tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Configuring Tomcat 6.0.28 with SSL
Date Tue, 10 Aug 2010 20:53:56 GMT
Hash: SHA1


On 8/10/2010 3:41 PM, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00
> I am abandoning the IIS/isapi_redirect.dll method of authenticating via SSL
> into our web application due to the "authentication" process taking a while,
> causing the web app to run abnormally slow.
> I am wanting to use our server certificate (PKCS12) as the keystore. I've
> been doing a lot of research and it seems that I need to import the root
> certificates into the keystore using OpenSSL. What I am not too clear on is
> how to edit the server.xml file to accommodate these configurations. Here is
> what I have thus far, however, SSL does not seem to be working.
> Copied from Notepad:
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
>          This connector uses the JSSE configuration, when using APR, the 
>          connector should be using the OpenSSL style configuration
>          described in the APR documentation -->
>     <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>                maxThreads="150" scheme="https" secure="true"
>                keystoreFile="C:\Program Files\Apache Software
> Foundation\Tomcat 6.0\con\geo.pfx"
> keystorePass="password" keystoreType="pkcs12"
>                clientAuth="false" sslProtocol="TLS" />

Wait, are you trying to do CLIENT-CERT authentication?

If so, you'll want to do clientAuth="want" (if you want a cert, but
don't want to fail otherwise, which I think is usually what one wants to
do) and set the truststore* attributes on the <Connector>.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message