[OT] issues with Tomcat to Siteminder communication post mod-proxy setup

Fri, 08 Jul 2022 13:48:48 -0700 

Chris,

Moving this discussion to here. Yes, it appears that I broke something when 
setting up the Tomcat Connector for the mod-proxy that is now affecting, 
somehow, the SSL communication with the Site Minder services. Here is the 
connector we added below. Temporarily have set certificateVerification to 
optional to see if it was something with the communication between HTTPD and 
Tomcat.

                <Connector port="8305" 
protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="100" 
compression="on" scheme="https" SSLEnabled="true" secure="true">

                                <SSLHostConfig protocols="TLSv1.2" 
certificateVerification="optional" truststoreFile="" truststorePassword="" 
truststoreType="JKS"
                                ciphers="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
                                TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                                TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                                TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
                                TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
                                TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                                TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                                TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
                                TLS_DHE_RSA_WITH_AES_128_CCM,
                                TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
                                TLS_DHE_RSA_WITH_AES_128_CCM_8,
                                TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
                                TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                                TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                                TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256">

                                                <Certificate Type="RSA" 
certificateKeystoreFile="<certificate>.pfx" certificateKeystorePassword="" 
certificateKeystoreType="pkcs12" />

                                </SSLHostConfig>
                </Connector>

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

[email protected]<mailto:[email protected]>
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

Reply via email to