industry standard is to use pkcs12 keystores. You can create them with kse and are functionally the same. You just specify the type when you create the keystore config on the connector
On Tue, Jun 10, 2025 at 11:51 AM James H. H. Lampert <jam...@touchtonecorp.com.invalid> wrote: > On 6/10/25 6:33 AM, Christopher Schultz wrote: > > > A Java Keystore file is just a container for one or more keys and/or > > certificates. You should have no problem *using* the certificate and key. > > > > You may have to do some tricks to convert from one format into another, > > and/or to import those things into your keystore. > > > > What file type(s) are you being given? > > I don't actually know at this time. But since I posted the question, > I've been doing some experiments with Keystore Explorer, and I learned > how to go from a JKS to the separate key and certificate files that > Apache HTTPD expects, and back to a brand new JKS, and actually have > something Tomcat can use, so hopefully, I'll be able to talk the > customer through the process of setting up a keystore. > > Back when I first started using KSE, I still had to create the initial > keystore and keypair in keytool, or Tomcat wouldn't accept it (some sort > of password issue, as I recall); it would seem that KSE has since been > improved. > > -- > JHHL > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Thanks, Brian Wolfe https://www.linkedin.com/in/brian-wolfe-3136425a/
