Hello, > -----Ursprüngliche Nachricht----- > Von: Shawn Heisey <apa...@elyograg.org> > Gesendet: Mittwoch, 13. September 2023 15:00 > An: users@tomcat.apache.org > Betreff: Re: AW: Solution to "Invalid keystore format" (cross-posted to > Tomcat Users List at Apache, and Java 400 List at Midrange) > > On 9/12/23 01:06, Thomas Hoffmann (Speed4Trade GmbH) wrote: > > I moved away from using the proprietary java keystore format. > > I switched to using Base64 PEM format. This is usually also the format you > get from the certificate issuer. > > No need to convert it into Java format any more and you can also open it > with any text editor. > > I have never been able to get a Java program to accept a certificate/key in > PEM format. The closest I've been able to come is creating a PKCS12 file with > openssl. Annoying because all the other software I use accepts PEM with no > problem, and as you have said, PEM is the format generally produced by a > CA. > > How did you get it to take a PEM cert? > > Thanks, > Shawn >
If you want to use it for SSL / https, my server.xml snippet looks like: <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation" .... <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" disableSessionTickets="true" honorCipherOrder="false" protocols="+TLSv1.2,+TLSv1.3"> <Certificate certificateKeyFile="<pathto>\localhost.key" certificateFile="<pathto>\localhost.pem" type="RSA" /> </SSLHostConfig> </Connector> Greetings, Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org