0

Is it Possible to Configure Tomcat 7 SSL to access certificates via SunMSCAPI?

We are currently deploying Tomcat 7 to an Azure PAAS Cloud Service, which creates all instances as Window Servers.

We have configured SSL in Tomcat such that it accesses the certificate from a keystore file using JSSE (not APR):

<Connector port="443" 
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" 
           scheme="https" 
           secure="true"
           keystoreFile="xxxxx" keystorePass="xxxxx" keystoreType="PKCS12"
           clientAuth="false" 
           SSLEnabled="true"
           sslProtocol="TLS" />

We would like to configure Tomcat to access the Windows Server Cert Manager, because MS Azure tooling provides for easy ways to deploy certificates to the instances via Powershell/REST APIs. I know this can be done with jetty using the Java SunMSCAPI.

Can this also be done in Tomcat 7?

Any help would be appreciated.

4

1 回答 1

0

尚未测试:告诉 Tomcat 使用 SubMSCAPI 密钥库提供程序:

--JvmOptions="-Djavax.net.ssl.keyStoreProvider=SunMSCAPI -Djavax.net.ssl.trustStoreProvider=SunMSCAPI -Djavax.net.ssl.trustStoreType=Windows-Root"

将连接器配置为

<Connector ...
   keyAlias="my.www.server" keyStoreFile="" keyStoreType="Windows-My"

keyAlias 的值是证书的通用名称,见

keytool -list -providername SunMSCAPI -storetype Windows-My
于 2013-11-21T00:50:58.357 回答