Dear Sirs, i have a alfresco 6 on tomcat 9.0.16 and java 1.8.0_212-b04 on a RHEL 7 environment.
The ssl connector inside server.xml is: <Connector port="8443" protocol="HTTP/1.1" URIEncoding="UTF-8" maxThreads="150" SSLEnabled="true" scheme="https" keystoreFile="/web/data/alfresco/keystore/ssl.keystore" keystoreType="JCEKS" keystorePass="kT9X6oe68t" secure="true" connectionTimeout="240000" clientAuth="want" allowUnsafeLegacyRenegotiation="true" truststoreFile="/web/data/alfresco/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS" sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation" HttpHeaderSize="32768" debug="1" sslProtocol="TLS" /> I have a tomcat-users.xml with an entry like: <user username="CN=Alfresco Repository, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB" roles="repository" password="null"/> The solr client runs on a VM with the name lmssolr12-dev . It sends a ssl Certificat with an certificate common name ‘Alfresco Repository’ to the alfresco server which is defined inside tomcat-users.xml . But java in the version 1.8 don t care about the tomcat ssl configuration and gives me the ERROR: Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <lmssolr12-dev.dwelle.de> != </alfresco repository> The java configuration inside catalina.sh is: JAVA_OPTS="$JAVA_OPTS -Dsun.security.ssl.allowUnsafeRenegotiation=true -Djavax.net.ssl.keyStore=/web/data/alfresco/keystore/ssl.keystore -Djavax.net.ssl.keyStorePassword=kT9X6oe68t -Djavax.net.ssl.keyStoreType=JCEKS -Djavax.net.ssl.trustStore=/web/data/alfresco/keystore/ssl.truststore -Djavax.net.ssl.trustStorePassword=kT9X6oe68t -Djavax.net.ssl.trustStoreType=JCEKS -Djavax.net.debug=ssl,handshake -Djava.protocol.handler.pkgs=org.apache.catalina.webresources" I have thought that clientAuth="want" and sslProtocol="TLS" allow X509 authentification over tomcat-users.xml . What can i do to solve that problem? Thanks Peter