You need to modify the directive keystoreFile with the path to the location of your keystore file, and keystorePass with the password of the keystore.
Also, keystoreFile and keystorePass lines may be missing — you will need to manually enter these directives. To have. You can check the installation using this online tool. Run the following command to import it into the keystore: keytool -import -trustcacerts -alias tomcat -keystore example. If successful, you will see "Certificate reply was installed in keystore". You now have all the certificates installed to the keystore file. You just need to configure your server to use the keystore file.
By default Tomcat looks for your Keystore with the file name. You will be able to change the password and file location. Now that you have your Certificate you can import it into you local keystore. First of all you have to import a so called Chain Certificate or Root Certificate into your keystore.
After that you can proceed with importing your Certificate. Each Certificate Authority tends to differ slightly from the others. Additionally, the rules that the Certificate Authorities use for issuing certifcates change over time. As a result you may find that the commands given above may need to be modified.
If you require assitance then help is available via the Apache Tomcat users mailing list. Furthermore, if you use the Windows platform, ensure you download the ocsp-enabled connector.
The basic OCSP-related certificate authority settings in the openssl. The settings above encode the OCSP responder address Note that for the following steps, you must have openssl. To generate an OCSP-enabled certificate:. A basic OCSP-enabled connector definition in the server. When testing, an easy way to create an OCSP responder is by executing the following: openssl ocsp -port Do note that when using OCSP, the responder encoded in the connector certificate must be running.
For further information, see OCSP documentation. Here is a list of common problems that you may encounter when setting up SSL communications, and what to do about them. A likely explanation is that Tomcat cannot find the keystore file where it is looking. By default, Tomcat expects the keystore file to be named. Assuming that someone has not actually tampered with your keystore file, the most likely cause is that Tomcat is using a different password than the one you used when you created the keystore file.
A likely explanation is that Tomcat cannot find the alias for the server key within the specified keystore. Unfortunately Java 6 only supports bit and Java 7 only supports bit. So if your certificate has a stronger key, old Java clients might produce such handshake failures. The latter approach is not recommended because it weakens the SSL security logjam attack. This is a new feature in the Servlet 3. Because it uses the SSL session ID associated with the physical client-server connection there are some limitations.
They are: Tomcat must have a connector with the attribute isSecure set to true. To enable SSL session tracking you need to use a context listener to set the tracking mode for the context to be just SSL if any other tracking mode is enabled, it will be used in preference.
It might look something like: package org. EnumSet; import javax. Collectives on Stack Overflow. Learn more. Asked 10 years, 1 month ago. Active 6 years, 6 months ago. Viewed 6k times. Improve this question. Sam Sam 51 1 1 silver badge 3 3 bronze badges. Add a comment.
0コメント