On 05/12/2016 16:13, Mark Thomas wrote:
> On 01/12/2016 22:17, Jim Weill wrote:
>> sslEnabledProtocols is now just protocols for one thing. And you have to
>> put your certificate stuff in an <SSLHostConfig> sub-section to the
>> connector now.
>
> That should not be necessary. Tomcat should handle the conversion for
> you under the hood.
>
> I've tested this with a JKS store but not a pkcs12 store. Let me see if
> there is something extra we need to do in the pkcs12 case.
Confirmed. This is working as expected. The following works with 8.0.x
and 8.5.x. I've built both from trunk but there are no relevant changes
since the last release of each.
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="conf/localhost-rsa.p12"
keystoreType="PKCS12"
keyPass="changeit" />
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
