Le sam. 11 juil. 2020 à 17:52, Valentin <xeno.g...@gmail.com> a écrit :
> Hello, > > I try to configure my tomcat 9.0.37 installed on a windows server 2016 to > use a certificate located in *cert:LocalMachine\My* > > I mention that I am an administrator of this machine. > This certificate is also used by IIS. > > What I did was to configure my server.xml file like this : > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > keyAlias="myserver.domain.com" > keystoreFile="" > keystorePass="" > keystoreType="Windows-My" > clientAuth="false" sslProtocol="TLS" /> > > The error I got in tomcat logs was that the keyAlias doesn't exist but I > used the CN mentioned in the description of my certificate. > > Is it possible for tomcat to use the windows certificate store ? > The only link I found about this was : > https://bz.apache.org/bugzilla/show_bug.cgi?id=56021 > > Thanks for your help > > Valentin.M > In documentation: http://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore "Tomcat currently operates only on JKS, PKCS11 or PKCS12 format keystores." Windows local certificates are stored in the Windows registry. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores Since IIS is a Windows-only product, this is the simple thing for them to do. Tomcat runs on various platforms and should support open and neutral keystore formats instead. ----------------- Daniel Savard