subject:"Re\: Tomcat8 \- How to configure ssl certificates for both https and two\-way authentication"

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

2017-08-09 Thread Mark Thomas

On 09/08/17 12:24, Senthil Kumar wrote:
> Mark,
> 
> Tomcat version is 8.0.39.
> 
> I have to use both server certificate (.pfx) and service certificate as
> keystore. Do I need to convert PFX format certificate to JKS format. How to
> configure more than on private certificate in keystore.

The setenv.sh settings shouldn't interfere with the Tomcat connector but
to be sure I suggest the following:

- comment out the setenv.sh settings
- start Tomcat
- test https on port 443 and report and errors including those in the
  logs

Once port 443 is working then uncomment the settings in setenv and check
port 433 still works.

Mark

> 
> Senthil
> 
> On Wed, Aug 9, 2017 at 1:39 AM, Mark Thomas  wrote:
> 
>> On 08/08/17 21:03, dsenthil...@gmail.com wrote:
>>>
 Hello,

 I have configured ssl certificates for below requirements:

 1. Tomcat server certificate configuration in 'server.xml' file to run
>> tomcat server on port 443 and https

  > minSpareThreads="25"
maxSpareThreads="75" enableLookups="false"
>> disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
>> SSLEnabled="true" clientAuth="false"
sslProtocol="TLSv1.2" 
 ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256"
>> keystoreFile="Tomcat.HostName.pfx" keystorePass="password"
keystoreType="PKCS12" />

 2. Service certificate configuration in 'setenv.sh' file for the
>> two-way ssl authentication for the connection to MQ / Soap service servers.

 export JAVA_OPTS='-Djavax.net.ssl.keyStore=ServiceCertificate.p12
>> -Djavax.net.ssl.keyStorePassword=password 
>> -Djavax.net.ssl.trustStore=clienttruststore.jks
>> -Djavax.net.ssl.trustStorePassword=changeit'


 But It looks like the service certificate configured (for the two-way
>> ssl handshake with MQ and Soap service servers) in 'setenv.sh' file is
>> overwriting the tomcat server ssl configuration configured in 'server.xml'
>> and subsequently tomcat server is down for https and port 443.

 Can someone recommend suitable tomcat config to fix this issue. The
>> tomcat config should support both https (port 443) and two-ways ssl
>> handshake with other servers.
>>
>> Tomcat version?
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

2017-08-09 Thread Senthil Kumar

Mark,

Tomcat version is 8.0.39.

I have to use both server certificate (.pfx) and service certificate as
keystore. Do I need to convert PFX format certificate to JKS format. How to
configure more than on private certificate in keystore.

Senthil

On Wed, Aug 9, 2017 at 1:39 AM, Mark Thomas  wrote:

> On 08/08/17 21:03, dsenthil...@gmail.com wrote:
> >
> >> Hello,
> >>
> >> I have configured ssl certificates for below requirements:
> >>
> >> 1. Tomcat server certificate configuration in 'server.xml' file to run
> tomcat server on port 443 and https
> >>
> >>   minSpareThreads="25"
> >>maxSpareThreads="75" enableLookups="false"
> disableUploadTimeout="true"
> >>acceptCount="100" scheme="https" secure="true"
> SSLEnabled="true" clientAuth="false"
> >>sslProtocol="TLSv1.2" 
> >> ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256"
> keystoreFile="Tomcat.HostName.pfx" keystorePass="password"
> >>keystoreType="PKCS12" />
> >>
> >> 2. Service certificate configuration in 'setenv.sh' file for the
> two-way ssl authentication for the connection to MQ / Soap service servers.
> >>
> >> export JAVA_OPTS='-Djavax.net.ssl.keyStore=ServiceCertificate.p12
> -Djavax.net.ssl.keyStorePassword=password 
> -Djavax.net.ssl.trustStore=clienttruststore.jks
> -Djavax.net.ssl.trustStorePassword=changeit'
> >>
> >>
> >> But It looks like the service certificate configured (for the two-way
> ssl handshake with MQ and Soap service servers) in 'setenv.sh' file is
> overwriting the tomcat server ssl configuration configured in 'server.xml'
> and subsequently tomcat server is down for https and port 443.
> >>
> >> Can someone recommend suitable tomcat config to fix this issue. The
> tomcat config should support both https (port 443) and two-ways ssl
> handshake with other servers.
>
> Tomcat version?
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

2017-08-08 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Senthil,

On 8/8/17 4:03 PM, dsenthil...@gmail.com wrote:
> 
>> Hello,
>> 
>> I have configured ssl certificates for below requirements:
>> 
>> 1. Tomcat server certificate configuration in 'server.xml' file
>> to run tomcat server on port 443 and https
>> 
>> > minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
>> disableUploadTimeout="true" acceptCount="100" scheme="https"
>> secure="true" SSLEnabled="true" clientAuth="false" 
>> sslProtocol="TLSv1.2" ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256"
>> keystoreFile="Tomcat.HostName.pfx" keystorePass="password" 
>> keystoreType="PKCS12" />
>> 
>> 2. Service certificate configuration in 'setenv.sh' file for the
>> two-way ssl authentication for the connection to MQ / Soap
>> service servers.
>> 
>> export JAVA_OPTS='-Djavax.net.ssl.keyStore=ServiceCertificate.p12
>> -Djavax.net.ssl.keyStorePassword=password
>> -Djavax.net.ssl.trustStore=clienttruststore.jks
>> -Djavax.net.ssl.trustStorePassword=changeit'
>> 
>> 
>> But It looks like the service certificate configured (for the
>> two-way ssl handshake with MQ and Soap service servers) in
>> 'setenv.sh' file is overwriting the tomcat server ssl
>> configuration configured in 'server.xml' and subsequently tomcat
>> server is down for https and port 443.
>> 
>> Can someone recommend suitable tomcat config to fix this issue.
>> The tomcat config should support both https (port 443) and
>> two-ways ssl handshake with other servers.

Regardless of the actual problem and solution, here, I would always
highly recommend that you use explicit configuration for your
 for your truststore as well as our keystore. Using system
properties is very heavy-handed and ends up applying the same trust
store to a whole variety of components, not just the .

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlmKOlgACgkQHPApP6U8
pFiIvRAArbBwixXhAxxgegBWYIrCMxtqgg8KAccfRyvkmSIGOkQ/xMV+Z8sP+2Xr
KHEnK8P2vKDzgGKT7fjAaD0HCTbWK7j455OKRKYXxowZkOU5Qbz10xW1j25bHtUy
3mD2Vn5jmrv/vMEkr0sJ3AxB8QeyyZ/ZpK33Zy0bNMYB945H3QQ3QX5lX6d8k9El
0VSt4NKglYdLXvuYmI/YVBvIZw0rzt9hPjBAO9Mc0cIEGJfNJafMKjdYpFSfoUOs
b5TpvVEszEGwgsaaOU4Y7EyHg72EAyNtUzyeSIbn0s0VsvYWS3AqT7QiL5GUvQ4Z
glLdYL+34R1gfsB462fE0RFgVaUuGEBUFs/YxV3loh2FUkCe91MbJ02OTRK27Z/o
ipKXNzcwPJ6ASafMRc2qBR6Wt0Mwg+FC/tXIlMcIhVBbkCXNUuhs21n0lO13kdJM
7uK7XSWWTjHyXd38b1NhplidNmDygzTzJ2lcEs/7MDf1lzU0h4l46FbvWNbInDw7
OvvWjheDKH8mqmCNDgbj7iA+b3FMoSwE+Xv5qG54k1nwoStAWzeTFi4vjqHNMxEa
VzKQMcIa++31/Ytdp7UElixMeGwQfxSGJluWi2wnXmupC/+h2YXM3TwG3hgv3t1H
SHQeBUXtnsITpy5iSka1Y2efhEL26jIiApsPIl+TUOLcvumlTrc=
=Bz/F
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

2017-08-08 Thread Mark Thomas

On 08/08/17 21:03, dsenthil...@gmail.com wrote:
> 
>> Hello,
>>
>> I have configured ssl certificates for below requirements:
>>
>> 1. Tomcat server certificate configuration in 'server.xml' file to run 
>> tomcat server on port 443 and https
>>
>>  > minSpareThreads="25"
>>maxSpareThreads="75" enableLookups="false" 
>> disableUploadTimeout="true"
>>acceptCount="100" scheme="https" secure="true" 
>> SSLEnabled="true" clientAuth="false"
>>sslProtocol="TLSv1.2" 
>> ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256" keystoreFile="Tomcat.HostName.pfx" 
>> keystorePass="password"
>>keystoreType="PKCS12" />
>>
>> 2. Service certificate configuration in 'setenv.sh' file for the two-way ssl 
>> authentication for the connection to MQ / Soap service servers.
>>
>> export JAVA_OPTS='-Djavax.net.ssl.keyStore=ServiceCertificate.p12 
>> -Djavax.net.ssl.keyStorePassword=password 
>> -Djavax.net.ssl.trustStore=clienttruststore.jks 
>> -Djavax.net.ssl.trustStorePassword=changeit'
>>
>>
>> But It looks like the service certificate configured (for the two-way ssl 
>> handshake with MQ and Soap service servers) in 'setenv.sh' file is 
>> overwriting the tomcat server ssl configuration configured in 'server.xml' 
>> and subsequently tomcat server is down for https and port 443.
>>
>> Can someone recommend suitable tomcat config to fix this issue. The tomcat 
>> config should support both https (port 443) and two-ways ssl handshake with 
>> other servers.

Tomcat version?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

4 matches

Site Navigation

Mail list logo

Footer information