tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Configuring Tomcat 6.0.28 with SSL
Date Tue, 10 Aug 2010 20:53:56 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason,

On 8/10/2010 3:41 PM, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00
wrote:
> I am abandoning the IIS/isapi_redirect.dll method of authenticating via SSL
> into our web application due to the "authentication" process taking a while,
> causing the web app to run abnormally slow.
> 
> I am wanting to use our server certificate (PKCS12) as the keystore. I've
> been doing a lot of research and it seems that I need to import the root
> certificates into the keystore using OpenSSL. What I am not too clear on is
> how to edit the server.xml file to accommodate these configurations. Here is
> what I have thus far, however, SSL does not seem to be working.
> 
> Copied from Notepad:
> 
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
>          This connector uses the JSSE configuration, when using APR, the 
>          connector should be using the OpenSSL style configuration
>          described in the APR documentation -->
>     
>     <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>                maxThreads="150" scheme="https" secure="true"
>                keystoreFile="C:\Program Files\Apache Software
> Foundation\Tomcat 6.0\con\geo.pfx"
> keystorePass="password" keystoreType="pkcs12"
>                clientAuth="false" sslProtocol="TLS" />

Wait, are you trying to do CLIENT-CERT authentication?

If so, you'll want to do clientAuth="want" (if you want a cert, but
don't want to fail otherwise, which I think is usually what one wants to
do) and set the truststore* attributes on the <Connector>.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxhvGQACgkQ9CaO5/Lv0PA7xQCdGdGEwXko++Jm0t8/lJR1eAQb
el0An3FjqgDbTP54DX3oSX9wscDMaqLk
=jLqM
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message