I tried this on different systems (*nix and XP) and hence the differences in my excerpts. but in each case, the connector config correct refers to keystore. i am sorry i quoted different configs - will stick to *nix from now on.
i am confused about one thing: whil keystore is explicitly specified in connector config, what about the truststore? i assume truststore stores the trusted CA certs (as opposed to private keys/identity cert). Is this correct? Why does not connector config not refer to truststore config ? Or is that by default become ${JAVA_HOME}/jre/lib/security/cacerts? What is the relation/differences (as far as tomcat is concerned) between keystore, truststore and {JAVA_HOME}/jre/lib/security/cacerts? with sincere thanx! /U Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > /U, > > On 4/10/2010 12:01 AM, /U wrote: >> i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I >> have >> private key (PEM), >> identity cert (PEM) (CA X trusts myhost) >> and a cert chain file (PEM file) (entrust trusts CA X) >> >> The cert chain is: (entrust) === trusts ==> (CA X) == trusts ==> myhost >> >> I have converted the private key and identify cert into DER form >> and have imported into /etc/keystore (tomcat's keystore). > > Tomcat does not use /etc/keystore unless you tell it to do so. Can you > show us your server.xml, specifically your SSL <Connector> element? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvAtWgACgkQ9CaO5/Lv0PDQBgCgnPJP17/F6OI2UXPRaQ7xnKau > RTUAoLYShr4IVwKZJrOfyvZKGkGAvnUQ > =/uks > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28204444.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org