We don't have openSSL installed. Can't we configure APR/native without openssl?
-----Original Message----- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Thursday, January 10, 2013 1:36 PM To: Tomcat Users List Subject: Re: Converting JSSE configuation to APR/native 2013/1/10 <k.b.sou...@accenture.com>: > > Hi All, > > We would like to convert our SSL connector from JSSE configuration to > APR/native. The tomcat version we are using is tomat7.0.27. > > We are finding difficulty in converting our .jks file to SSLCertificateFile > and SSLCertificateKeyFile attributes which are specified as part of connector > for APR/native. > > Can you please help us in this conversion. The connector which is used > currently is as below: > > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" > executor="tomcatThreadPool" connectionTimeout="20000" > allowUnsafeLegacyRenegotiation="false" > ciphers="SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE > _RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WIT > H_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_ > 3DES_EDE_CBC_SHA" keystoreFile="/dummy.jks" allowTrace="false" > keystorePass="dummy.com"/> > > Any suggestion or help in this regard will be of great value. > 1. Did you search archives of this mailing list? If I remember correctly, converting a certificate was discussed some time ago. 2. The configuration attributes used by APR connector are quire similar to the directives of mod_ssl of Apache HTTPD server, because they use the same underlying library (OpenSSL). You can look at their documentation, and maybe even search their mailing lists http://httpd.apache.org/docs/2.4/mod/mod_ssl.html Also, http://wiki.apache.org/tomcat/HowTo/SSLCiphers Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
