Re: Installing certificate chain on Tomat

Sat, 10 Apr 2010 13:14:25 -0700 

I tried this on different systems (*nix and XP) and hence the 
differences in my excerpts. but in each case, the connector
config correct refers to keystore. i am sorry i quoted different
configs - will stick to *nix from now on.

i am confused about one thing: whil keystore is explicitly specified 
in connector config, what about the truststore?

i assume truststore stores the trusted CA certs (as opposed to
private keys/identity cert). Is this correct?

Why does not connector config not refer to truststore config ?
Or is that by default become ${JAVA_HOME}/jre/lib/security/cacerts?

What is the relation/differences (as far as tomcat is concerned) between
keystore, truststore and {JAVA_HOME}/jre/lib/security/cacerts?

with sincere thanx!

/U



Christopher Schultz-2 wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> /U,
> 
> On 4/10/2010 12:01 AM, /U wrote:
>> i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I
>> have
>>     private key (PEM), 
>>     identity cert (PEM)  (CA X trusts myhost)
>>    and a cert chain file (PEM file) (entrust trusts CA X)
>> 
>> The cert chain is: (entrust) === trusts ==> (CA X) == trusts ==> myhost
>> 
>> I have converted the private  key and identify cert into DER form
>> and have imported into /etc/keystore (tomcat's keystore).
> 
> Tomcat does not use /etc/keystore unless you tell it to do so. Can you
> show us your server.xml, specifically your SSL <Connector> element?
> 
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAkvAtWgACgkQ9CaO5/Lv0PDQBgCgnPJP17/F6OI2UXPRaQ7xnKau
> RTUAoLYShr4IVwKZJrOfyvZKGkGAvnUQ
> =/uks
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28204444.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to