tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: SSLHostConfig configuration
Date Tue, 10 Sep 2019 10:46:27 GMT
On 09/09/2019 23:28, Herb Burnswell wrote:


> Questions:
> 1. What has changed in between Tomcat 8.5.32 --> 8.5.40 that seemingly now
> requires truststore information in this connector configuration?

There have have been several changes aimed at making it easier to switch
between JSSE and OpenSSL based TLS implementations. Tomcat tries to
store all provided keys and certs in an in-memory Java keystore and then
provides the connectors with the keys and certs in the format they
require. With the wide range of keystores and key formats there have
been a few edge cases where the translation process broke. This looks
like one of them.

There are additional fixes in later 8.5.x releases so you may wish to
try one of those.

> 2. What needs to be done to allow this to work in the 8.5.40 Tomcat version?

truststoreFile and truststorePassword should be configured on the
SSLHostConfig not on the Certificate element.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message