2014-06-14 15:38 GMT+04:00 Steffen Heil (Mailinglisten) <[email protected]>:
> Hi
>
>
> I am using tomcat with the NIO connector, so I load the ssl certificate and
> private key from a keystore in pkcs12 format.
> This works fine using RSA.
>
> Now I want to switch to a certificate using ECC and that EC is not supported
> by the JRE. It IS however supported by bouncycastle.
> In my own code I need to specify "BC", when opening the keystore usng
> KeyStore.getInstance("PKCS12","BC").
> Then I can load and use that certificate.
>
> However there seems no way to do the same with the tomcat connector.
> Is it possible?
> How can I configure tomcat to use another provider?
The code in org.apache.tomcat.util.net.jsse.JSSESocketFactory#getStore(..) is
if (provider == null) {
ks = KeyStore.getInstance(type);
} else {
ks = KeyStore.getInstance(type, provider);
}
so you just have to set the provider = "BC".
That is AbstractEndpoint.setKeystoreProvider(String).
That is "keystoreProvider" attribute on a <Connector>.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
