Re: Basic SSL Certificate Usage logging

Wed, 15 Feb 2023 15:04:34 -0800 

On 15/02/2023 22:56, jonmcalexan...@wellsfargo.com.INVALID wrote:

They also had this question.

There seems to be no need to print both TEXT and HEX representations, like 
below (just HEX string should be fine):
KeyIdentifier [
0000: CD 35 CB AD 62 91 65 C4   C5 46 C8 C3 0A C7 D3 57  .5..b.e..F.....W
0010: 43 46 E8 FD                                        CF..
]
That is just the way the toString() is written. Short of rewriting the toString() method (which I am trying to avoid) I don't see a way to address that. 

Mark




Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.



-----Original Message-----
From: Mark Thomas <ma...@apache.org>
Sent: Wednesday, February 15, 2023 4:48 PM
To: users@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging

On 15/02/2023 22:17, jonmcalexan...@wellsfargo.com.INVALID wrote:

Hi Mark,

I got a big thumbs up from our team here. They did have 2 questions and of

course you can just tell us to go pound sand.


1. Can this be printed in JSON format, for easier parsing?  (or even
make it a config parameter – PLAIN / JSON / XML)


Not without (a lot?) more work. Currently the code just does cert.toString().


2. Is it possible to calculate and print the 2 default types of fingerprints 
that

modern browsers are showing (FingerprintSHA1, FingerprintSHA256)?

I should be able to do something for those. My preference would be to
provide the SHA256 fingerprint.

Mark



As always THANK YOU!!!

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you

are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, or take any action based on this message or any
information herein. If you have received this message in error, please advise
the sender immediately by reply e-mail and delete this message. Thank you
for your cooperation.




-----Original Message-----
From: Mark Thomas <ma...@apache.org>
Sent: Wednesday, February 15, 2023 2:17 PM
To: users@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging

On 10/02/2023 15:42, jonmcalexan...@wellsfargo.com.INVALID wrote:

Once again, Awesome Possum! You guys are the greatest!


How about this? (uses the simple toString() approach)



https://urldefense.com/v3/__https://people.apache.org/*markt/dev/cert

-
log-example.txt__;fg!!F9svGWnIaVPGSwU!uvbdRvGWKQQygFGij7jlX-
q_mdwzXNByljOdBPrOr5VF-mFiUrnmqaOMqACrbIcgMh-
fWzFlGBMzOf44iZI7_A$

Enabled with:

org.apache.tomcat.util.net.NioEndpoint.certificate.level = ALL

in logging.properties

(I tried pasting in-line but the line breaks in email mess up the
formatting)

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to