Mark,
Am 05.07.2018 12:35, schrieb Sandels Mark (RTH) OUH:
Hi Peter
I would use tomcat to provide https if it could be configured to do
this - is this fairly easy to do?
The IT Department have given me a Certificate and private key for the
server (OXNETMDMS04) but do I need to use "keytool" to create a key
store for the Certificate? (I am referring to the link
https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html).
Tomcat from 8.5 on will let you use PEM-Files to configure TLS. You may
find more Information on the correct attributes on:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support
That's the way I use it:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
allowTrace="false"
maxThreads="150"
SSLEnabled="true"
compression="off"
scheme="https"
server="Apache Tomcat"
secure="true"
defaultSSLHostConfigName="<yourservername>" >
<SSLHostConfig
hostName="<yourservername>"
honorCipherOrder="true"
certificateVerification="none"
protocols="TLSv1.1+TLSv1.2"
ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
<Certificate
certificateKeyFile="${catalina.base}/conf/ssl/cert.key"
certificateFile="${catalina.base}/conf/ssl/cert.crt"
certificateChainFile="${catalina.base}/conf/ssl/ca-chain.cert.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
Christopher Schultz has maybe more details on how to use this correctly
and on the prerequisites.
Best regards
Peter
Kind regards
Mark
Mark Sandels |Senior Systems Analyst/Programmer|IM & T Services –
Integration Services Team |Manor House Annexe Room G22, Oxford
University Hospitals NHS Trust , Headley Way, Headington, Oxford OX3
9RR |Phone: 01865 (5) 72103 | Email: mark.sand...@ouh.nhs.uk NHS
colleagues can visit the OUH IM&T Services intranet site at
http://ouhimt.oxnet.nhs.uk
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org