Hi all, in a Tomcat 7.0.53 container we are running an application which needs to use client certificates to connect to other webservices. This is currently done by configuring a keystore containing keys, certificates and CAs for the JVM (via command line arguments) as follows:
-Djavax.net.ssl.keyStore=$keystore_path -Djavax.net.ssl.keyStorePassword=$keystore_password -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.trustStore=$keystore_path -Djavax.net.ssl.trustStorePassword=$keystore_password -Djavax.net.ssl.trustStoreType=jks This configuration works and requires no changes in the application code. However, since we have to pass those command line arguments in the startup script somehow (including the password, which can be seen in the running process list), we are considering the various options to "cleanup" the configuration. In particular, we are investigating the possibility to configure all that in the server.xml configuration file. I've found many examples of Tomcat SSL configuration but all deal with configuring the "server side", not the "client side" for applications running inside the container. By the way, for the Connector we're using the Native one with OpenSSL (and we could use x509 and RSA for the client side too). Has anybody some pointers to documentation or examples? Thanks, Javier
