Hi.
On 02.03.21 23:14, John Larsen wrote:
I usually let the apache webserver or nginx handle the SSL while proxying
to the tomcat. To use tomcat's built in server you'll need to import the
SSL certificate into the keystore via your jdk.
Fully agree, but sometimes it is requierd that the HAProxy/nginx talk TLS to
the backend, in this case tomcat.
John Larsen
On Tue, Mar 2, 2021 at 3:06 PM Alex <al-tomcatu...@none.at> wrote:
Hi.
I try to make a "good" tomcat config and read the docs.
Now in the Connector doc is the following statement.
http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support
http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support
Each secure connector must define at least one SSLHostConfig.
But when I look into the SSL/TLS Configuration How-To is the snipplet
without SSLHostConfig. What's now the "best" way to setup TLS/SSL
with tomcat. I would prefer to put SSLHostConfig but I'm not sure if
it's the way how the developer think to setup the TLS in tomcat?
I use JSSE as implementation.
http://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html
http://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html
```
<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
```
What's your suggestion and opinion to configure the tomcat in a
proper way to use TLS also for the future versions.
Regards
Alex
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
