2013/1/10 <k.b.sou...@accenture.com>: > > Hi All, > > We would like to convert our SSL connector from JSSE configuration to > APR/native. The tomcat version we are using is tomat7.0.27. > > We are finding difficulty in converting our .jks file to SSLCertificateFile > and SSLCertificateKeyFile attributes which are specified as part of connector > for APR/native. > > Can you please help us in this conversion. The connector which is used > currently is as below: > > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" > secure="true" clientAuth="false" sslProtocol="TLS" > executor="tomcatThreadPool" connectionTimeout="20000" > allowUnsafeLegacyRenegotiation="false" > ciphers="SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" > keystoreFile="/dummy.jks" allowTrace="false" keystorePass="dummy.com"/> > > Any suggestion or help in this regard will be of great value. >
1. Did you search archives of this mailing list? If I remember correctly, converting a certificate was discussed some time ago. 2. The configuration attributes used by APR connector are quire similar to the directives of mod_ssl of Apache HTTPD server, because they use the same underlying library (OpenSSL). You can look at their documentation, and maybe even search their mailing lists http://httpd.apache.org/docs/2.4/mod/mod_ssl.html Also, http://wiki.apache.org/tomcat/HowTo/SSLCiphers Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
