Mark,
On 9/26/23 12:54, Mark Thomas wrote:
On 26/09/2023 16:50, Christopher Schultz wrote:
Jon,
On 9/26/23 11:32, Mcalexander, Jon J. wrote:
I have a question around the SSLHostConfig SSL Connector in Tomcat.
In the <certificate ... /> section, if the SSL Certificate is in a
Windows PFS Keystore, is it appropriate to add
certificateKeystoreType="PFX"
or
certificateKeystore="path to pfx file" type="PFX"
I'm finding reference to certificateKeystoreType, but not in regards
to PKCS12/PFX types.
I don't think Tomcat supports "PFX" files per-se, but the intertubes
say that PFX is PKCS12, which IS supported. So try using "PKCS12"
which I think is the default.
Default for all keystore types is JKS.
As Chris says, "pkcs12" should work.
Most recent JVMs will open a JKS file or PKCS12 file regardless of which
type you actually specify. That was their solution to switching the
default from JKS to PKCS12.
At this point, Tomcat should probably issue a warning if the type is
"JKS" and just tell users "stop using JKS, use PKCS12 instead".
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
