Re: Enable two way SSL in Apache Tomcat 10 Version 10.0.27

Sun, 20 Aug 2023 08:19:56 -0700 

On Sun, Aug 20, 2023 at 4:25 PM <l...@kreuser.name> wrote:

> Kaushal,
>
> please check the new configuration method with SSLHostConfig - your's is
> probably from an older version, right? In the working version you already
> use it.
>
> see my (redacted) config:
>
>  <Connector port="8443"
>            protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
>  sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>            allowTrace="false"
>            maxThreads="150"
>            SSLEnabled="true"
>            compression="off"
>            scheme="https"
>            server="Apache Tomcat"
>            secure="true"
>            defaultSSLHostConfigName="example.com" >
>     <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> compression="on" />
>     <SSLHostConfig
>               hostName="example.com"
>               honorCipherOrder="true"
>               protocols="+TLSv1.2,+TLSv1.3"
>               certificateVerification="required"
> <!-- optional
> certificateRevocationListFile="${catalina.base}/conf/ssl/ca-bundle-client.crl"
> -->
>               truststoreFile="${catalina.base}/conf/ssl/cacerts.jks"
>               truststorePassword="changeit"
>
> ciphers="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>        <Certificate
> certificateKeystoreFile="${catalina.base}/conf/ssl/tomcat.p12"
>                     certificateKeystorePassword="changeit"
>                     certificateKeyAlias="tomcat"
>                     type="RSA" />
>     </SSLHostConfig>
> </Connector>
>
>
> Hope this helps
>
> Peter
>
>
Thanks Peter for the quick email response and appreciate it. It worked like
a charm. Thanks once again.

Best Regards,

Kaushal

Reply via email to