-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Peter,
On 1/29/20 2:26 PM, logo wrote: > Chris, > >> Am 29.01.2020 um 16:59 schrieb Christopher Schultz >> <ch...@christopherschultz.net>: >> > Peter, > > On 1/28/20 6:02 PM, logo wrote: >>>>> <SSLHostConfig hostName=„tomcat.x.xxx" >>>>> honorCipherOrder="true" protocols="TLSv1.2+TLSv1.3" >>>>> ciphers="HIGH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POL Y13 > >>>>> 05:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA > -AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA2 56 > > :DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SH > A256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-S HA > > :ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:D > HE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA- AE > > S256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256 > :AES128-SHA:AES256-SHA:!DSS"> >>>>> >>>>> > <Certificate > certificateKeystoreFile="${catalina.base}/conf/ssl/tomcat.p 12" >>>>> certificateKeystorePassword="changeit" >>>>> certificateKeyAlias="tomcat" type="RSA" /> >>>>> </SSLHostConfig> >>>> >>>>> P12 is created with >>>> >>>>> openssl pkcs12 -export -in tomcat.crt -inkey tomcat.key >>>>> -certfile chain.pem -out tomcat.p12 -name tomcat -CAfile >>>>> ca.crt -caname root -passout pass:changeit >>>> >>>> >>>>> Seems to be valid and working ;-) . > > Hmm. What version of Java? Perhaps Java has gotten better about > detecting the type of keystore? Also, Tomcat respects the value of > -Djavax.net.ssl.keyStoreType so if (a) you are explicitly setting > it to PKCS12 or (b) your Java version is doing that, then you don't > need to specify it, as it's the default. > >> openjdk 11.0.6+10-post-Debian-1 and no JAVA_OPTS for certs… It must just be the new default. :) - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4yELkACgkQHPApP6U8 pFgBfBAAvtW/NMZo/AVXYUFsA5GocrYfZDqwgE2B95M+9tFbBKTetuYBqzrOTKSx AKiIU+0MGmqx0DUEPCgLh3prakJJtimhW+7JzM8i1nPEyhv242w8Y4+tsp9kwE5H TQYsYhci3ydxQGP2QnwxbZdlxkgn4ngnEA1d6TuCp77E4Bi8rlglG7sB1IQhM3O9 yMY/60HBuIa3XTrdEdo2g5AKzQJ7AwjjWKpn3g0LtZBX0F3l/1S6jJIhCeLKHaWv YbeIzJRUmGFE0XA6fTQXpN7XqWM617wlETdoSkWaGqUdAy2oHs6lO3mctqlQL4h6 TotSju1OKch7nbCntCludoNHVqawzSDSQSClkox3BnJ6jVIivVxUQ/8Ccs4opecv XFChhCxBnnwd/rBwo1oNtP6K3/ekBtcHOIJhxtZ72BIhFbAT7PZeBstz4vN5isUQ zzJo4prGhqd4CbgAKGvB5LtvpD3gltTgrtoKEz7k0XwMQ3AlqM2SjxE749HBeNlB ZEeAIsrKTMzu+1UYXDOo2YOf7im8+5jCSuQJaL0DmgiLrIEEqi3hVPz3W07ZWAOh 766uqw0n7/HzTJ61bOO+gif3UGWS0b+fvLtNW+wHA6B0eMxgV9jWJudXtoOiRL8j am6Ewv4dG6eJUlJcC2ZzHeLZMygoYbjY5rIBqb0o3O5CuiNNA3Q= =Cz2L -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org