Re: Question About Tomcat 11.0.5

2025-04-05 Thread Chuck Caldarale 

> On 2025 Apr 5, at 10:55, juan  wrote:
> 
> Hi
> 
> I'm migrating from tomcat 9 to tomcat 11.0.5
> 
> I need a client cert validation. Mi server.xml in tomcat 9 :
> 
> 
>  *keyAlias="karun-tomcat-server-cert"
> 
> 
> keystoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
> keystorePass="pass" maxThreads="150"
> port="8448" protocol="org.apache.coyote.http11.Http11NioProtocol"
> scheme="https" secure="true" sslProtocol="TLS"
> 
> truststoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
> truststorePass="pass"/>
> 
> Adding clientAuth="true" does the trick, and my client has to have a
> certificate provided by me.
> 
> But in tomcat 11 clientAuth doesn't exist in connector and even reading
> documentation i can't find how to do it in tomcat 11


If you look at the 9.0.x SSL documentation, you’ll see that clientAuth was 
deprecated even then, and was replaced by attributes of the SSLHostConfig 
element.

https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support
https://tomcat.apache.org/tomcat-11.0-doc/config/http.html#SSL_Support

  - Chuck

Question About Tomcat 11.0.5

2025-04-05 Thread juan 
Hi

I'm migrating from tomcat 9 to tomcat 11.0.5

I need a client cert validation. Mi server.xml in tomcat 9 :




Adding clientAuth="true" does the trick, and my client has to have a
certificate provided by me.

But in tomcat 11 clientAuth doesn't exist in connector and even reading
documentation i can't find how to do it in tomcat 11

Thanks...

Re: Question About Tomcat 11.0.5

2025-04-05 Thread juan 
Yes, I read it, but can't find which attributes from sslhostconfig should I
use
And on internet couldn't find any examples, all of them use clientAuth
Thanks

On Sat, 5 Apr 2025, 19:13 Chuck Caldarale,  wrote:

>
> > On 2025 Apr 5, at 10:55, juan  wrote:
> >
> > Hi
> >
> > I'm migrating from tomcat 9 to tomcat 11.0.5
> >
> > I need a client cert validation. Mi server.xml in tomcat 9 :
> >
> >
> >  > *keyAlias="karun-tomcat-server-cert"
> >
> >
> > keystoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
> > keystorePass="pass" maxThreads="150"
> > port="8448" protocol="org.apache.coyote.http11.Http11NioProtocol"
> > scheme="https" secure="true" sslProtocol="TLS"
> >
> >
> truststoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
> > truststorePass="pass"/>
> >
> > Adding clientAuth="true" does the trick, and my client has to have a
> > certificate provided by me.
> >
> > But in tomcat 11 clientAuth doesn't exist in connector and even reading
> > documentation i can't find how to do it in tomcat 11
>
>
> If you look at the 9.0.x SSL documentation, you’ll see that clientAuth was
> deprecated even then, and was replaced by attributes of the SSLHostConfig
> element.
>
> https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support
> https://tomcat.apache.org/tomcat-11.0-doc/config/http.html#SSL_Support
>
>   - Chuck
>
>

Re: Question About Tomcat 11.0.5

2025-04-05 Thread Chuck Caldarale 

> On 2025 Apr 5, at 12:49, juan  wrote:
> 
> Yes, I read it, but can't find which attributes from sslhostconfig should I
> use
> And on internet couldn't find any examples, all of them use clientAuth


If you read the 9.0.x documentation for clientAuth, it says this:

clientAuth  
This is an alias for the certificateVerification attribute of the SSLHostConfig 

 element with the hostName of _default_. If thisSSLHostConfig 

 element is not explicitly defined, it will be created.


Is that not clear that you should now be using certificateVerification within 
SSLHostConfig?

  - Chuck


> On Sat, 5 Apr 2025, 19:13 Chuck Caldarale,  wrote:
> 
>> 
>>> On 2025 Apr 5, at 10:55, juan  wrote:
>>> 
>>> Hi
>>> 
>>> I'm migrating from tomcat 9 to tomcat 11.0.5
>>> 
>>> I need a client cert validation. Mi server.xml in tomcat 9 :
>>> 
>>> 
>>> >> *keyAlias="karun-tomcat-server-cert"
>>> 
>>> 
>>> keystoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
>>> keystorePass="pass" maxThreads="150"
>>>port="8448" protocol="org.apache.coyote.http11.Http11NioProtocol"
>>> scheme="https" secure="true" sslProtocol="TLS"
>>> 
>>> 
>> truststoreFile="/home/german/Developement/eclipseAngular/tomcat-server.jks"
>>> truststorePass="pass"/>
>>> 
>>> Adding clientAuth="true" does the trick, and my client has to have a
>>> certificate provided by me.
>>> 
>>> But in tomcat 11 clientAuth doesn't exist in connector and even reading
>>> documentation i can't find how to do it in tomcat 11
>> 
>> 
>> If you look at the 9.0.x SSL documentation, you’ll see that clientAuth was
>> deprecated even then, and was replaced by attributes of the SSLHostConfig
>> element.
>> 
>> https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support
>> https://tomcat.apache.org/tomcat-11.0-doc/config/http.html#SSL_Support
>> 
>>  - Chuck
>> 
>>