-3143
From: Mark Thomas
Sent: Wednesday, October 9, 2024 10:48 AM
To: users@tomcat.apache.org
Subject: Re: SSL on Tomcat 9
[You don't often get email from ma...@apache.org. Learn why this is important
at https://aka.ms/LearnAboutSenderIdentification ]
On 09/10/2024
On 09/10/2024 07:47, Ron Boyer wrote:
hello, I am trying to renew the SSL certificate from a signing authority. I am
running Tomcat 9. I understand that I have to import PKCS #12 certificate. I
seem to be able to make one, but I don't think it is correct. My signing
authority, GoDaddy, wil
Subject: Re: SSL on Tomcat 9
[You don't often get email from asash...@yahoo.com.invalid. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
Hi,
On windows, one can use OpenSSL to export the private key and certificate to
.p12, then import that to the key
Hi,
On windows, one can use OpenSSL to export the private key and certificate to
.p12, then import that to the key store.
openssl pkcs12 -export -in fullchain.pem -inkey privatekey.pem -out server.p12
-name tomcatkeytool -importkeystore -deststorepass changeit -destkeystore
localhost-rsa.jks -s
Betreff: [bulk] Re: SSL on Tomcat
Thanks Chris, Luis
On Tue, Oct 2, 2018 at 10:00 AM Luis Rodríguez Fernández
wrote:
> Hello Christopher,
>
> It makes sense, thank you very much for your advice!
>
> Cheers,
>
> Luis
>
> El lun., 1 oct. 2018 a las 20:39,
Thanks Chris, Luis
On Tue, Oct 2, 2018 at 10:00 AM Luis Rodríguez Fernández
wrote:
> Hello Christopher,
>
> It makes sense, thank you very much for your advice!
>
> Cheers,
>
> Luis
>
> El lun., 1 oct. 2018 a las 20:39, Christopher Schultz (<
> ch...@christopherschultz.net>) escribió:
>
> >
Hello Christopher,
It makes sense, thank you very much for your advice!
Cheers,
Luis
El lun., 1 oct. 2018 a las 20:39, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Luis,
>
> On 10/1/18 11:06 AM, Luis Rodríguez Fernández
thanks very much , I did it and it works
On Mon, Oct 1, 2018 at 6:07 PM Luis Rodríguez Fernández
wrote:
> Hello Loai,
>
> Agree with Christopher, you have to fix your client. Just get the root
> Certificate Authority public key and import it in your client truststore.
> If you did not change it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Luis,
On 10/1/18 11:06 AM, Luis Rodríguez Fernández wrote:
> Agree with Christopher, you have to fix your client. Just get the
> root Certificate Authority public key and import it in your client
> truststore.
I'd recommend trusting the finest-grai
Hello Loai,
Agree with Christopher, you have to fix your client. Just get the root
Certificate Authority public key and import it in your client truststore.
If you did not change it the client (java) the default keystore is located
in $JAVA_HOME/jre/lib/security/cacerts. Something like:
keytool
Thanks Chris, but how to do it, should I copy the ssl certificate from
Webserver 192.168.1.120 to my tomcat container (worker0) in 192.168.1.111
in server.xml .
any idea please
On Sat, Sep 29, 2018 at 1:35 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Loai,
On 9/27/18 10:50, Loai Abdallatif wrote:
> Hello,
>
> I have Set Apache Load Balancer ( ModJK) with Server IP
> 192.168.1.120 (Webserver01.epsilon.test) which forward the traffic
> to tomcat server .(192.168.1.111 (appserver01.epsilon.test)
r add exceptions to the local trust store in case
> of self-signed certificates.
>
> Guido
>
>
> >-Original Message-
> >From: Loai Abdallatif [mailto:loai.abdalla...@gmail.com]
> >Sent: Thursday, September 27, 2018 4:52 PM
> >To: Tomcat Users List
andline tool to check the
verification chain and/or add exceptions to the local trust store in case of
self-signed certificates.
Guido
>-Original Message-
>From: Loai Abdallatif [mailto:loai.abdalla...@gmail.com]
>Sent: Thursday, September 27, 2018 4:52 PM
>To: Tomcat Us
hello, shall I add the certificate to server.xml on tomcat server or just
on Webserver
On Thu, Sep 27, 2018 at 5:50 PM, Loai Abdallatif
wrote:
> Hello,
>
> I have Set Apache Load Balancer ( ModJK) with Server IP 192.168.1.120
> (Webserver01.epsilon.test) which forward the traffic to tomcat serv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Adriano,
On 6/11/15 3:54 PM, Adriano Matos Meier wrote:
> Exactly!
>
> When I run "keytool -list ...", the PrivateKeyEntry now has the
> fingerprint for SSL certificate.
>
> I belived that I had lost private key, and I would have to do it
> all a
Exactly!
When I run "keytool -list ...", the PrivateKeyEntry now has the
fingerprint for SSL certificate.
I belived that I had lost private key, and I would have to do it all
again (keystore/CSR/intermed/SSL).
I still import the SSL certificate with alias tomcat, and it appears in
keytool as a t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Adriano,
On 6/11/15 2:31 PM, Adriano Matos Meier wrote:
> I had success when I re-import SSL certificate using same name
> alias of PrivateKeyEntry and name alias used when I generate CSR
> (repository).
That was going to be my second suggestion.
Chris.
I had success when I re-import SSL certificate using same name alias of
PrivateKeyEntry and name alias used when I generate CSR (repository).
It's ok now!
Thank you very much!!!
Adriano
Em Qui, 2015-06-11 às 09:59 -0400, Christopher Schultz escreveu:
> Adriano,
>
> On 6/11/15 9:45 AM,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Adriano,
On 6/11/15 9:45 AM, Adriano Matos Meier wrote:
>>> I tried to add keyAlias="server" in my server.xml, but I
>>> received this error:
>>
>> What does "keytool -list" show for that keystore?
>
> It returns 3 entries:
>
> 1 PrivateKeyEntry
Hi Chris.
It returns 3 entries:
1 PrivateKeyEntry (Private Key) - alias repository
1 trustedCertEntry (Intermediate certificate) - alias intermed
1 trustedCertEntry (SSL certificate) - alias server
Thanks for your attention!
Adriano
Em Qui, 2015-06-11 às 09:35 -0400, Christopher Schultz escr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Adriano,
On 6/11/15 7:18 AM, Adriano Matos Meier wrote:
> I need update the SSL certificate in Tomcat 6.x.
>
> First I did:
>
> 1) Generate keystore keytool -genkeypair -alias repository -keyalg
> RSA -keysize 2048 -sigalg SHA256withRSA -keystore
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Randeep,
On 12/4/13, 1:30 PM, Randeep wrote:
> Chris, Yes. I have so many http links as some of our old submitted
> apps used non secured http links. as the apps are in use we cannot
> change it. I cannot use any redirect rules to convert all the h
Please do not top-post.
It is annoying when someone is trying to figure out what you are talking about.
Randeep wrote:
Chris,
Yes. I have so many http links as some of our old submitted apps used non
secured http links. as the apps are in use we cannot change it. I cannot
use any redirect rules
Chris,
Yes. I have so many http links as some of our old submitted apps used non
secured http links. as the apps are in use we cannot change it. I cannot
use any redirect rules to convert all the http to https because of that.
We use struts for framework. And normal jsp pages. I'm not a developer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Randeep,
On 12/4/13, 12:22 PM, Randeep wrote:
> I'm using apacche 2.2 as front end and apache tomcat 6.0.37 as
> backend. I'm using mod_jk for connecting them.
>
> The problem is. I'm using ssl certificates. I'v configured ssl on
> apache. when I c
We ran into a similar problem trying to get our purchased SSL certificate to
work. The previous reply had some info about getting the keytool to work,
but we have a tutorial that should help you get SSL working from start to
finish. Hope it helps!
http://blog.datajelly.com/company/blog/34-adding-
The point was that keytool can't import existing private key. If you need to
build keystore from existed cert + prv key you need to do this by external
java(or smt) program. Key and Cer must be in der format.
Example is here :
http://www.agentbob.info/agentbob/79-AB.html
Alex
2008/8/28 A
Alexey Eronko wrote:
Hello Guys!
Don't beat me because I found so much docs about ssl and keystore but I
can't get it working with together.
I have pem cert,rsa_key and ca cert from my own CA. I don't understand what
kind of cert do I need in keystore to make it works on tomcat.
> From: Hoa Doan [mailto:[EMAIL PROTECTED]
> Subject: RE: SSL on Tomcat 5 problem.
>
> But for curiosity what is tcnative-1.dll used for?
It's essentially the same code that httpd uses to handle HTTP traffic,
written in C. Since it's a bit closer to the comm hardwar
WOW!! It worked, all i did now was rename tcnative-1.dll.
Yes I read the fine print but miss interpret it. I thought I was using JSSE
since i used the keytool to generate my own key. So what i generated is a
non-APR, but the guide didn't say anything about renaming tcnative-1.dll.
But for cur
> From: Hoa Doan [mailto:[EMAIL PROTECTED]
> Subject: SSL on Tomcat 5 problem.
>
> I have gone through the steps provided on Tomcat SSL document
> and generated a .keystore file.
Unfortunately, you didn't look at the fine print.
> Mar 2, 2007 4:24:07 PM org.apache.coyote.http11.Http11AprProtoc
Thanks Chuck!
That worked flawlessly!
I will also recommend 6.0.7
Caldarale, Charles R wrote:
>
>> From: JohnT. [mailto:[EMAIL PROTECTED]
>> Subject: SSL on Tomcat 6.0.2
>>
>> >maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>>enableLookups="false" disabl
> From: JohnT. [mailto:[EMAIL PROTECTED]
> Subject: SSL on Tomcat 6.0.2
>
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>enableLookups="false" disableUploadTimeout="true"
>acceptCount="100" scheme="https" secure="true"
>clientAuth="fa
Any luck finding the answer? I'm having the same problem...
Jack , Zhan Hua Ping wrote:
>
> Hi,
> buddy,
>
> Sorry to bother you.
>
> You said that you can use ssl on tomcat.
> However, for me, it doesn't work.
>
> I set http on 80 or 8080, doesn't matter.
> then I uncommented the ssl conne
One thing. You forced all connections to be redirected to port 8443 on global
web.xml. So as per
my thought, it should reflect everything no matter if your web.xml has
security-constraint or not.
I would not do it unless if it is necessary.
You can try to put security constraint like:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On that page
www.apachetomcat.com/tomcat-ssl-5-unix.
They do not install the certificate into apache2, only tomcat5.
If you want this kind of setup to work, you must shut down apache and
have tomcat as a standalone.
hope it helps
- -reynir
Gan
> From: Gangaa D [mailto:[EMAIL PROTECTED]
> So How do I get Trusted Root Certification
> Authorities?
If you have control over all the browsers that will be accessing your
application: put your self-signed certificate into each of their trusted
stores.
If you don't have control over some of the
Dear,
I have done SSL on apache2+jk2+tomcat2+RedHat using
www.apachetomcat.com/tomcat-ssl-5-unix.
So when we visit to https ie mark as "This CA Root
certificate is not trusted because it is not in the
Trusted Root Certification Authorities store."
So How do I get Trusted Root Certification
Autho
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
yes, if you think about it, if you put your ssl key in apache, it will
be used to secure the comunication between apache(server) and the
client(user). Apache will then decript the message and forward it via
ajp into tomcat. If you want to put ssl
Dear Reynir Hubner,
Thank you reply our msg.
We have configured jk2 for apache2+tomcat5.
So I mean jk2 does not provide SSL. Is this correct?
__
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
install your SSL key into apache2, and then use mod_jk to comunicate
with tomcat. That way you do not have to install your ssl into tomcat.
hope it helps
- -reynir
Gangaa D wrote:
>
> Hi, i have done connector 443 on win32. So I move it
>
42 matches
Mail list logo
