Re: Aw: Re: TC8 -> TC9 KeyAlias SSL not supported?

Christopher Schultz Mon, 13 Jan 2020 07:03:33 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Peter,


On 1/13/20 9:20 AM, Peter Rader wrote:
>>> I recently moved from T8 to T9 to use PKI.
>> 
>> Exact versions?
> 
> T8 = 8.5.50.0 on amazon-corretto-8.232.09.1-linux-x64 T9 = 9.0.30.0
> on amazon-corretto-8.232.09.1-linux-x64
> 
>> 
>>> My keystore contains multiple CAs.
>>> 
>>> I had to modify the ssl-connector from 
>>> org.apache.coyote.http11.Http11Protocol to 
>>> org.apache.coyote.http11.Http11NioProtocol
>> 
>> Full Connector configurations (with sensitive data masked)?
> 
> TC8= <Connector port="443" keyAlias="XXX"
> protocol="org.apache.coyote.http11.Http11Protocol" scheme="https"
> secure="true" SSLEnabled="true" keystoreFile="XXXX"
> keystorePass="XXXXX" sslProtocol="TLS" clientAuth="want"
> truststoreFile="XXXX" truststorePass="XXXXX" />
> 
> TC9= <Connector port="443" keyAlias="XXX"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> scheme="https" secure="true" SSLEnabled="true" keystoreFile="XXXX"
> keystorePass="XXXXX" sslProtocol="TLS" clientAuth="want"
> truststoreFile="XXXX" truststorePass="XXXXX" />
> 
> Masks: - XXX keystore CA - XXXX keystore or truststore - XXXXX
> password for keystore/truststore

Can you find what you are looking for here?

<Connector ...>
  <SSLHostConfig <-- HERE
</Connector>

?

http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_S
SLHostConfig

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4chpgACgkQHPApP6U8
pFh7KxAAuUrtbKTF2C6TulfX33GJXUO8DButpRGWbbJW0tmoBf3dqUJgnxNBml7v
B5dKzjobTrZrBXNjTjT6hYr2uzOCg7y+0RwnG+7yqVR++9AAPpYBUltdLw6sX/TQ
homQqwB6eckqj8/i/gjkbzHns2iGgv79/1PqgW6DUz6KINwi4JZHEG7ouDp61Rjr
8iW8q0/zix5VJsWpHL5z6rui2Wu4OPwvZ+Ae7vpHCXqr/QpXzekD1umgFrlEeLff
/WliL3LaumX0xoryluVtY2HhkV2VztKfZoyGOVXmMQUbr74Fzi3BL3ruuAgyMMYi
YsqXAYurduMHyyae7nZCFnvvaVOyyeIgMHVURCc51AeGMuCSifaXgwVVu55miEXB
WRDN+zEi9mCpV74txJMrWqFtJRm6oq6/SM2DcgKpOKTrAy2riwY+IthDQL+PEmal
PuvcjKa+anJ7UmAB2B/OE/trwJTjTgmWMPLhzJLO8I4/v1fN3Tq/wEgiJuIWkdFu
Rv8aPR7dv+eud392twBL4ig687sPDCeARXDf3yruU4pW5lC9gTT28H5RdRkSDyEN
ddUdEWC61qXvOIfGO1fJUQjwTneWT6FCTGUpfYQiA5PWSoG+FCbDvUObPO8Gdi+N
e46I4ewADKZRXY7Sy9VJVFsHMQWsYWCjieL0rey/zZFrkqs9Tyo=
=ygQr
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Aw: Re: TC8 -> TC9 KeyAlias SSL not supported?

Reply via email to