"* >>>>> *SSLCertificateFile="/aa/server.crt"* >>>>> *SSLCertificateKeyFile="/aa/server.key"* >>>>> >>>>> *If i do this much, it will work!!* >>>>> >>>>> *But the question is, is it possible to put these two certificate in >>>>> keystore and can we add only that keystore in our connector ?* >>>>> *something like, keystoreFile="/aa/tomcat.keystore"* >>>>> >>>>> *i tried this but didn't worked,* >>>>> >>>>> * >>>>> >>> >> http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore >>>>> < >>>>> >>> >> http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore >>>>>> * >>>>> >>>>> *please help me to understand these certificate stuffs. * >>>>> >>>>> >>>>> >>>>> *Thanks,* >>>>> *Nithesh* >>>>> >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> ________________________________ >> Este correo electrónico y, en su caso, cualquier fichero anexo al mismo, >> contiene información de carácter confidencial exclusivamente dirigida a su >> destinatario o destinatarios. Si no es vd. el destinatario indicado, queda >> notificado que la lectura, utilización, divulgación y/o copia sin >> autorización está prohibida en virtud de la legislación vigente. En el caso >> de haber recibido este correo electrónico por error, se ruega notificar >> inmediatamente esta circunstancia mediante reenvío a la dirección >> electrónica del remitente. >> Evite imprimir este mensaje si no es estrictamente necesario. >> >> This email and any file attached to it (when applicable) contain(s) >> confidential information that is exclusively addressed to its recipient(s). >> If you are not the indicated recipient, you are informed that reading, >> using, disseminating and/or copying it without authorisation is forbidden >> in accordance with the legislation in effect. If you have received this >> email by mistake, please immediately notify the sender of the situation by >> resending it to their email address. >> Avoid printing this message if it is not absolutely necessary. >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
