tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Converting JSSE configuation to APR/native
Date Thu, 10 Jan 2013 08:06:06 GMT
2013/1/10  <k.b.soumya@accenture.com>:
>
> Hi All,
>
> We would like to convert our SSL connector from JSSE configuration to APR/native. The
tomcat version we are using is tomat7.0.27.
>
> We are finding difficulty in converting our .jks file to SSLCertificateFile and SSLCertificateKeyFile
attributes which are specified as part of connector for APR/native.
>
> Can you please help us in this conversion. The connector which is used currently is as
below:
>
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"  scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"  executor="tomcatThreadPool" connectionTimeout="20000"
allowUnsafeLegacyRenegotiation="false" ciphers="SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
 keystoreFile="/dummy.jks" allowTrace="false"  keystorePass="dummy.com"/>
>
> Any suggestion or help in this regard will be of great value.
>

1. Did you search archives of this mailing list?

If I remember correctly, converting a certificate was discussed some time ago.


2. The configuration attributes used by APR connector are quire
similar to the directives of mod_ssl of Apache HTTPD server,  because
they use the same underlying library (OpenSSL). You can look at their
documentation, and maybe even search their mailing lists
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html

Also,
http://wiki.apache.org/tomcat/HowTo/SSLCiphers

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message