On 02/01/2020 09:24, logo wrote: <snip/>
> The connector comes up correctly, is accessible through the browser but if I > test the ssl setup, I get an error message that the key/cert may not be used > for "Key agreement" > > See: > testssl.sh <tomcat>:8443 > > Signature Algorithm ECDSA with SHA256 > Server key size EC 256 bits > Server key usage Digital Signature, Key Encipherment > Certificate incorrectly used for key agreement > Server extended key usage TLS Web Server Authentication, TLS Web Client > Authentication The allowed usages are configured when a certificate is created. See: https://www.openssl.org/docs/manmaster/man5/x509v3_config.html You need to take this up with your Certificate Authority. I'll look at the cipher differences next. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org