On 09/09/2019 23:28, Herb Burnswell wrote: <snip/>
> Questions: > > 1. What has changed in between Tomcat 8.5.32 --> 8.5.40 that seemingly now > requires truststore information in this connector configuration? There have have been several changes aimed at making it easier to switch between JSSE and OpenSSL based TLS implementations. Tomcat tries to store all provided keys and certs in an in-memory Java keystore and then provides the connectors with the keys and certs in the format they require. With the wide range of keystores and key formats there have been a few edge cases where the translation process broke. This looks like one of them. There are additional fixes in later 8.5.x releases so you may wish to try one of those. > 2. What needs to be done to allow this to work in the 8.5.40 Tomcat version? truststoreFile and truststorePassword should be configured on the SSLHostConfig not on the Certificate element. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
