-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Justin,
On 12/13/11 8:35 AM, Justin Larose wrote: > I actually followed the document here: > http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html because I am > using Tomcat 6. Okay. You just hadn't mentioned that (version) before. > I also did import the cert with the alias "tomcat" (see screenshot > below). Is there an order in which to import the certs? I imported > the server cert first, then the CA, then the root cert. Your screenshot has been suppressed from the list. Instead, can you post a text copy/paste for a "keytool -list"? > "I would advise against using the same keystore for both the > "keystore" and the "truststore". The trust store is only used for > validating client certificates and, IMO, should be kept separate > from the certificates you use for the web service itself." > > These config settings were in place long before I worked here... I > was just copying the info from the old server.xml and adding in the > new keystore info. If we do not Use any client certs can I remove > the truststore line? Almost certainly. You probably want to fix one problem at a time, though. :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7nsIkACgkQ9CaO5/Lv0PD1EgCeNlYJ1udAFvbU4LGOw0lAxrKc s/0An3XMoGo1WCkYjRe7OhJ9gkdj1GlK =ANqY -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org