-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Don,
On 12/1/17 3:14 AM, Don Flinn wrote: > I'll be happy to accept your challenge to try to write some > documentation for the site from a newbee's point of view. It will > be on the slow side as my 'day job' will interfere somewhat. It > also will require some correction of errors. No problem at all. Just reach-out to the group if you need any hand-holding. - -chris > On Wed, Nov 29, 2017 at 9:37 AM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Don, > > On 11/28/17 4:55 PM, Don Flinn wrote: >>>>>> In fact, I think you are using PEM-encoded DER files and >>>>>> not a packaged keystore, even though your >>>>>> SSLHostConfig's keystoreType is set to "PKCS12". >>>> >>>> Yes, I am using PEM files. Got to read more on DER files. > > PEM is an encoding, while DER is really the file format. It's like > saying "is this file text/plain or UTF-8?" > > This is a great read for almost anyone who cares about x509 > certificates : > > https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs- ce > > r-vs-pem-certificates-and-how-to-convert-them > >>>> So do I just drop the keystoreType="PKCS12" from the >>>> connector? > Theoretically, yes. The keystoreType is only used when there is a > keystore and not "certificate files", etc. > >>>>> If there's anything inaccurate on the Tomcat site >>>> >>>> No, I was talking about other sites, not the Tomcat site. >>>> I've been reading all over the internet for that which seems >>>> related. My statement was a caution to not believe everything >>>> you read. 'Trust but verify' > > Mark has given a number of presentations on TLS and they are very > accessible. Have a look at the slides (and some audio/video) on > the "presentations" page on the Tomcat site. Each of them has a > varying level of "introductoryness", but I think the more recent > ones like "Introduction to Tomcat and TLS" from TomcatCon in Miami > are probably the best ones to see for beginners. > >>>> Your e-mail has been very helpful, not only to me, but I >>>> believe to others. With respect to the Tomcat site, I think >>>> a lot of what you wrote would be very helpful there. For >>>> example, the Tomcat write up on SSL describes how to do self >>>> signed certificates and fleetingly mentions that if you have >>>> a certificate from a CA that you could use e.g. openssl and >>>> then refers the reader to their java documentation and >>>> openssl documentation. Not too helpful to the >>>> security/Tomcat novice. > > Agreed. Would you care to write some new documentation and/or > prepare a patch for the site? IT's usually best when beginners > write for their own audience. I, for example, understand it > backwards and forwards so when I write I have a skewed perspective. > Writing as a beginner can re-focus the narrative for a different > audience. > > If you need any help grabbing the site from svn, etc. please just > ask. > >>>> Thanks for your patience and help. > > You are more important than the software. No, really: > https://blogs.apache.org/foundation/entry/asf_15_community_over_code > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlohhBIdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjrXxAApjseUCOZqro7Hutg qXYaLdy6KD4ws4A5abYWnCMHvgO2oJxfxXAxnM5YNDgVgPR3r579ZF/zjLBsdYbx kANY/4bMNse3LkJCkrwy1PclAyWDAMHVLIcc4iKEHL0dsCyGp7qIXHfx4eKv3Jnb h4wsaoCi7QVk2TUOecOKKEiWRQ2tV1B6W4pAhCACAd0OSG/vYqdxVP2xzPE4AFe9 vaIi5VwHNU+o/yYMhc5Qy5b+rHs7d1xNS0hr1jiJ4amzNfKUaUTjVAl1U9u9mZb7 FI3sOIuEvtmXoBEfjWgohFC9XW2lS/EiQKptPT0HzLPUDfNXWi9QD9Ii1OI3sTMH mw57kST/uz68S4MEiP4os/Cr4O0gnXSzc2uHQQHdqvsOBHbNnBAO9doL07lLzc8B nktNwbl7G4aAp463gL6H8wk+pRQTUXTnm/oxTtROTF/TYaoYTpcsLdBB0PvMFV0N lpasDBNvIu+4AR6kv8/i1oqjhcAfL3Y8c8H7Av2nF7/HPOwqhbs15CV9DJLPxoKx rZh+MwSoAepx19fsWn+i4rYwUHjjka/BSbumTlkQYGlIhOkpSCjnX6l4tgneTOUG aX82hHfzROxAqHj8DxXtJ3axZJ4kPewQIIJbJqk685YsRrCj0DR4QdAZsx/ntpY3 pDS0b1ShEv1e9EdMTlojrYMTy78= =+sZ1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org