Hi Lucas,
I'm using following <connector/> configuration:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS"
keystoreFile="keystore/.keystore"
keystorePass="changeit"
keystoreType="pkcs12" />
Please let me know in case any other details are needed.
Thanks,
-Hitesh
-----Original Message-----
From: Lucas Galfaso [mailto:[EMAIL PROTECTED]
Sent: Friday, October 26, 2007 7:39 PM
To: Tomcat Users List
Subject: Re: PKCS#12 type SSL certificate support in Tomcat
Can you post the <Connector /> configuration that you are using?
- lg
On 10/26/07, Hitesh Raghav <[EMAIL PROTECTED]> wrote:
> Dear All,
>
> Is there any limitation to support PKCS#12 type SSL certificate in
> Tomcat.
>
> As per Tomcat User Guide, Tomcat currently operates with JKS, PKCS11
> or
> PKCS12 format keystores.
> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
>
> But, I'm unable to use PKCS#12 certificate in my Tomcat.
>
> It throws:
>
> java.io.IOException: Invalid keystore format
> at
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
> at
>
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketF
> ac
> tory.java:287)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESock
> et
> Factory.java:227)
> at
> org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSS
> E1
> 4SocketFactory.java:142)
> at
> org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketF
> ac
> tory.java:110)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESoc
> ke
> tFactory.java:89)
> at
>
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.
> java:293)
> at
> org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.ja
> va
> :139)
> at
>
org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.ja
> va
> :578)
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java
> :7
> 82)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:504)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> av
> a:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> or
> Impl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
> at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
>
> Could you please throw some light on PKCS#12 type certificate support.
>
> Please let me know in case any details are needed.
>
>
> Thanks,
> -Hitesh
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
