Has anyone gotten CF Admin (tomcat) to use the loc...
# adobep
Panman82
12/18/2023, 5:00 PMHas anyone gotten CF Admin (tomcat) to use the local Windows Certificate Store for a certificate instead of a Java keystore? I'm trying the following without any luck: https://stackoverflow.com/questions/37929887/configuring-tomcat-to-use-windows-certificate-store-for-ssl
Panman82
12/18/2023, 5:01 PMI've tried both the answer with the most upvotes, and the last one without any upvotes.
q
quetwo
12/18/2023, 7:16 PMWhat are you trying to do? For outbound TLS connections (like for cfhttp / cftp)?
p
Panman82
12/18/2023, 7:20 PMNope, to host the internal
/CFIDE/administrator/q
quetwo
12/19/2023, 2:28 PMIf you are using IIS -- it owns all the TLS/SSL infrastructure either way. The Java Key Store is really only used for outbound communications, unless you accessing the jetty server built-in.
p
Panman82
12/19/2023, 2:46 PMThe CFIDE is blocked on our IIS sites, so we leave the internal server (tomcat) running and bound to an internal IP. So the trick is getting that tomcat server to see the Windows cert store.
q
quetwo
12/19/2023, 3:06 PMGotcha. The only time I've seen something like that was a powershell script that synced the windows cert store with Tomcat on a schedule. It was also kinda dangerous because it had to extract all the private keys out of there as well.
quetwo
12/19/2023, 3:08 PMI've never seen a successful implementation of the JSSE talking to an external keystore that wasn't a JKS.
5 Views