Yes, I read it, but can't find which attributes from sslhostconfig should I use And on internet couldn't find any examples, all of them use clientAuth Thanks
On Sat, 5 Apr 2025, 19:13 Chuck Caldarale, <n82...@gmail.com> wrote: > > > On 2025 Apr 5, at 10:55, juan <bobenag...@gmail.com> wrote: > > > > Hi > > > > I'm migrating from tomcat 9 to tomcat 11.0.5 > > > > I need a client cert validation. Mi server.xml in tomcat 9 : > > > > > > <Connector SSLEnabled="true" *clientAuth="true" > > *keyAlias="karun-tomcat-server-cert" > > > > > > keystoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks" > > keystorePass="pass" maxThreads="150" > > port="8448" protocol="org.apache.coyote.http11.Http11NioProtocol" > > scheme="https" secure="true" sslProtocol="TLS" > > > > > truststoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks" > > truststorePass="pass"/> > > > > Adding clientAuth="true" does the trick, and my client has to have a > > certificate provided by me. > > > > But in tomcat 11 clientAuth doesn't exist in connector and even reading > > documentation i can't find how to do it in tomcat 11 > > > If you look at the 9.0.x SSL documentation, you’ll see that clientAuth was > deprecated even then, and was replaced by attributes of the SSLHostConfig > element. > > https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support > https://tomcat.apache.org/tomcat-11.0-doc/config/http.html#SSL_Support > > - Chuck > >
