Configuring Tomcat to use Windows Certificate Stor

2019-03-02 03:06发布

站内问答 / Java
1422 2 4

I've deployed a number of SSL configurations, including both Tomcat (cacerts + keytool) and IIS (Windows Certificate Store + netsh http sslcert) so I'm familiar with these procedures.

Has anyone come up with a way to point Tomcat's SSL connector to a Windows Store (i.e. configuration, extension, plugin, etc.)? Just looking to centralize management of SSL deployments to one store, vs. having multiple stores.

2条回答
Melony?
2楼-- · 2019-03-02 03:28

According to the answer on "SSL enabling in Tomcat Windows server" you can specify keystore type as "Windows-My" in configuration of connector in server.xml, it worked for me on Tomcat 8.0.22 as well

<Connector port="8443" 
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           SSLEnabled="true"
           maxThreads="150" 
           scheme="https" 
           secure="true"
           keyAlias="<alias of the cert>"
           keystoreFile=""
           keystoreType="Windows-My"
           clientAuth="false" 
           sslProtocol="TLS"
           keepAliveTimeout="200000" />
查看更多
0人赞 添加讨论(0) 举报
看我几分像从前
3楼-- · 2019-03-02 03:42

It seems not possible. From tomcat 8 documentation https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

tomcat currently operates only on JKS, PKCS11 or PKCS12 format keystores.

Windows Store would require an specific connector similar to the 'WINDOWS-MY' of JSSE.

There is no reference in documentation to any plugin or connector to Windows Certificate Store.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)