RE: OpenSSL config for Tomcat 7

Mon, 02 Mar 2020 09:41:52 -0800 

Below are the two connector configs I have tested with.

<Connector
         port="8443"
         scheme="https"
         secure="true"
         protocol="org.apache.coyote.http11.Http11AprProtocol"
         SSLEnabled="true"
         SSLCertificateFile="/auto/englearn-web/ssl_certificate/englearn.cer"
         SSLCertificateKeyFile="/auto/englearn-web/ssl_certificate/englearn.key"
         SSLCACertificateFile="/auto/englearn-web/ssl_certificate/chain.cer"    
 (intermediate certs cat into pem format file) 
         SSLCACertificatePath="/auto/englearn-web/ssl_certificate/"
         maxThreads="150"
         clientAuth="false"
         sslProtocol="TLSv1.2"
                                         />

<Connector
         port="8443"
         scheme="https"
         secure="true"
         protocol="org.apache.coyote.http11.Http11AprProtocol"
         SSLEnabled="true"
         SSLCertificateFile="/auto/englearn-web/ssl_certificate/chain.cer"      
        (server and intermediate certs cat into pem format file)
         SSLCertificateKeyFile="/auto/englearn-web/ssl_certificate/englearn.key"
         maxThreads="150"
         clientAuth="false"
         sslProtocol="TLSv1.2"
                                         />


-John 

-----Original Message-----
From: Mark Thomas <ma...@apache.org> 
Sent: Saturday, February 29, 2020 2:12 AM
To: users@tomcat.apache.org
Subject: Re: OpenSSL config for Tomcat 7



On 29/02/2020 00:22, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK 
INFORMATION INC at Cisco) wrote:
> Hello,
> 
> We're running Tomcat 7 and need to implement SSL. We are using 
> APR/OpenSSL, but I can't get the intermediate certificates pulled in when 
> starting Tomcat. The server certificate is recognized and used but not the 
> other two. I have tried the following in PEM format.
> 
> 
>   *   Stacking them in one file and using the "SSLCertificateFile" directive
>   *   Using the "SSLCertificateFile" directive for the server cert, and 
> "SSLCertificateChainFile" directive for the CA and root cert
> 
> 
>      *   APR 1.4.8
>      *   Tomcat 7.0.39
> 
> Any additional information needed please let me know. Any insight would be 
> greatly appreciated.

The exact connector configuration you are using for each test case along with a 
description of how you created the files referenced in each configuration.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
  • ... John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)
    • ... Jason Wee
      • ... John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)
        • ... Christopher Schultz
    • ... Mark Thomas
      • ... John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)
        • ... Mark Thomas
          • ... John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)

Reply via email to