Hi Mark! Thanks so much. Please provide the sample code. :-)
Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -----Original Message----- > From: Mark Thomas <ma...@apache.org> > Sent: Thursday, February 16, 2023 8:09 AM > To: users@tomcat.apache.org > Subject: Re: Basic SSL Certificate Usage logging > > On 15/02/2023 23:03, Mark Thomas wrote: > > On 15/02/2023 22:56, jonmcalexan...@wellsfargo.com.INVALID wrote: > >> They also had this question. > >> > >> There seems to be no need to print both TEXT and HEX representations, > >> like below (just HEX string should be fine): > >> KeyIdentifier [ > >> 0000: CD 35 CB AD 62 91 65 C4 C5 46 C8 C3 0A C7 D3 57 > >> .5..b.e..F.....W > >> 0010: 43 46 E8 FD CF.. > >> ] > > > > That is just the way the toString() is written. Short of rewriting the > > toString() method (which I am trying to avoid) I don't see a way to > > address that. > > I ended up with the following: > > SHA-1 and SHA-256 fingerprints included before the main certificate info and > X509Certificate.toString() used to provide the certificate info. > > I looked at rewriting the toString() but it would require a lot of effort (and > volume of code). > > Given that different folks may want slightly different output, I opted to make > it easier for folks to write and use custom endpoints. If you want to > customise the output it is relatively simple to do. You need: > - a custom endpoint > - extends existing endpoint > - override logCertificate() and/or generateCertificateDebug() > - a custom protocol > - extends matching protocol for endpoint > - no-arg constructor needs to call super constructor with custom > endpoint > > and you shouldn't need to recompile to move between Tomcat point > releases. > > I can provide sample code if anyone wants to try this themselves and isn't > sure where to start. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
