On 25/06/2019 19:24, Michael Magnuson wrote: > > > Oh I see. I was trying to use those fields for the OCSP responder > information. Thanks for the clarification.
You shouldn't need to explicitly define that. The assumption is that the OSCP response have a trust chain that leads back to the same trusted root as the client certs. Mark > ________________________________ > From: Mark Thomas <ma...@apache.org> > Sent: Tuesday, June 25, 2019 11:03 AM > To: users@tomcat.apache.org > Subject: Re: OCSP Connector on Tomcat 8.5 not working > > On 25/06/2019 18:04, Michael Magnuson wrote: >> >> >> Mark, are you defining your server SSL certificate someplace else, other >> than within the connector in server.xml? > > No. > >> From your example connector config, I'm not seeing it defined. > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11AprProtocol" > maxThreads="150" SSLEnabled="true" > > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/> > <SSLHostConfig certificateVerification="required" > caCertificateFile="conf/ca-rsa-cert.pem" > certificateRevocationListFile="conf/crl.pem"> > <Certificate certificateKeyFile="conf/localhost-rsa-key.pem" > certificateFile="conf/localhost-rsa-cert.pem" > certificateChainFile="conf/localhost-rsa-chain.pem" > type="RSA" /> > </SSLHostConfig> > </Connector> > > Server key is defined by certificateKeyFile > Server cert is defined by certificateFile > Server cert chain is defined by certificateChainFile > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
