Re: Question About Tomcat 11.0.5

Sat, 05 Apr 2025 15:57:19 -0700 

> On 2025 Apr 5, at 12:49, juan <bobenag...@gmail.com> wrote:
> 
> Yes, I read it, but can't find which attributes from sslhostconfig should I
> use
> And on internet couldn't find any examples, all of them use clientAuth


If you read the 9.0.x documentation for clientAuth, it says this:

clientAuth      
This is an alias for the certificateVerification attribute of the SSLHostConfig 
<https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig>
 element with the hostName of _default_. If thisSSLHostConfig 
<https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig>
 element is not explicitly defined, it will be created.


Is that not clear that you should now be using certificateVerification within 
SSLHostConfig?

  - Chuck


> On Sat, 5 Apr 2025, 19:13 Chuck Caldarale, <n82...@gmail.com> wrote:
> 
>> 
>>> On 2025 Apr 5, at 10:55, juan <bobenag...@gmail.com> wrote:
>>> 
>>> Hi
>>> 
>>> I'm migrating from tomcat 9 to tomcat 11.0.5
>>> 
>>> I need a client cert validation. Mi server.xml in tomcat 9 :
>>> 
>>> 
>>> <Connector SSLEnabled="true" *clientAuth="true"
>>> *keyAlias="karun-tomcat-server-cert"
>>> 
>>> 
>>> keystoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
>>> keystorePass="pass" maxThreads="150"
>>>    port="8448" protocol="org.apache.coyote.http11.Http11NioProtocol"
>>> scheme="https" secure="true" sslProtocol="TLS"
>>> 
>>> 
>> truststoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
>>> truststorePass="pass"/>
>>> 
>>> Adding clientAuth="true" does the trick, and my client has to have a
>>> certificate provided by me.
>>> 
>>> But in tomcat 11 clientAuth doesn't exist in connector and even reading
>>> documentation i can't find how to do it in tomcat 11
>> 
>> 
>> If you look at the 9.0.x SSL documentation, you’ll see that clientAuth was
>> deprecated even then, and was replaced by attributes of the SSLHostConfig
>> element.
>> 
>> https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support
>> https://tomcat.apache.org/tomcat-11.0-doc/config/http.html#SSL_Support
>> 
>>  - Chuck
>> 
>>

Reply via email to