Re: Unable to get SSL working on Tomcat 8.5

Thu, 01 Dec 2016 14:25:07 -0800

sslEnabledProtocols is now just protocols for one thing. And you have to put your certificate stuff in an <SSLHostConfig> sub-section to the connector now. Here's how ours had to be reconfigured (on 8443 instead of 443) using NIO and JSSE:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" protocols="TLSv1.2"> 
        <SSLHostConfig>
<Certificate certificateFile="path-to-cert-file" certificateKeyFile="path-to-cert-keyfile" /> 
        </SSLHostConfig>
</Connector>
Hope this helps. The parts that are relevant to your certificate are in the section here: https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig but scroll up slightly to get the instructions on how to use this subsection. 

jim

On 12/1/2016 1:26 PM, Bartlett, Todd wrote:

Thanks for your reply, unfortunately I know very little about Tomcat beyond the 
server.xml config below.
What are "hooks" and or whats been deprecated related to the below, or is there 
a new example config for using a .pfx Keystorefile?

<Connector port="443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
keystoreFile="C:\xxxx.pfx"
keystorePass="xxxx"
keystoreType="pkcs12"
clientAuth="false"
sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." />

-----Original Message-----
From: Jim Weill [mailto:moon...@icsi.berkeley.edu]
Sent: Thursday, December 01, 2016 2:38 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Unable to get SSL working on Tomcat 8.5

Are you using the 8.5 reference?
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html

When we updated to 8.5, we also found things changed with the connector for 
SSL.  The above page is the current guide, and you'll notice several of the 
hooks have been deprecated since 6.0

jim

On 12/1/2016 11:28 AM, Bartlett, Todd wrote:

Thanks for replying, some more information.

Tomcat 8.0 works fine with this configuration (Ive tested both
installs on same server, same .pfx) (note no other changes anywhere,
just a fresh install and modifying the server.xml) We have been using this 
config since 6.0 through 8.0.

Something changed in 8.5, it does not seem to recognize or load the .pfx file 
anymore.

Thanks

Todd

-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, November 30, 2016 8:52 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Unable to get SSL working on Tomcat 8.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Todd,

On 11/29/16 4:41 PM, Bartlett, Todd wrote:

The below settings work fine on 6.0 version (no other changes Im
aware
of)  Error received Failed to initialize component
[Connector[HTTP/1.1-443

What's the rest of the error message?


<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="C:\xxxx.pfx" keystorePass="xxxx"
keystoreType="pkcs12" clientAuth="false"
sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." />

Looks okay so far. You need to post more information.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche
ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V
7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg
KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/
XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W
169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf
zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM
IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo
hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz
ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY
47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj
l9lZDcQlY4Q+sZhDFifa
=Op4c
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to