2014-07-12 14:21:40

View Mode: Normal | Article List
March, 2015 | 1

key crt converter tomcat keystore

[ 2015-03-25 22:11:12 | Author: zhenhua ]
openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile mycert.crt -caname root -chain

keytool -importkeystore -v -srckeystore mycert.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore tomcat.keystore -deststoretype jks -deststorepass 123456

get an A+ on the Qualsys SSL Labs

[ 2015-03-12 13:31:14 | Author: zhenhua ]
For that you’ll need to do the following:

1 Don’t support older protocols. A lot of servers support really old and obsolete protocols. If you run a web app, your users will very likely not need support for these.
2 Don’t support flawed SSL ciphers. There’s a bunch of these and you can avoid using them. Browsers support multiple different ciphers, so this is not a problem.
3 Cache SSL sessions. This will improve performance.
4 Turn on HTTP Strict Transport Security (HSTS). This is a special ...