Author: markt
Date: Mon Jun 25 19:27:52 2012
New Revision: 1353708
URL: http://svn.apache.org/viewvc?rev=1353708&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53459
Fix SSLVerifyClient option in APR SSL example and further clarify how to modify
server.xml based on the desired connector implementation.
Modified:
tomcat/trunk/webapps/docs/ssl-howto.xml
Modified: tomcat/trunk/webapps/docs/ssl-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=1353708&r1=1353707&r2=1353708&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/trunk/webapps/docs/ssl-howto.xml Mon Jun 25 19:27:52 2012
@@ -343,11 +343,14 @@ sources like "/dev/urandom" that will al
<code>$CATALINA_BASE</code> represents the base directory for the
Tomcat instance. An example <code><Connector></code> element
for an SSL connector is included in the default <code>server.xml</code>
-file installed with Tomcat. For JSSE, it should look something like this:</p>
+file installed with Tomcat. To configure an SSL connector that uses JSSE, you
+will need to remove the comments and edit it so it looks something like
+this:</p>
<source>
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
-<!--
+<-- Hard-coded to use the NIO protocol implementation -->
<Connector
+ protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
@@ -355,19 +358,20 @@ file installed with Tomcat. For JSSE, i
-->
</source>
<p>
- The example above will throw an error if you have the APR and the Tomcat
Native libraries in your path,
- as Tomcat will try to use the APR connector. The APR connector uses
different attributes for
- SSL keys and certificates. An example of an APR configuration is:
+ The example above will throw an error if you have the APR and the Tomcat
+ Native libraries in your path, as Tomcat will try to use the APR connector.
+ The APR connector uses different attributes for many SSL settings,
+ particularly keys and certificates. An example of an APR configuration is:
<source>
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
-<!--
+<-- Hard-coded to use the APR protocol implementation -->
<Connector
+ protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
- clientAuth="optional" SSLProtocol="TLSv1"/>
--->
+ SSLVerifyClient="optional" SSLProtocol="TLSv1"/>
</source>
</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
