VĂctor Torres - UPF wrote: > Hi Martin, all, > > This is what I use: > > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > clientAuth="true" sslProtocol="TLS" > keystoreFile="C:\server.p12" > keystorePass="password" keystoreType="PKCS12" > truststoreFile="C:\root.p12" > truststorePass="password" truststoreType="PKCS12"/> > > The keystore.p12 I sent in my previous mail was just an example with > empty password of how to insert 2 certificates. > Form my experience, Tomcat does not accept PKCS12 with empty password as > keystore nor as truststore. > The real PKCS12 truststoreFile I use contains only 1 cert (fails) or > cert+privatekey (works). > Regards.
For the configuration above the expected requirements are: keystoreFile must contain a certificate that includes both public and private key and is signed by some issuing authority. truststoreFile must contain the public key (NOT the private key) of the authority that issued the certificate in keystoreFile. If you can confirm that that above configuration does not work and truststoreFile requires the private key to work then this is a bug. Please create a bugzilla item for it. It would be a great help if you attached a script to the bug that created an appropriate keystoreFile and truststoreFile that demonstrates the bug. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
