tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <k.b.sou...@accenture.com>
Subject RE: Converting JSSE configuation to APR/native
Date Thu, 10 Jan 2013 08:37:03 GMT
We don't have openSSL installed. Can't we configure APR/native without openssl?

-----Original Message-----
From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
Sent: Thursday, January 10, 2013 1:36 PM
To: Tomcat Users List
Subject: Re: Converting JSSE configuation to APR/native

2013/1/10  <k.b.soumya@accenture.com>:
>
> Hi All,
>
> We would like to convert our SSL connector from JSSE configuration to APR/native. The
tomcat version we are using is tomat7.0.27.
>
> We are finding difficulty in converting our .jks file to SSLCertificateFile and SSLCertificateKeyFile
attributes which are specified as part of connector for APR/native.
>
> Can you please help us in this conversion. The connector which is used currently is as
below:
>
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
> executor="tomcatThreadPool" connectionTimeout="20000"
> allowUnsafeLegacyRenegotiation="false"
> ciphers="SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE
> _RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WIT
> H_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_
> 3DES_EDE_CBC_SHA"  keystoreFile="/dummy.jks" allowTrace="false"
> keystorePass="dummy.com"/>
>
> Any suggestion or help in this regard will be of great value.
>

1. Did you search archives of this mailing list?

If I remember correctly, converting a certificate was discussed some time ago.


2. The configuration attributes used by APR connector are quire similar to the directives
of mod_ssl of Apache HTTPD server,  because they use the same underlying library (OpenSSL).
You can look at their documentation, and maybe even search their mailing lists http://httpd.apache.org/docs/2.4/mod/mod_ssl.html

Also,
http://wiki.apache.org/tomcat/HowTo/SSLCiphers

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



This message is for the designated recipient only and may contain privileged, proprietary,
or otherwise private information. If you have received it in error, please notify the sender
immediately and delete the original. Any other use of the e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and its affiliates, including
e-mail and instant messaging (including content), may be scanned by our systems for the purposes
of information security and assessment of internal compliance with Accenture policy.

______________________________________________________________________________________

www.accenture.com


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message