tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Converting JSSE configuation to APR/native
Date Thu, 10 Jan 2013 09:49:11 GMT
k.b.soumya@accenture.com wrote:
> We don't have openSSL installed. Can't we configure APR/native without openssl?

The on-line documentation may help : 
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL%20Support

> 
> -----Original Message-----
> From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
> Sent: Thursday, January 10, 2013 1:36 PM
> To: Tomcat Users List
> Subject: Re: Converting JSSE configuation to APR/native
> 
> 2013/1/10  <k.b.soumya@accenture.com>:
>> Hi All,
>>
>> We would like to convert our SSL connector from JSSE configuration to APR/native.
The tomcat version we are using is tomat7.0.27.
>>
>> We are finding difficulty in converting our .jks file to SSLCertificateFile and SSLCertificateKeyFile
attributes which are specified as part of connector for APR/native.
>>
>> Can you please help us in this conversion. The connector which is used currently
is as below:
>>
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
>> executor="tomcatThreadPool" connectionTimeout="20000"
>> allowUnsafeLegacyRenegotiation="false"
>> ciphers="SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE
>> _RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WIT
>> H_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_
>> 3DES_EDE_CBC_SHA"  keystoreFile="/dummy.jks" allowTrace="false"
>> keystorePass="dummy.com"/>
>>
>> Any suggestion or help in this regard will be of great value.
>>
> 
> 1. Did you search archives of this mailing list?
> 
> If I remember correctly, converting a certificate was discussed some time ago.
> 
> 
> 2. The configuration attributes used by APR connector are quire similar to the directives
of mod_ssl of Apache HTTPD server,  because they use the same underlying library (OpenSSL).
You can look at their documentation, and maybe even search their mailing lists http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
> 
> Also,
> http://wiki.apache.org/tomcat/HowTo/SSLCiphers
> 
> Best regards,
> Konstantin Kolinko
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> This message is for the designated recipient only and may contain privileged, proprietary,
or otherwise private information. If you have received it in error, please notify the sender
immediately and delete the original. Any other use of the e-mail by you is prohibited.
> 
> Where allowed by local law, electronic communications with Accenture and its affiliates,
including e-mail and instant messaging (including content), may be scanned by our systems
for the purposes of information security and assessment of internal compliance with Accenture
policy.
> 
> ______________________________________________________________________________________
> 
> www.accenture.com
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message