Apologies if this is really basic, but I've seen two ways of handling
https (SSL) for tomcat and don't understand the differences.
The first example uses letsencrypt cert files 'in situ' (i.e. where they
have been created). The second example uses the same files, but
converted by a manual shell script into a single .keystore file, stored
in ./tomcat/keys
The thing I really don't understand is the different protocols used.
Fair warning: the second example is something I've been using for a
while, so it may be out of fashion even though it works. The first
example is "brand new" that I got online and want to use mainly because
it removes the manual conversion step from cert to .keystore.
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate
certificateFile="/etc/letsencrypt/live/mydomain.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/mydomain.com/privkey.pem"
certificateChainFile="/etc/letsencrypt/live/mydomain.com/chain.pem" />
</SSLHostConfig>
</Connector>
vs.
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" enableLookups="false" scheme="https" secure="true"
keystoreFile="./keys/.keystore" keystorePass="mypass"
clientAuth="false" sslProtocol="TLS" />
My system:
OS: Ubuntu 18.04.2 LTS (server)
Tomcat: 8.5.41 (installed from tomcat distribution, not via apt get)
Java: OpenJDK "11.0.3" 2019-04-16
Everything works fine. I'm mostly just curious about the other
differences between the two connectors.
Thanks in advance.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
--
This communication is intended for the use of the recipient to whom it is
addressed, and may contain confidential, personal, and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take action
relying on it. Any communications received in error, or subsequent reply,
should be deleted or destroyed.
---
