k.b.sou...@accenture.com wrote:
We don't have openSSL installed. Can't we configure APR/native without openssl?
The on-line documentation may help :
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL%20Support
-----Original Message-----
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Thursday, January 10, 2013 1:36 PM
To: Tomcat Users List
Subject: Re: Converting JSSE configuation to APR/native
2013/1/10 <k.b.sou...@accenture.com>:
Hi All,
We would like to convert our SSL connector from JSSE configuration to
APR/native. The tomcat version we are using is tomat7.0.27.
We are finding difficulty in converting our .jks file to SSLCertificateFile and
SSLCertificateKeyFile attributes which are specified as part of connector for
APR/native.
Can you please help us in this conversion. The connector which is used
currently is as below:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
executor="tomcatThreadPool" connectionTimeout="20000"
allowUnsafeLegacyRenegotiation="false"
ciphers="SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE
_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WIT
H_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_
3DES_EDE_CBC_SHA" keystoreFile="/dummy.jks" allowTrace="false"
keystorePass="dummy.com"/>
Any suggestion or help in this regard will be of great value.
1. Did you search archives of this mailing list?
If I remember correctly, converting a certificate was discussed some time ago.
2. The configuration attributes used by APR connector are quire similar to the
directives of mod_ssl of Apache HTTPD server, because they use the same
underlying library (OpenSSL). You can look at their documentation, and maybe
even search their mailing lists
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
Also,
http://wiki.apache.org/tomcat/HowTo/SSLCiphers
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
This message is for the designated recipient only and may contain privileged,
proprietary, or otherwise private information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the e-mail by you is prohibited.
Where allowed by local law, electronic communications with Accenture and its
affiliates, including e-mail and instant messaging (including content), may be
scanned by our systems for the purposes of information security and assessment
of internal compliance with Accenture policy.
______________________________________________________________________________________
www.accenture.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
