Hello Ognjen the intermediate cert in the one named "chain" right ?
*Frank BONNET* Systemes UNIX et Reseaux ESIEE PARIS 01.45.92.66.17 - 06.70.37.37.69 2014-02-14 14:57 GMT+01:00 Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com> : > Frank, > > > On 14.2.2014 14:10, BONNET, Frank wrote: > >> I have officials certificates for apache2 from COMODO that I would like to >> import into tomcat ( pkcs12 ) if someone has links / infos to do this >> task >> it would be a great help ( google doesn't help much ) >> > > You didn't mention if you have any preference whether you want to use: > > i. BIO or NIO HTTPS connectors (based on JSSE), or > ii. APR HTTPS connector (based on OpenSSL). > > Since you mentioned that you want to use PKCS#12 format, I guess you are > interested in JSSE connectors. If you want to use APR, then the procedure > is different then the one described here. > > > Let's say that you have > > 1. Server key in file server.key > 2. Server certificate in file server.pem > 3. Intermediate certificates in file intermediates.pem > > Then, all you need to do is: > > openssl pkcs12 -export -out keystore.p12 -name myserver -in server.pem > -inkey server.key -certfile intermediates.pem > > > Note that it is not necessary that intermediates.pem contains root > certificate. > > > Then, configure HTTPS connector in conf/server.xml as > > <Connector port="443" > protocol="org.apache.coyote.http11.Http11Protocol" > SSLEnabled="true" maxThreads="150" scheme="https" > secure="true" clientAuth="false" sslProtocol="TLS" > keystoreFile="keystore.p12" keyAlias="myserver" > keystoreType="pkcs12" /> > > > I also recommend that if you check your ciphers strenth, and restrict them > accordingly. > > -Ognjen > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
