-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Peter,
On 1/29/20 2:26 PM, logo wrote:
> Chris,
>
>> Am 29.01.2020 um 16:59 schrieb Christopher Schultz
>> <ch...@christopherschultz.net>:
>>
> Peter,
>
> On 1/28/20 6:02 PM, logo wrote:
>>>>> <SSLHostConfig hostName=„tomcat.x.xxx"
>>>>> honorCipherOrder="true" protocols="TLSv1.2+TLSv1.3"
>>>>> ciphers="HIGH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POL
Y13
>
>>>>>
05:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA
> -AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA2
56
>
>
:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SH
> A256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-S
HA
>
>
:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:D
> HE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-
AE
>
>
S256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256
> :AES128-SHA:AES256-SHA:!DSS">
>>>>>
>>>>>
> <Certificate
> certificateKeystoreFile="${catalina.base}/conf/ssl/tomcat.p 12"
>>>>> certificateKeystorePassword="changeit"
>>>>> certificateKeyAlias="tomcat" type="RSA" />
>>>>> </SSLHostConfig>
>>>>
>>>>> P12 is created with
>>>>
>>>>> openssl pkcs12 -export -in tomcat.crt -inkey tomcat.key
>>>>> -certfile chain.pem -out tomcat.p12 -name tomcat -CAfile
>>>>> ca.crt -caname root -passout pass:changeit
>>>>
>>>>
>>>>> Seems to be valid and working ;-) .
>
> Hmm. What version of Java? Perhaps Java has gotten better about
> detecting the type of keystore? Also, Tomcat respects the value of
> -Djavax.net.ssl.keyStoreType so if (a) you are explicitly setting
> it to PKCS12 or (b) your Java version is doing that, then you don't
> need to specify it, as it's the default.
>
>> openjdk 11.0.6+10-post-Debian-1 and no JAVA_OPTS for certs…
It must just be the new default. :)
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4yELkACgkQHPApP6U8
pFgBfBAAvtW/NMZo/AVXYUFsA5GocrYfZDqwgE2B95M+9tFbBKTetuYBqzrOTKSx
AKiIU+0MGmqx0DUEPCgLh3prakJJtimhW+7JzM8i1nPEyhv242w8Y4+tsp9kwE5H
TQYsYhci3ydxQGP2QnwxbZdlxkgn4ngnEA1d6TuCp77E4Bi8rlglG7sB1IQhM3O9
yMY/60HBuIa3XTrdEdo2g5AKzQJ7AwjjWKpn3g0LtZBX0F3l/1S6jJIhCeLKHaWv
YbeIzJRUmGFE0XA6fTQXpN7XqWM617wlETdoSkWaGqUdAy2oHs6lO3mctqlQL4h6
TotSju1OKch7nbCntCludoNHVqawzSDSQSClkox3BnJ6jVIivVxUQ/8Ccs4opecv
XFChhCxBnnwd/rBwo1oNtP6K3/ekBtcHOIJhxtZ72BIhFbAT7PZeBstz4vN5isUQ
zzJo4prGhqd4CbgAKGvB5LtvpD3gltTgrtoKEz7k0XwMQ3AlqM2SjxE749HBeNlB
ZEeAIsrKTMzu+1UYXDOo2YOf7im8+5jCSuQJaL0DmgiLrIEEqi3hVPz3W07ZWAOh
766uqw0n7/HzTJ61bOO+gif3UGWS0b+fvLtNW+wHA6B0eMxgV9jWJudXtoOiRL8j
am6Ewv4dG6eJUlJcC2ZzHeLZMygoYbjY5rIBqb0o3O5CuiNNA3Q=
=Cz2L
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
