On 10/09/2019 13:14, Herb Burnswell wrote:
<snip/>
> My apologies for my ignorance here, when you say 'configured on the
> SSLHostConfig' are you saying it should NOT be in this block:
>
> <snip>
>
> <SSLHostConfig hostName="*.example1.com">
>
> <Certificate certificateKeystoreType="PKCS12"
> certificateKeystoreFile="/app/config/keystore.p12"
> certificateKeyAlias="example_wildcard"
> certificateKeystorePassword="maskedpasswd"
> truststoreFile="/app/config/truststore.p12"
> truststorePassword="maskedpasswd"
> type="RSA"/>
>
> </SSLHostConfig>
>
> <snip>
>
> This is how I tried to configure it and we still receive the "trustAnchors
> parameter must be non-empty" error. Can you clarify where you mean the
> truststore directives should be defined?
You need to move the trust store config from the Certificate to the
SSLHostConfig like this:
<SSLHostConfig
hostName="*.example1.com"
truststoreFile="/app/config/truststore.p12"
truststorePassword="maskedpasswd"
>
<Certificate
certificateKeystoreType="PKCS12"
certificateKeystoreFile="/app/config/keystore.p12"
certificateKeyAlias="example_wildcard"
certificateKeystorePassword="maskedpasswd"
type="RSA"
/>
</SSLHostConfig>
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
