On Tue, Sep 10, 2019 at 5:38 AM Mark Thomas <ma...@apache.org> wrote:
> On 10/09/2019 13:14, Herb Burnswell wrote: > > <snip/> > > > My apologies for my ignorance here, when you say 'configured on the > > SSLHostConfig' are you saying it should NOT be in this block: > > > > <snip> > > > > <SSLHostConfig hostName="*.example1.com"> > > > > <Certificate certificateKeystoreType="PKCS12" > > > certificateKeystoreFile="/app/config/keystore.p12" > > certificateKeyAlias="example_wildcard" > > certificateKeystorePassword="maskedpasswd" > > truststoreFile="/app/config/truststore.p12" > > truststorePassword="maskedpasswd" > > type="RSA"/> > > > > </SSLHostConfig> > > > > <snip> > > > > This is how I tried to configure it and we still receive the > "trustAnchors > > parameter must be non-empty" error. Can you clarify where you mean the > > truststore directives should be defined? > > > You need to move the trust store config from the Certificate to the > > SSLHostConfig like this: > > > <SSLHostConfig > > hostName="*.example1.com" > > truststoreFile="/app/config/truststore.p12" > > truststorePassword="maskedpasswd" > > > > > > <Certificate > > certificateKeystoreType="PKCS12" > > certificateKeystoreFile="/app/config/keystore.p12" > > certificateKeyAlias="example_wildcard" > > certificateKeystorePassword="maskedpasswd" > > type="RSA" > > /> > > > </SSLHostConfig> > > > Mark > Thank you Mark, that appears to have done the trick. Greatly appreciated.. HB > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >