-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Peter,
On 1/13/20 9:20 AM, Peter Rader wrote: >>> I recently moved from T8 to T9 to use PKI. >> >> Exact versions? > > T8 = 8.5.50.0 on amazon-corretto-8.232.09.1-linux-x64 T9 = 9.0.30.0 > on amazon-corretto-8.232.09.1-linux-x64 > >> >>> My keystore contains multiple CAs. >>> >>> I had to modify the ssl-connector from >>> org.apache.coyote.http11.Http11Protocol to >>> org.apache.coyote.http11.Http11NioProtocol >> >> Full Connector configurations (with sensitive data masked)? > > TC8= <Connector port="443" keyAlias="XXX" > protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" > secure="true" SSLEnabled="true" keystoreFile="XXXX" > keystorePass="XXXXX" sslProtocol="TLS" clientAuth="want" > truststoreFile="XXXX" truststorePass="XXXXX" /> > > TC9= <Connector port="443" keyAlias="XXX" > protocol="org.apache.coyote.http11.Http11NioProtocol" > scheme="https" secure="true" SSLEnabled="true" keystoreFile="XXXX" > keystorePass="XXXXX" sslProtocol="TLS" clientAuth="want" > truststoreFile="XXXX" truststorePass="XXXXX" /> > > Masks: - XXX keystore CA - XXXX keystore or truststore - XXXXX > password for keystore/truststore Can you find what you are looking for here? <Connector ...> <SSLHostConfig <-- HERE </Connector> ? http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_S SLHostConfig - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4chpgACgkQHPApP6U8 pFh7KxAAuUrtbKTF2C6TulfX33GJXUO8DButpRGWbbJW0tmoBf3dqUJgnxNBml7v B5dKzjobTrZrBXNjTjT6hYr2uzOCg7y+0RwnG+7yqVR++9AAPpYBUltdLw6sX/TQ homQqwB6eckqj8/i/gjkbzHns2iGgv79/1PqgW6DUz6KINwi4JZHEG7ouDp61Rjr 8iW8q0/zix5VJsWpHL5z6rui2Wu4OPwvZ+Ae7vpHCXqr/QpXzekD1umgFrlEeLff /WliL3LaumX0xoryluVtY2HhkV2VztKfZoyGOVXmMQUbr74Fzi3BL3ruuAgyMMYi YsqXAYurduMHyyae7nZCFnvvaVOyyeIgMHVURCc51AeGMuCSifaXgwVVu55miEXB WRDN+zEi9mCpV74txJMrWqFtJRm6oq6/SM2DcgKpOKTrAy2riwY+IthDQL+PEmal PuvcjKa+anJ7UmAB2B/OE/trwJTjTgmWMPLhzJLO8I4/v1fN3Tq/wEgiJuIWkdFu Rv8aPR7dv+eud392twBL4ig687sPDCeARXDf3yruU4pW5lC9gTT28H5RdRkSDyEN ddUdEWC61qXvOIfGO1fJUQjwTneWT6FCTGUpfYQiA5PWSoG+FCbDvUObPO8Gdi+N e46I4ewADKZRXY7Sy9VJVFsHMQWsYWCjieL0rey/zZFrkqs9Tyo= =ygQr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org