-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Savitha,
On 12/8/11 3:01 PM, Savitha Akella wrote: > We are using tomcat version 7.0.11 You should upgrade if you have the chance. 7.0.23 is available and there have been many improvements including fixes for security-related bugs. > Here are the changes we made in server.xml: > > <Connector SSLEnabled="true" clientAuth="true" keyAlias="tomcat" > keyPass="xyz" keystoreFile="C:/Users/keystorepath/key.keystore" > maxThreads="150" port="8443" > protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" > secure="true" sslProtocol="TLS" trustMaxCertLength="10" > truststoreFile="C:/Users/trustorepath/truststore.keystore" > truststorePass="abc"/> This is what you have now. I have no idea what you had before. If the above connector is the only one you have, then everyone must connect using HTTPS. Is that what you wanted? Also, all clients must present a certificate because you have clientAuth="true" which requires a certificate to connect. If you want other webapps to allow non-HTTPS traffic, you'll need a separate, non-secure HTTP connector. If you want one webapp to be able to receive a Client SSL certificates but the others not demand them, then you need to set clientAuth="want" instead of clientAuth="true".. http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7hJxAACgkQ9CaO5/Lv0PATwACguhTb7rOatNr3Nlgkm8+OSyvG 3TUAn3zxOB69eDMmgycDMrvNCp4+kTVq =cs9i -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
