RE: Trying to understand How Tomcat uses Keystore for SSL

2017-12-04 Thread Nicolas Therrien
How Tomcat uses Keystore for SSL On 04/12/17 19:20, Nicolas Therrien wrote: > " Asymmetric encryption uses a public and a >> private encryption key. The public key, which as its name states, is >> public, i.e. it is available to all. The private key is and must be

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-12-04 Thread Mark Thomas
On 04/12/17 19:20, Nicolas Therrien wrote: > " Asymmetric encryption uses a public and a >> private encryption key. The public key, which as its name states, is >> public, i.e. it is available to all. The private key is and must be >> closely guarded. A message encrypted with the private key

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-12-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nicolas, On 12/4/17 2:20 PM, Nicolas Therrien wrote: > " Asymmetric encryption uses a public and a >> private encryption key. The public key, which as its name >> states, is public, i.e. it is available to all. The private key >> is and must be

RE: Trying to understand How Tomcat uses Keystore for SSL

2017-12-04 Thread Nicolas Therrien
..@christopherschultz.net] Sent: Monday, December 4, 2017 2:06 PM To: users@tomcat.apache.org Subject: Re: Trying to understand How Tomcat uses Keystore for SSL -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Don, I haven't really read this, yet, but my first impression is that it provides a

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-12-04 Thread Christopher Schultz
tore Now you have a file called > certreq.csr that you can submit to the Certificate Authority (look > at the documentation of the Certificate Authority website on how to > do this). In return you get a Certificate. 11) Importing the > Certificate Now that you have your Certificate you can imp

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-12-03 Thread Don Flinn
ription of all aspects of OpenSSL On Sun, Dec 3, 2017 at 9:13 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Don Flinn [mailto:fl...@alum.mit.edu] > > Subject: Re: Trying to understand How Tomcat uses Keystore for SSL > > > Attache

RE: Trying to understand How Tomcat uses Keystore for SSL

2017-12-03 Thread Caldarale, Charles R
> From: Don Flinn [mailto:fl...@alum.mit.edu] > Subject: Re: Trying to understand How Tomcat uses Keystore for SSL > Attached is a first cut at setting up SSL for Tomcat.  It is in MicroSoft Word. Most attachments are automatically stripped by the mailing list server. You can ei

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-12-03 Thread Don Flinn
Chris, Attached is a first cut at setting up SSL for Tomcat. It is in MicroSoft Word. Hopefully people have that. If not I'll send it in another format that is acceptable. I tried to achieve a balance between completeness and brevity by only going deep enough to give the reader enough

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-12-01 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Don, On 12/1/17 3:14 AM, Don Flinn wrote: > I'll be happy to accept your challenge to try to write some > documentation for the site from a newbee's point of view. It will > be on the slow side as my 'day job' will interfere somewhat. It > also

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-12-01 Thread Don Flinn
Chris I'll be happy to accept your challenge to try to write some documentation for the site from a newbee's point of view. It will be on the slow side as my 'day job' will interfere somewhat. It also will require some correction of errors. Don On Wed, Nov 29, 2017 at 9:37 AM, Christopher

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Don, On 11/28/17 4:55 PM, Don Flinn wrote: >>> In fact, I think you are using PEM-encoded DER files and not a >>> packaged keystore, even though your SSLHostConfig's >>> keystoreType is set to "PKCS12". > > Yes, I am using PEM files. Got to read

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-28 Thread Don Flinn
Chris, Thanks for the corrections. >>In fact, I think you are using PEM-encoded DER files and not a >>packaged keystore, even though your SSLHostConfig's keystoreType is >>set to "PKCS12". Yes, I am using PEM files. Got to read more on DER files. So do I just drop the keystoreType="PKCS12"

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-28 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Don, On 11/27/17 10:47 AM, Don Flinn wrote: > My previous mail was cryptic. Below is a fuller explanation of > what I did to get things running. > > First, I'm using Tomcat 9 and the protocol for the Tomcat 8.5 and > up has been expanded. Chris

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-27 Thread Joleen Barker
Perfect. Thank you for the clarification I was having a problem putting it all together. I got it now. -Joleen On Mon, Nov 27, 2017 at 10:47 AM, Don Flinn wrote: > Hi Joleen, > > My previous mail was cryptic. Below is a fuller explanation of what I did > to get things

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-27 Thread Don Flinn
Hi Joleen, My previous mail was cryptic. Below is a fuller explanation of what I did to get things running. First, I'm using Tomcat 9 and the protocol for the Tomcat 8.5 and up has been expanded. Chris suggested that I use PKCS12 rather than JDK keystore, which I have done. I'm also using the

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-27 Thread Joleen Barker
Hello Don, I'm trying to understand these as well. I had a question regarding the data and commands you used to display the certificate information. You wrote that you used the following command to create a pkcs12 store: openssl pkcs12 -export -in "domain-chain.crt" -inkey "domain.key" -certfile

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-26 Thread Don Flinn
IT WORKS My next question is whether the Tomcat team would want this Java program that does the heavy lifting for letsencrypt, which I would be happy to clean up and make available as open source. The guts of the program comes from - http://acme4j.shredzone.org, which is under the Apache

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-26 Thread Don Flinn
Didn't read closely enough. The protocol that I used is no longer applicable for Tomcat 9. Don On Sun, Nov 26, 2017 at 3:15 PM, Don Flinn wrote: > Chris > > Thank you for your excellent reply and references. > > I've been doing a lot of reading on SSL, certificates, keys,

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-26 Thread Don Flinn
Chris Thank you for your excellent reply and references. I've been doing a lot of reading on SSL, certificates, keys, algorithms, etc. Woo! However I still don't have it correct. I've retrieved certificates from letsencrypt and following your suggestions did the following. Created a pkcs12

RE: Trying to understand How Tomcat uses Keystore for SSL

2017-11-14 Thread Nicolas Therrien
-Original Message- From: Don Flinn [mailto:fl...@alum.mit.edu] Sent: Tuesday, November 14, 2017 1:58 AM To: Tomcat Users List Subject: Trying to understand How Tomcat uses Keystore for SSL I've done some reading on SSL and understand the protocol is as follows;

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-14 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Don, On 11/14/17 1:57 AM, Don Flinn wrote: > I've done some reading on SSL and understand the protocol is as > follows; Client/Browser sends ClientHello and server Tomcat replies > with ServerHello. This establishes the protocol they will use. The