How Tomcat uses Keystore for SSL
On 04/12/17 19:20, Nicolas Therrien wrote:
> " Asymmetric encryption uses a public and a
>> private encryption key. The public key, which as its name states, is
>> public, i.e. it is available to all. The private key is and must be
&g
On 04/12/17 19:20, Nicolas Therrien wrote:
> " Asymmetric encryption uses a public and a
>> private encryption key. The public key, which as its name states, is
>> public, i.e. it is available to all. The private key is and must be
>> closely guarded. A message encrypted with the private key c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nicolas,
On 12/4/17 2:20 PM, Nicolas Therrien wrote:
> " Asymmetric encryption uses a public and a
>> private encryption key. The public key, which as its name
>> states, is public, i.e. it is available to all. The private key
>> is and must be clo
..@christopherschultz.net]
Sent: Monday, December 4, 2017 2:06 PM
To: users@tomcat.apache.org
Subject: Re: Trying to understand How Tomcat uses Keystore for SSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don,
I haven't really read this, yet, but my first impression is that it provi
-keyalg RSA -alias tomcat -file certreq.csr
> -keystore Now you have a file called
> certreq.csr that you can submit to the Certificate Authority (look
> at the documentation of the Certificate Authority website on how to
> do this). In return you get a Certificate. 11) Importing the
> Cer
rary/openssl-cookbook/
Free download of a detailed description of all aspects of OpenSSL
On Sun, Dec 3, 2017 at 9:13 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> > From: Don Flinn [mailto:fl...@alum.mit.edu]
> > Subject: Re: Trying to understand
> From: Don Flinn [mailto:fl...@alum.mit.edu]
> Subject: Re: Trying to understand How Tomcat uses Keystore for SSL
> Attached is a first cut at setting up SSL for Tomcat. It is in MicroSoft
Word.
Most attachments are automatically stripped by the mailing list server. You
can either s
Chris,
Attached is a first cut at setting up SSL for Tomcat. It is in MicroSoft
Word. Hopefully people have that. If not I'll send it in another format
that is acceptable.
I tried to achieve a balance between completeness and brevity by only going
deep enough to give the reader enough informatio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don,
On 12/1/17 3:14 AM, Don Flinn wrote:
> I'll be happy to accept your challenge to try to write some
> documentation for the site from a newbee's point of view. It will
> be on the slow side as my 'day job' will interfere somewhat. It
> also wi
Chris
I'll be happy to accept your challenge to try to write some documentation
for the site from a newbee's point of view. It will be on the slow side as
my 'day job' will interfere somewhat. It also will require some correction
of errors.
Don
On Wed, Nov 29, 2017 at 9:37 AM, Christopher Schu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don,
On 11/28/17 4:55 PM, Don Flinn wrote:
>>> In fact, I think you are using PEM-encoded DER files and not a
>>> packaged keystore, even though your SSLHostConfig's
>>> keystoreType is set to "PKCS12".
>
> Yes, I am using PEM files. Got to read
Chris,
Thanks for the corrections.
>>In fact, I think you are using PEM-encoded DER files and not a
>>packaged keystore, even though your SSLHostConfig's keystoreType is
>>set to "PKCS12".
Yes, I am using PEM files. Got to read more on DER files. So do I just
drop the keystoreType="PKCS12" fr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don,
On 11/27/17 10:47 AM, Don Flinn wrote:
> My previous mail was cryptic. Below is a fuller explanation of
> what I did to get things running.
>
> First, I'm using Tomcat 9 and the protocol for the Tomcat 8.5 and
> up has been expanded. Chris s
Perfect. Thank you for the clarification I was having a problem putting it
all together. I got it now.
-Joleen
On Mon, Nov 27, 2017 at 10:47 AM, Don Flinn wrote:
> Hi Joleen,
>
> My previous mail was cryptic. Below is a fuller explanation of what I did
> to get things running.
>
> First, I'm u
Hi Joleen,
My previous mail was cryptic. Below is a fuller explanation of what I did
to get things running.
First, I'm using Tomcat 9 and the protocol for the Tomcat 8.5 and up has
been expanded. Chris suggested that I use PKCS12 rather than JDK keystore,
which I have done. I'm also using the A
Hello Don,
I'm trying to understand these as well. I had a question regarding the data
and commands you used to display the certificate information. You wrote
that you used the following command to create a pkcs12 store:
openssl pkcs12 -export -in "domain-chain.crt" -inkey "domain.key" -certfile
IT WORKS
My next question is whether the Tomcat team would want this Java program
that does the heavy lifting for letsencrypt, which I would be happy to
clean up and make available as open source. The guts of the program comes
from - http://acme4j.shredzone.org, which is under the Apache lic
Didn't read closely enough. The protocol that I used is no longer
applicable for Tomcat 9.
Don
On Sun, Nov 26, 2017 at 3:15 PM, Don Flinn wrote:
> Chris
>
> Thank you for your excellent reply and references.
>
> I've been doing a lot of reading on SSL, certificates, keys, algorithms,
> etc. Wo
Chris
Thank you for your excellent reply and references.
I've been doing a lot of reading on SSL, certificates, keys, algorithms,
etc. Woo! However I still don't have it correct.
I've retrieved certificates from letsencrypt and following your suggestions
did the following.
Created a pkcs12 sto
-Original Message-
From: Don Flinn [mailto:fl...@alum.mit.edu]
Sent: Tuesday, November 14, 2017 1:58 AM
To: Tomcat Users List
Subject: Trying to understand How Tomcat uses Keystore for SSL
I've done some reading on SSL and understand the protocol is as follows;
Client/Browser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don,
On 11/14/17 1:57 AM, Don Flinn wrote:
> I've done some reading on SSL and understand the protocol is as
> follows; Client/Browser sends ClientHello and server Tomcat replies
> with ServerHello. This establishes the protocol they will use. The
I've done some reading on SSL and understand the protocol is as follows;
Client/Browser sends ClientHello and server Tomcat replies with
ServerHello. This establishes the protocol they will use.
The server then sends the certificate and the public key - in the clear
The browser encrypts a message
22 matches
Mail list logo