You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/04/30 20:13:57 UTC
[tomcat] branch 8.5.x updated (1a3dd73 -> 525b699)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 1a3dd73 64398: Change default value separator for property replacement
new b22f9e3 Tweak wording for clarity
new 525b699 Add key store type section
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/http.xml | 48 +++++++++++++++++++++++++++++++++++++++-----
2 files changed, 47 insertions(+), 5 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/02: Add key store type section
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 525b6995500637eade78704f22650953b4450948
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Apr 30 21:06:21 2020 +0100
Add key store type section
---
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/http.xml | 42 ++++++++++++++++++++++++++++++++++++++++--
2 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 485fb83..be78bdb 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -145,6 +145,10 @@
Fix the saving of a Context configuration file via the scripting
interface of the Manager web application. (markt)
</fix>
+ <add>
+ Add a section to the TLS Connector documentation on different key store
+ types and how to configure them. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index ed97d26..e8616e5 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1449,7 +1449,8 @@
TLS virtual host and that certificate has a <code>keystoreType</code> that
is not <code>PKCS12</code> then the default will be the
<code>keystoreType</code> of the single certificate. If none of these
- identify a default, the default will be <code>JKS</code>.</p>
+ identify a default, the default will be <code>JKS</code>. See the notes on
+ <a href="#Key_store_types">key store types</a> below.</p>
</attribute>
</attributes>
@@ -1549,7 +1550,8 @@
If not specified, the value of the system property
<code>javax.net.ssl.keyStoreType</code> is used. If neither this attribute
nor the system property are set, a default value of "<code>JKS</code>". is
- used.</p>
+ used. See the notes on <a href="#Key_store_types">key store types</a>
+ below.</p>
</attribute>
<attribute name="type" required="false">
@@ -1612,6 +1614,42 @@
</subsection>
+ <subsection name="Key store types">
+
+ <p>In addition to the standard key store types (JKS and PKCS12), most Java
+ runtimes support additional key store types such as Windows-ROOT,
+ Windows-My, DKS as well as hardware security modules. Generally, to use
+ these additional keystore types with a TLS Conector in Tomcat:</p>
+
+ <ul>
+ <li>Set the certificateKeystoreType and/or truststoreType Connector
+ attribute (as appropriate) to the necessary type</li>
+ <li>If a configuration file is required, set the certificateKeystoreFile
+ and/or truststoreFile Connector attribute (as appropriate) to point to
+ the file</li>
+ <li>If no configuration file is required then you will almost certainly
+ need to explicitly set the certificateKeystoreFile and/or
+ truststoreFile Connector attribute (as appropriate) to the empty
+ string ("")</li>
+ <li>If a password is required, set the certificateKeystorePassword and/or
+ truststorePassword Connector attribute (as appropriate) to the
+ required password</li>
+ <li>If no password is required then you will almost certainly need to
+ explicitly set the certificateKeystorePassword and/or
+ truststorePassword Connector attribute (as appropriate) to the empty
+ string ("")</li>
+ </ul>
+
+ <p>Variations in key store implementations, combined with the key store
+ manipulation Tomcat does in the background to allow interoperability between
+ JSSE and OpenSSL configuration styles, means that some keystores may need
+ slightly different configuration. Assitance is always available from the
+ <a href="http://tomcat.apache.org/lists.html#tomcat-users">Apache Tomcat
+ users mailing list</a>. We aim to document any key stores that vary from the
+ above advice here. Currently there are none we are aware of.</p>
+
+ </subsection>
+
<subsection name="SSL Support - Connector - NIO and NIO2 (deprecated)">
<p>The following NIO and NIO2 SSL configuration attributes have been
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/02: Tweak wording for clarity
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b22f9e3562363ac6794a311235b8a61bb9b66886
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Apr 30 19:36:07 2020 +0100
Tweak wording for clarity
---
webapps/docs/config/http.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index e2da0a7..ed97d26 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1977,9 +1977,9 @@
</tr>
<tr>
<th>Tomcat Version</th>
- <td>6.x onwards</td>
- <td>8.x onwards</td>
- <td>5.5.x onwards</td>
+ <td>since 6.0.x</td>
+ <td>since 8.0.x</td>
+ <td>since 5.5.x</td>
</tr>
<tr>
<th>Support Polling</th>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org