forked from apache/tomcat
-
Notifications
You must be signed in to change notification settings - Fork 0
Tomcat 8.5 Configuring HTTPS Connector
Endi S. Dewata edited this page Sep 14, 2023
·
1 revision
<SSLHostConfig ... certificateVerification="optional" /> <Certificate ... /> </sslhostconfig> </connector>
HTTP/1.1 Connector with JSSE NIO implementation:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" port="8443" .../>
HTTP/1.1 Connector with JSSE NIO2 implementation:
<Connector protocol="org.apache.coyote.http11.Http11Nio2Protocol" sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" port="8443" .../>
HTTP/1.1 Connector with JSSE NIO implementation and OpenSSL:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation" .../>
HTTP/1.1 Connector with APR implementation:
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443" .../>
$ $JAVA_HOME/bin/keytool -genkey -alias sslserver -keyalg RSA -keystore /usr/share/tomcat/keystore
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="200" scheme="https" secure="true" SSLEnabled="true"> <SSLHostConfig sslProtocol="SSL" ...> <Certificate certificateKeystoreType="jks" certificateKeystoreFile="/usr/share/tomcat/keystore" certificateKeystorePass="Secret.123" certificateKeyAlias="sslserver" /> </sslhostconfig> </connector>
<SSLHostConfig sslProtocol="SSL" ...> <Certificate <font color="red">certificateKeystoreType="pkcs11"</font> <font color="red">certificateKeystoreProvider="Mozilla-JSS"</font> <font color="red">certificateKeyAlias="sslserver"</font> /> </sslhostconfig> </connector>
- Tomcat SSL Configuration with JSSE
- Tomcat SSL Configuration with OpenSSL
- Tomcat SSL Configuration with JSS
<SSLHostConfig ... <font color="red">trustManagerClassName="org.dogtagpki.tomcat.PKITrustManager"</font>> <Certificate ... /> </sslhostconfig> </connector>