https, http2 and pfx certificates, Tomcat configuration

Contains tips for configurators working with Aware IM
Post Reply
joben
Posts: 221
Joined: Wed Nov 06, 2019 9:49 pm
Location: Sweden
Contact:

https, http2 and pfx certificates, Tomcat configuration

Post by joben »

Was troubleshooting something and thought switching from http 1.1 to http2 would solve the specific problem. It didn't, but It might still be useful for someone else to be able to serve content as http2 when using https. We have been using .pfx files as our certificates, and most documentation of Tomcat stuff is always about pem and chain files. The Tomcat documentation is not as good as I had wished, and there is no proper testing command for Tomcat that I know of (like nginx -T).

So after some trial and error, this is how we combined .pfx certificates and http2 configuration:
http2pfx.png
http2pfx.png (48.94 KiB) Viewed 13254 times
Regards, Joakim

Image
Jaymer
Posts: 2430
Joined: Tue Jan 13, 2015 10:58 am
Location: Tampa, FL
Contact:

Re: https, http2 and pfx certificates, Tomcat configuration

Post by Jaymer »

thats cool.
There's a ton of examples out there for Tomcat and certs, and everyone seems to do it a different way. Frustrating.
Don't know if this is bad or less secure, but
i stopped messing with the keystore this way:
tomcat_certs.png
tomcat_certs.png (24.77 KiB) Viewed 13247 times
Click Here to see a collection of my tips & hacks on this forum. Or search for "JaymerTip" in the search bar at the top.

Jaymer
Aware Programming & Consulting - Tampa FL
joben
Posts: 221
Joined: Wed Nov 06, 2019 9:49 pm
Location: Sweden
Contact:

Re: https, http2 and pfx certificates, Tomcat configuration

Post by joben »

The main reason for us to use .pfx is because our certs are initially created inside IIS on a different server, then they are exported as .pfx files and used in various servers.
Pretty sure it is possible for us to do the trinity thing (key, bundle, cert) like in your configuration, but I am afraid it would involve some extra steps in our case. I just thought the Tomcat documentation was lacking a bit, so hopefully some pfx fanboys out there can use this code snippet.
Regards, Joakim

Image
Post Reply