Hi Julie,
Hi,
I have a ca signed p12 file from which I can extract both a certificate and
key in pem format - I found some info (http://www.junlu.com/msg/85393.html)
which states that you can use a p12 file as a keystore in tomcat by adding
the following into the conf/server.xml file:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
keystoreFile="file.p12" keystorePass="somePass" />
When I tried this it failed with the error message:
If you use Linux and you have OpenSLL installed, you might want to try
the following commands to export your PKCS12 file to a CRT and a KEY
file and configure Tomcat to use these files in 3 steps....
1. CRT export (if your PKCS12 file is password-protected (as it should
be), you will be asked for the password before the export):
openssl pkcs12 -clcerts -nokeys -in file.p12 -out file.crt
2. KEY (export) (again, when the PCKS12 file is password-protected, you
will be asked for it. Right after you entered this password, you have to
think of a new password for the KEY file, which will be asked for twice):
openssl pkcs12 -nocerts -in file.p12 -out file.key
3. Copy the 2 generated files to a suitable, protected location. Change
'server.xml' to the following and insert your new password at the
attribute 'SSLPassword':
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEngine="on"
SSLCertificateFile="/mydirectory/file.crt"
SSLCertificateKeyFile="/mydirectory/file.key"
SSLPassword="YOURNEWPASSWORD" />
Hope this helps,
--Stephan.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]