Re: SSL issue

Fri, 26 Aug 2011 18:28:39 -0700 

On 08/26/2011 11:24 AM, Christopher Schultz wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Savitha,

On 8/25/2011 7:01 PM, Savitha Akella wrote:

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="443" maxThreads="150" scheme="https" secure="true"
SSLEnabled="true"

Okay.


keystoreFile="d:/users/apache-tomcat-7.0.11/keystore/key.keystore"
keyAlias="keyalias" keyPass="changeit"

Okay.

clientAuth="true"
truststoreFile="D:/users/apache-tomcat-7.0.11/keystore/trust.keystore"



truststorePass="changeit"

SSLVerifyClient="require"

Okay.


sslProtocol="TLS"

Should probably be "SSLProtocol", but might not matter. Also, "TLS" is
not a documented valid value for this attribute.

http://tomcat.apache.org/tomcat-7.0-doc/config/http.html
Kindly double-check your data. I see that its the default and doesn't need to be defined but is probably defined for clarity. 



SSLEngine="on"

SSLEngine is not a recognized attribute.
It is for the Listener container. This would turn on/off APR. Seems like a simple mistake. 



SSLVerifyDepth="4" />

Regards, Savitha On Thu, Aug 25, 2011 at 11:46 AM, Christopher
Schultz<  ch...@christopherschultz.net>  wrote:

Savitha,

On 8/25/2011 12:53 PM, Savitha Akella wrote:

We have given the "trustStorePass" value to point to a
keystore which has only the certificate for our web
services.

Do you mean "truststoreFile"?


Of course the clientAuth parameter is set to true.

Good.

Can you post your<Connector>  configuration for us? Remember to
remove any passwords from it.

-chris

---------------------------------------------------------------------



To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: users-h...@tomcat.apache.org



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5Xur0ACgkQ9CaO5/Lv0PC4sACgraqr86G+o/CQ4m4pfn7SRoVy
NkYAoJhi4pR9EVYbeXbEEcYdSAgJ28+b
=jKq/
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to