Am 23.05.2011 18:49, schrieb Gabriel:
Hi!
I have a problem with next scenario:
Tomcat 7.0.12 + APR
CAS 3.4.5
Java SE 6.0.24
Tomcat https connector:
-------------------------------
<Connector maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https"
secure="true"
SSLEngine="on" SSLEnabled="true" SSLVerifyClient="require"
SSLCertificateFile="${catalina.home}/conf/tomcatkey.pem"
SSLCACertificateFile="${catalina.home}/conf/chain.pem"
SSLPassword="xxx"
SSLProtocol="TLSv1"
/>
------------------------------------------
Hi,
i have a working config for tomcat6 like this:
<Connector address="${sso.ip}" port="443" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
SSLVerifyClient="optional" sslProtocol="TLSv1"
SSLCipherSuite="AES:RC4:AES:CAMELLIA:!ADH:!aNULL:!DH:!EDH:!eNULL:!LOW:!SSLv2:!EXP:!NULL"
SSLCertificateFile="${tomcat.confdir}/certs/${sso.shortname}.pem"
SSLCertificateKeyFile="${tomcat.confdir}/certs/${sso.shortname}.key"
SSLPassword="xxxxxx"
SSLVerifyDepth="4"
SSLCertificateChainFile="${tomcat.confdir}/certs/server-chain.pem"
SSLCACertificateFile="${tomcat.confdir}/certs/client-chain.pem"
URIEncoding="UTF-8"
compression = "on"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/x-javascript,application/javascripti,text/css"
compressionMinSize="1024" />
Just ignore the variables... I generate the tomcat config with a maven
filter for different deployments. This config is optimized for
performance with high security in mind (order and selection of allowed
ciphers, compression etc). The client certificate verification depth can
probably be skipped in your case and in my case client certs are optional...
Best regards,
Joachim
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
