tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bartlett, Todd" <bartle...@uncw.edu>
Subject RE: Unable to get SSL working on Tomcat 8.5
Date Thu, 01 Dec 2016 21:26:27 GMT
Thanks for your reply, unfortunately I know very little about Tomcat beyond the server.xml
config below.  
What are "hooks" and or whats been deprecated related to the below, or is there a new example
config for using a .pfx Keystorefile? 

<Connector port="443" 
protocol="HTTP/1.1" 
SSLEnabled="true"
maxThreads="150" 
scheme="https" 
secure="true"
keystoreFile="C:\xxxx.pfx" 
keystorePass="xxxx"
keystoreType="pkcs12" 
clientAuth="false"
sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." />

-----Original Message-----
From: Jim Weill [mailto:moondog@ICSI.Berkeley.EDU] 
Sent: Thursday, December 01, 2016 2:38 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Unable to get SSL working on Tomcat 8.5

Are you using the 8.5 reference? 
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html

When we updated to 8.5, we also found things changed with the connector for SSL.  The above
page is the current guide, and you'll notice several of the hooks have been deprecated since
6.0

jim

On 12/1/2016 11:28 AM, Bartlett, Todd wrote:
> Thanks for replying, some more information.
>
> Tomcat 8.0 works fine with this configuration (Ive tested both 
> installs on same server, same .pfx) (note no other changes anywhere, 
> just a fresh install and modifying the server.xml) We have been using this config since
6.0 through 8.0.
>
> Something changed in 8.5, it does not seem to recognize or load the .pfx file anymore.
>
> Thanks
>
> Todd
>
> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: Wednesday, November 30, 2016 8:52 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Unable to get SSL working on Tomcat 8.5
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Todd,
>
> On 11/29/16 4:41 PM, Bartlett, Todd wrote:
>> The below settings work fine on 6.0 version (no other changes Im 
>> aware
>> of)  Error received Failed to initialize component
>> [Connector[HTTP/1.1-443
> What's the rest of the error message?
>
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> keystoreFile="C:\xxxx.pfx" keystorePass="xxxx"
>> keystoreType="pkcs12" clientAuth="false"
>> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." />
> Looks okay so far. You need to post more information.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche
> ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V
> 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg
> KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/
> XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W
> 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf
> zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM
> IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo
> hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz
> ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY
> 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj
> l9lZDcQlY4Q+sZhDFifa
> =Op4c
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message