Tomcat 8.0 SSL

From Dogtag
Jump to: navigation, search

SSL Implementation

SSL Ciphers

SSL Client Authentication

<Connector ... clientAuth="want" />

SSL Keystore

JKS Keystore

$ $JAVA_HOME/bin/keytool -genkey -alias sslserver -keyalg RSA -keystore /usr/share/tomcat/keystore
<Connector port="8443"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="200"
           scheme="https"
           secure="true"
           SSLEnabled="true">

    <SSLHostConfig sslProtocol="SSL" ...>

        <Certificate certificateKeystoreType="jks"
                     certificateKeystoreFile="/usr/share/tomcat/keystore"
                     certificateKeystorePass="Secret.123"
                     certificateKeyAlias="sslserver" />

    </SSLHostConfig>

</Connector>

PKCS #11 Keystore

<Connector name="Secure"
           port="8443"
           protocol="org.dogtagpki.tomcat.Http11NioProtocol"
           SSLEnabled="true"
           sslProtocol="SSL"
           scheme="https"
           secure="true"
           ...
           keystoreType="pkcs11"
           keystoreProvider="Mozilla-JSS"
           keyAlias="sslserver"
           ...
/>

PKCS #12 Keystore

SSL Trust Manager

<Connector ... trustManagerClassName="org.dogtagpki.tomcat.PKITrustManager" />

See Also