On 12/5/2016 8:43 AM, Mark Thomas wrote:
On 05/12/2016 16:13, Mark Thomas wrote:
On 01/12/2016 22:17, Jim Weill wrote:
sslEnabledProtocols is now just protocols for one thing. And you have to
put your certificate stuff in an <SSLHostConfig> sub-section to the
connector now.
That should not be necessary. Tomcat should handle the conversion for
you under the hood.
I've tested this with a JKS store but not a pkcs12 store. Let me see if
there is something extra we need to do in the pkcs12 case.
Confirmed. This is working as expected. The following works with 8.0.x
and 8.5.x. I've built both from trunk but there are no relevant changes
since the last release of each.
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="conf/localhost-rsa.p12"
keystoreType="PKCS12"
keyPass="changeit" />
Mark
So what might have changed with tomcat between 7.0 and 8.5 then? I
upgraded from 7.0 to 8.5 and had to do the separate SSLHostConfig
section and change to the more updated connector syntax when a single
connector string as shown above used to work.
jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
