It's working for me with the configuration attributes apart from your configuration :
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation". keystoreFile="certificate path" in the <Connector> element. I couldn't succeed with the element <SSLHostConfig> -- Ram. -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, December 05, 2016 10:14 AM To: Tomcat Users List Subject: Re: Unable to get SSL working on Tomcat 8.5 ** This mail has been sent from an external source ** On 01/12/2016 22:17, Jim Weill wrote: > sslEnabledProtocols is now just protocols for one thing. And you have > to put your certificate stuff in an <SSLHostConfig> sub-section to the > connector now. That should not be necessary. Tomcat should handle the conversion for you under the hood. I've tested this with a JKS store but not a pkcs12 store. Let me see if there is something extra we need to do in the pkcs12 case. Mark > Here's how ours had to be reconfigured (on 8443 instead of 443) using > NIO and JSSE: > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" > SSLEnabled="true" protocols="TLSv1.2"> > <SSLHostConfig> > <Certificate certificateFile="path-to-cert-file" > certificateKeyFile="path-to-cert-keyfile" /> > </SSLHostConfig> > </Connector> > > Hope this helps. The parts that are relevant to your certificate are > in the section here: > https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_ > -_SSLHostConfig but scroll up slightly to get the instructions on how > to use this subsection. > > jim > > On 12/1/2016 1:26 PM, Bartlett, Todd wrote: >> Thanks for your reply, unfortunately I know very little about Tomcat >> beyond the server.xml config below. >> What are "hooks" and or whats been deprecated related to the below, >> or is there a new example config for using a .pfx Keystorefile? >> >> <Connector port="443" >> protocol="HTTP/1.1" >> SSLEnabled="true" >> maxThreads="150" >> scheme="https" >> secure="true" >> keystoreFile="C:\xxxx.pfx" >> keystorePass="xxxx" >> keystoreType="pkcs12" >> clientAuth="false" >> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> >> >> -----Original Message----- >> From: Jim Weill [mailto:moon...@icsi.berkeley.edu] >> Sent: Thursday, December 01, 2016 2:38 PM >> To: Tomcat Users List <users@tomcat.apache.org> >> Subject: Re: Unable to get SSL working on Tomcat 8.5 >> >> Are you using the 8.5 reference? >> https://tomcat.apache.org/tomcat-8.5-doc/config/http.html >> >> When we updated to 8.5, we also found things changed with the >> connector for SSL. The above page is the current guide, and you'll >> notice several of the hooks have been deprecated since 6.0 >> >> jim >> >> On 12/1/2016 11:28 AM, Bartlett, Todd wrote: >>> Thanks for replying, some more information. >>> >>> Tomcat 8.0 works fine with this configuration (Ive tested both >>> installs on same server, same .pfx) (note no other changes anywhere, >>> just a fresh install and modifying the server.xml) We have been >>> using this config since 6.0 through 8.0. >>> >>> Something changed in 8.5, it does not seem to recognize or load the >>> .pfx file anymore. >>> >>> Thanks >>> >>> Todd >>> >>> -----Original Message----- >>> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >>> Sent: Wednesday, November 30, 2016 8:52 PM >>> To: Tomcat Users List <users@tomcat.apache.org> >>> Subject: Re: Unable to get SSL working on Tomcat 8.5 >>> > Todd, > > On 11/29/16 4:41 PM, Bartlett, Todd wrote: >>>>> The below settings work fine on 6.0 version (no other changes Im >>>>> aware >>>>> of) Error received Failed to initialize component >>>>> [Connector[HTTP/1.1-443 > What's the rest of the error message? > >>>>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" >>>>> maxThreads="150" scheme="https" secure="true" >>>>> keystoreFile="C:\xxxx.pfx" keystorePass="xxxx" >>>>> keystoreType="pkcs12" clientAuth="false" >>>>> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> > Looks okay so far. You need to post more information. > > -chris >>> >>> -------------------------------------------------------------------- >>> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> -------------------------------------------------------------------- >>> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
