You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/04/30 20:12:13 UTC
[tomcat] branch 9.0.x updated (fa38322 -> 09326c6)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from fa38322 Add deprecation
new 88dd57d Tweak wording for clarity
new 09326c6 Add key store type section
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/http.xml | 48 +++++++++++++++++++++++++++++++++++++++-----
2 files changed, 47 insertions(+), 5 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/02: Add key store type section
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 09326c68a6bf55c12adefc36c427077389a7e72f
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Apr 30 21:06:21 2020 +0100
Add key store type section
---
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/http.xml | 42 ++++++++++++++++++++++++++++++++++++++++--
2 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5ceb6ca..35b9cc9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -146,6 +146,10 @@
Fix the saving of a Context configuration file via the scripting
interface of the Manager web application. (markt)
</fix>
+ <add>
+ Add a section to the TLS Connector documentation on different key store
+ types and how to configure them. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index f73d26f..7f6cf2f 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1439,7 +1439,8 @@
TLS virtual host and that certificate has a <code>keystoreType</code> that
is not <code>PKCS12</code> then the default will be the
<code>keystoreType</code> of the single certificate. If none of these
- identify a default, the default will be <code>JKS</code>.</p>
+ identify a default, the default will be <code>JKS</code>. See the notes on
+ <a href="#Key_store_types">key store types</a> below.</p>
</attribute>
</attributes>
@@ -1539,7 +1540,8 @@
If not specified, the value of the system property
<code>javax.net.ssl.keyStoreType</code> is used. If neither this attribute
nor the system property are set, a default value of "<code>JKS</code>". is
- used.</p>
+ used. See the notes on <a href="#Key_store_types">key store types</a>
+ below.</p>
</attribute>
<attribute name="type" required="false">
@@ -1602,6 +1604,42 @@
</subsection>
+ <subsection name="Key store types">
+
+ <p>In addition to the standard key store types (JKS and PKCS12), most Java
+ runtimes support additional key store types such as Windows-ROOT,
+ Windows-My, DKS as well as hardware security modules. Generally, to use
+ these additional keystore types with a TLS Conector in Tomcat:</p>
+
+ <ul>
+ <li>Set the certificateKeystoreType and/or truststoreType Connector
+ attribute (as appropriate) to the necessary type</li>
+ <li>If a configuration file is required, set the certificateKeystoreFile
+ and/or truststoreFile Connector attribute (as appropriate) to point to
+ the file</li>
+ <li>If no configuration file is required then you will almost certainly
+ need to explicitly set the certificateKeystoreFile and/or
+ truststoreFile Connector attribute (as appropriate) to the empty
+ string ("")</li>
+ <li>If a password is required, set the certificateKeystorePassword and/or
+ truststorePassword Connector attribute (as appropriate) to the
+ required password</li>
+ <li>If no password is required then you will almost certainly need to
+ explicitly set the certificateKeystorePassword and/or
+ truststorePassword Connector attribute (as appropriate) to the empty
+ string ("")</li>
+ </ul>
+
+ <p>Variations in key store implementations, combined with the key store
+ manipulation Tomcat does in the background to allow interoperability between
+ JSSE and OpenSSL configuration styles, means that some keystores may need
+ slightly different configuration. Assitance is always available from the
+ <a href="http://tomcat.apache.org/lists.html#tomcat-users">Apache Tomcat
+ users mailing list</a>. We aim to document any key stores that vary from the
+ above advice here. Currently there are none we are aware of.</p>
+
+ </subsection>
+
<subsection name="SSL Support - Connector - NIO and NIO2 (deprecated)">
<p>The following NIO and NIO2 SSL configuration attributes have been
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/02: Tweak wording for clarity
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 88dd57d9719ac3f897332d757ac86c0aac65012c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Apr 30 19:36:07 2020 +0100
Tweak wording for clarity
---
webapps/docs/config/http.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index ed62ffb..f73d26f 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1967,9 +1967,9 @@
</tr>
<tr>
<th>Tomcat Version</th>
- <td>6.x onwards</td>
- <td>8.x onwards</td>
- <td>5.5.x onwards</td>
+ <td>since 6.0.x</td>
+ <td>since 8.0.x</td>
+ <td>since 5.5.x</td>
</tr>
<tr>
<th>Support Polling</th>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org