Re: Tomcat8 - How to configure ssl certificates for both https and two-way authentication

Wed, 09 Aug 2017 04:25:00 -0700 

Mark,

Tomcat version is 8.0.39.

I have to use both server certificate (.pfx) and service certificate as
keystore. Do I need to convert PFX format certificate to JKS format. How to
configure more than on private certificate in keystore.

Senthil

On Wed, Aug 9, 2017 at 1:39 AM, Mark Thomas <ma...@apache.org> wrote:

> On 08/08/17 21:03, dsenthil...@gmail.com wrote:
> >
> >> Hello,
> >>
> >> I have configured ssl certificates for below requirements:
> >>
> >> 1. Tomcat server certificate configuration in 'server.xml' file to run
> tomcat server on port 443 and https
> >>
> >>  <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"
> minSpareThreads="25"
> >>                maxSpareThreads="75" enableLookups="false"
> disableUploadTimeout="true"
> >>                acceptCount="100" scheme="https" secure="true"
> SSLEnabled="true" clientAuth="false"
> >>                sslProtocol="TLSv1.2" 
> >> ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256"
> keystoreFile="Tomcat.HostName.pfx" keystorePass="password"
> >>                keystoreType="PKCS12" />
> >>
> >> 2. Service certificate configuration in 'setenv.sh' file for the
> two-way ssl authentication for the connection to MQ / Soap service servers.
> >>
> >> export JAVA_OPTS='-Djavax.net.ssl.keyStore=ServiceCertificate.p12
> -Djavax.net.ssl.keyStorePassword=password 
> -Djavax.net.ssl.trustStore=clienttruststore.jks
> -Djavax.net.ssl.trustStorePassword=changeit'
> >>
> >>
> >> But It looks like the service certificate configured (for the two-way
> ssl handshake with MQ and Soap service servers) in 'setenv.sh' file is
> overwriting the tomcat server ssl configuration configured in 'server.xml'
> and subsequently tomcat server is down for https and port 443.
> >>
> >> Can someone recommend suitable tomcat config to fix this issue. The
> tomcat config should support both https (port 443) and two-ways ssl
> handshake with other servers.
>
> Tomcat version?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to