Thanks Chris!!! Please tell steps to configure *.cer certificate file.
On Wed, Feb 1, 2012 at 2:18 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Geet, > > On 1/29/12 11:42 PM, Geet Chandra wrote: > >> Actually I don't want to use "keytool -import" command to import > >> the *.cer file into *.keystore file. > >> > >>> Any particular reason for your preference? > > > > - The customer has got very secure environment...they don't want to > > use the *.keystore being shipped with particular product. > > You can create your own keystore. Just remember that it has to have > the server key as well as the certificate itself. > > >> - I am using Tomcat 6.x, J2EE based web application on Windows > >> 2003 64 bit R2, SP2 OS. > > Very secure environment, eh? > > > Is it possible to configure like this > > > > <Connector port="8446" maxHttpHeaderSize="8192" > > protocol="org.apache.coyote.http11.Http11Protocol" > > SSLEnabled="true" maxThreads="150" minSpareThreads="25" > > maxSpareThreads="75" enableLookups="false" > > disableUploadTimeout="true" acceptCount="100" scheme="https" > > secure="true" clientAuth="want" sslProtocol="TLS" > > keystoreFile="c:/tomcat.keystore" truststoreFile ="C:/user.cer" > > It doesn't work that way. I think the only trust store types usable by > Tomcat are "JKS" which are those that "keytool" creates and maintains. > > > Please let me know the correct syntax to configure "user.cer" in > > server.xml > > You'll have to use APR (which uses OpenSSL) in order to use bare > certificate files like that. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk8oU6wACgkQ9CaO5/Lv0PALNwCdEH8p8SV9kkcrh56exib2IhOu > PvgAnj2wpRkBQ1oU2DOO/dUwG6lET6eu > =1+X5 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Thanks & Regards Geet