tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Huntrods <>
Subject Connector difference explanation request - two ways of getting SSL in server.xml
Date Sat, 22 Jun 2019 21:19:33 GMT
Apologies if this is really basic, but I've seen two ways of handling
https (SSL) for tomcat and don't understand the differences.

The first example uses letsencrypt cert files 'in situ' (i.e. where they
have been created). The second example uses the same files, but
converted by a manual shell script into a single .keystore file, stored
in ./tomcat/keys

The thing I really don't understand is the different protocols used.

Fair warning: the second example is something I've been using for a
while, so it may be out of fashion even though it works. The first
example is "brand new" that I got online and want to use mainly because
it removes the manual conversion step from cert to .keystore.

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
certificateChainFile="/etc/letsencrypt/live/" />


<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
   maxThreads="150" enableLookups="false" scheme="https" secure="true"
   keystoreFile="./keys/.keystore" keystorePass="mypass"
   clientAuth="false" sslProtocol="TLS" />

My system:
OS: Ubuntu 18.04.2 LTS (server)
Tomcat: 8.5.41 (installed from tomcat distribution, not via apt get)
Java: OpenJDK "11.0.3" 2019-04-16

Everything works fine. I'm mostly just curious about the other
differences between the two connectors.

Thanks in advance.

This email has been checked for viruses by Avast antivirus software.

This communication is intended for the use of the recipient to whom it is addressed, and may
contain confidential, personal, and or privileged information. Please contact us immediately
if you are not the intended recipient of this communication, and do not copy, distribute,
or take action relying on it. Any communications received in error, or subsequent reply, should
be deleted or destroyed.
View raw message