-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Geet,
On 1/29/12 11:42 PM, Geet Chandra wrote: >> Actually I don't want to use "keytool -import" command to import >> the *.cer file into *.keystore file. >> >>> Any particular reason for your preference? > > - The customer has got very secure environment...they don't want to > use the *.keystore being shipped with particular product. You can create your own keystore. Just remember that it has to have the server key as well as the certificate itself. >> - I am using Tomcat 6.x, J2EE based web application on Windows >> 2003 64 bit R2, SP2 OS. Very secure environment, eh? > Is it possible to configure like this > > <Connector port="8446" maxHttpHeaderSize="8192" > protocol="org.apache.coyote.http11.Http11Protocol" > SSLEnabled="true" maxThreads="150" minSpareThreads="25" > maxSpareThreads="75" enableLookups="false" > disableUploadTimeout="true" acceptCount="100" scheme="https" > secure="true" clientAuth="want" sslProtocol="TLS" > keystoreFile="c:/tomcat.keystore" truststoreFile ="C:/user.cer" It doesn't work that way. I think the only trust store types usable by Tomcat are "JKS" which are those that "keytool" creates and maintains. > Please let me know the correct syntax to configure "user.cer" in > server.xml You'll have to use APR (which uses OpenSSL) in order to use bare certificate files like that. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8oU6wACgkQ9CaO5/Lv0PALNwCdEH8p8SV9kkcrh56exib2IhOu PvgAnj2wpRkBQ1oU2DOO/dUwG6lET6eu =1+X5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org