On 30.1.2012 12:44, Geet Chandra wrote:
1. By "*.keystore", do you mean keystore or truststore? Do you understand the difference between them? - Could you please explain the difference.
Google is your friend: http://stackoverflow.com/questions/318441/truststore-and-keystore-definitions
2. Is your customer aware that there is no essential difference in term of security between JSSE and OpenSSL security implementations? - They may not be, but I shall get confirmation from them.
Ok, do that. Then, inform us are they still insisting on not using JSSE.
3. Do you plan to use client authentication via HTTPS or not? You are mentioning truststoreFile later. - Yes customer wants to use client authentication.
How did your customer generate client certificates? Do you have those certificates? You will need them in order to add them to truststoreFile/SSLCACertificatePath.
4. Is your server certificate self signed or signed by trusted CA? If you don't use client authentication using HTTPS, and your server is signed by trusted CA, perhaps there is no need to ship certificate with your application. - It is self signed.
If you need non-interactive server authentication, you will most probably need to export server certificate, and distribute it with your application, or make it available for download to the clients.
Server certificate may be inside truststore or .crt file. Client technology should dictate that.
-Ognjen --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org