Mark, Tomcat version is 8.0.39.
I have to use both server certificate (.pfx) and service certificate as keystore. Do I need to convert PFX format certificate to JKS format. How to configure more than on private certificate in keystore. Senthil On Wed, Aug 9, 2017 at 1:39 AM, Mark Thomas <ma...@apache.org> wrote: > On 08/08/17 21:03, dsenthil...@gmail.com wrote: > > > >> Hello, > >> > >> I have configured ssl certificates for below requirements: > >> > >> 1. Tomcat server certificate configuration in 'server.xml' file to run > tomcat server on port 443 and https > >> > >> <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" > minSpareThreads="25" > >> maxSpareThreads="75" enableLookups="false" > disableUploadTimeout="true" > >> acceptCount="100" scheme="https" secure="true" > SSLEnabled="true" clientAuth="false" > >> sslProtocol="TLSv1.2" > >> ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256" > keystoreFile="Tomcat.HostName.pfx" keystorePass="password" > >> keystoreType="PKCS12" /> > >> > >> 2. Service certificate configuration in 'setenv.sh' file for the > two-way ssl authentication for the connection to MQ / Soap service servers. > >> > >> export JAVA_OPTS='-Djavax.net.ssl.keyStore=ServiceCertificate.p12 > -Djavax.net.ssl.keyStorePassword=password > -Djavax.net.ssl.trustStore=clienttruststore.jks > -Djavax.net.ssl.trustStorePassword=changeit' > >> > >> > >> But It looks like the service certificate configured (for the two-way > ssl handshake with MQ and Soap service servers) in 'setenv.sh' file is > overwriting the tomcat server ssl configuration configured in 'server.xml' > and subsequently tomcat server is down for https and port 443. > >> > >> Can someone recommend suitable tomcat config to fix this issue. The > tomcat config should support both https (port 443) and two-ways ssl > handshake with other servers. > > Tomcat version? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >