Hi
I read it
But couldn't make it work
After hours i got it :
<Connector
SSLEnabled="true"
maxThreads="150"
port="8448"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https"
defaultSSLHostConfigName="duba">
<SSLHostConfig hostName="duba"
truststoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
certificateVerification="required"
protocols="all">
<Certificate
certificateKeystoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
certificateKeystorePassword="password"
type="RSA"
/>
</SSLHostConfig>
</Connector>
Thanks
On Sun, 6 Apr 2025 at 00:57, Chuck Caldarale <n82...@gmail.com> wrote:
>
> > On 2025 Apr 5, at 12:49, juan <bobenag...@gmail.com> wrote:
> >
> > Yes, I read it, but can't find which attributes from sslhostconfig
> should I
> > use
> > And on internet couldn't find any examples, all of them use clientAuth
>
>
> If you read the 9.0.x documentation for clientAuth, it says this:
>
> clientAuth
> This is an alias for the certificateVerification attribute of the
> SSLHostConfig <
> https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig>
> element with the hostName of _default_. If thisSSLHostConfig <
> https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig>
> element is not explicitly defined, it will be created.
>
>
> Is that not clear that you should now be using certificateVerification
> within SSLHostConfig?
>
> - Chuck
>
>
> > On Sat, 5 Apr 2025, 19:13 Chuck Caldarale, <n82...@gmail.com> wrote:
> >
> >>
> >>> On 2025 Apr 5, at 10:55, juan <bobenag...@gmail.com> wrote:
> >>>
> >>> Hi
> >>>
> >>> I'm migrating from tomcat 9 to tomcat 11.0.5
> >>>
> >>> I need a client cert validation. Mi server.xml in tomcat 9 :
> >>>
> >>>
> >>> <Connector SSLEnabled="true" *clientAuth="true"
> >>> *keyAlias="karun-tomcat-server-cert"
> >>>
> >>>
> >>>
> keystoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
> >>> keystorePass="pass" maxThreads="150"
> >>> port="8448" protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>> scheme="https" secure="true" sslProtocol="TLS"
> >>>
> >>>
> >>
> truststoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
> >>> truststorePass="pass"/>
> >>>
> >>> Adding clientAuth="true" does the trick, and my client has to have a
> >>> certificate provided by me.
> >>>
> >>> But in tomcat 11 clientAuth doesn't exist in connector and even reading
> >>> documentation i can't find how to do it in tomcat 11
> >>
> >>
> >> If you look at the 9.0.x SSL documentation, you’ll see that clientAuth
> was
> >> deprecated even then, and was replaced by attributes of the
> SSLHostConfig
> >> element.
> >>
> >> https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support
> >> https://tomcat.apache.org/tomcat-11.0-doc/config/http.html#SSL_Support
> >>
> >> - Chuck
> >>
> >>
>
>
