RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

[logo]

Mark,

Am 05.07.2018 12:35, schrieb Sandels Mark (RTH) OUH:
Hi Peter

I would use tomcat to provide https if it could be configured to do
this - is this fairly easy to do?

The IT Department have given me a Certificate and private key for the
server (OXNETMDMS04) but do I need to use "keytool" to create a key
store for the Certificate? (I am referring to the link
https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html).

Tomcat from 8.5 on will let you use PEM-Files to configure TLS. You may 
find more Information on the correct attributes on:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support

That's the way I use it:

   <Connector port="8443"
            protocol="org.apache.coyote.http11.Http11Nio2Protocol"
            
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
            allowTrace="false"
            maxThreads="150"
            SSLEnabled="true"
            compression="off"
            scheme="https"
            server="Apache Tomcat"
            secure="true"
            defaultSSLHostConfigName="<yourservername>" >
    <SSLHostConfig
            hostName="<yourservername>"
            honorCipherOrder="true"
            certificateVerification="none"
            protocols="TLSv1.1+TLSv1.2"
            
ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
      <Certificate 
certificateKeyFile="${catalina.base}/conf/ssl/cert.key"
                   certificateFile="${catalina.base}/conf/ssl/cert.crt"
                   
certificateChainFile="${catalina.base}/conf/ssl/ca-chain.cert.pem"
                   type="RSA" />
    </SSLHostConfig>
  </Connector>


Christopher Schultz has maybe more details on how to use this correctly 
and on the prerequisites.

Best regards

Peter





Kind regards
Mark

Mark Sandels |Senior Systems Analyst/Programmer|IM & T Services –
Integration Services Team |Manor House Annexe Room G22, Oxford
University Hospitals NHS Trust , Headley Way, Headington, Oxford OX3
9RR |Phone:  01865 (5) 72103 | Email: mark.sand...@ouh.nhs.uk NHS
colleagues can visit the OUH IM&T Services intranet site at
http://ouhimt.oxnet.nhs.uk




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org