Jonm
On 9/26/23 15:07, Mcalexander, Jon J. wrote:
Thank you, but which format of the line is correct?
certificateKeystoreType="pkcs12"
or
certificateKeystore="path to pfx file" type="pkcs12"
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_Certificate
Here are the relevant attributes:
certificateKeystoreFile : path to your file
certificateKeystoreType : type of keystore file
type : type of /key/ (choose RSA, EC, or DSA - but don't choose DSA)
-chris
-----Original Message-----
From: Mark Thomas <ma...@apache.org>
Sent: Tuesday, September 26, 2023 11:54 AM
To: users@tomcat.apache.org
Subject: Re: SSLHostConfig question
On 26/09/2023 16:50, Christopher Schultz wrote:
Jon,
On 9/26/23 11:32, Mcalexander, Jon J. wrote:
I have a question around the SSLHostConfig SSL Connector in Tomcat.
In the <certificate ... /> section, if the SSL Certificate is in a
Windows PFS Keystore, is it appropriate to add
certificateKeystoreType="PFX"
or
certificateKeystore="path to pfx file" type="PFX"
I'm finding reference to certificateKeystoreType, but not in regards
to PKCS12/PFX types.
I don't think Tomcat supports "PFX" files per-se, but the intertubes
say that PFX is PKCS12, which IS supported. So try using "PKCS12"
which I think is the default.
Default for all keystore types is JKS.
As Chris says, "pkcs12" should work.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
