On 09/08/17 12:24, Senthil Kumar wrote: > Mark, > > Tomcat version is 8.0.39. > > I have to use both server certificate (.pfx) and service certificate as > keystore. Do I need to convert PFX format certificate to JKS format. How to > configure more than on private certificate in keystore.
The setenv.sh settings shouldn't interfere with the Tomcat connector but to be sure I suggest the following: - comment out the setenv.sh settings - start Tomcat - test https on port 443 and report and errors including those in the logs Once port 443 is working then uncomment the settings in setenv and check port 433 still works. Mark > > Senthil > > On Wed, Aug 9, 2017 at 1:39 AM, Mark Thomas <ma...@apache.org> wrote: > >> On 08/08/17 21:03, dsenthil...@gmail.com wrote: >>> >>>> Hello, >>>> >>>> I have configured ssl certificates for below requirements: >>>> >>>> 1. Tomcat server certificate configuration in 'server.xml' file to run >> tomcat server on port 443 and https >>>> >>>> <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" >> minSpareThreads="25" >>>> maxSpareThreads="75" enableLookups="false" >> disableUploadTimeout="true" >>>> acceptCount="100" scheme="https" secure="true" >> SSLEnabled="true" clientAuth="false" >>>> sslProtocol="TLSv1.2" >>>> ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256" >> keystoreFile="Tomcat.HostName.pfx" keystorePass="password" >>>> keystoreType="PKCS12" /> >>>> >>>> 2. Service certificate configuration in 'setenv.sh' file for the >> two-way ssl authentication for the connection to MQ / Soap service servers. >>>> >>>> export JAVA_OPTS='-Djavax.net.ssl.keyStore=ServiceCertificate.p12 >> -Djavax.net.ssl.keyStorePassword=password >> -Djavax.net.ssl.trustStore=clienttruststore.jks >> -Djavax.net.ssl.trustStorePassword=changeit' >>>> >>>> >>>> But It looks like the service certificate configured (for the two-way >> ssl handshake with MQ and Soap service servers) in 'setenv.sh' file is >> overwriting the tomcat server ssl configuration configured in 'server.xml' >> and subsequently tomcat server is down for https and port 443. >>>> >>>> Can someone recommend suitable tomcat config to fix this issue. The >> tomcat config should support both https (port 443) and two-ways ssl >> handshake with other servers. >> >> Tomcat version? >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
