Page History

...

Code Block

language	html/xml

<!-- Localhost-only connector for IDP command line tools -->
<Connector address="127.0.0.1" port="80" />
 
<!-- https://tomcat.apache.org/tomcat-10.1-doc/ssl-howto.html -->
<!-- https://tomcat.apache.org/tomcat-10.1-doc/config/http.html#SSL_Support -->
<Connector
  port="443"
  protocol="org.apache.coyote.http11.Http11NioProtocol"
  maxThreads="150"
  maxPostSize="100000"
  SSLEnabled="true"
  scheme="https"
  secure="true">
  clientAuth<UpgradeProtocol className="false"
  sslProtocol="TLSorg.apache.coyote.http2.Http2Protocol" />
  <SSLHostConfig>
    <Certificate type="RSA"
  sslEnabledProtocols    protocols="TLSv1.2,TLSv1.3"
  keystoreType="pkcs12"
  keystoreFile="/etc/tomcat10/webserver.p12"
  keystorePass="see above">
  <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocolciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"
      certificateKeystoreType="PKCS12"
      certificateKeystoreFile="/etc/tomcat10/webserver.p12"
      certificateKeystorePassword="see sections above" />
    </SSLHostConfig>
</Connector>

Info
The ciphers list above comes straight from the moz://a SSL Configuration Generator using their "Intermediate" configuration for Tomcat. Feel free to use other ciphers but be aware of the multitude and variety of clients / web browsers you may need to support in practice.

Start Tomcat, check for listening ports, and access https://webserver-fqdn/foo which should result in an HTTP Status 404 error (since /foo won't exist) but allows you to confirm a hopefully valid TLS/SSL webserver configuration:

...

ACOnet Identity Federation

Content

Page tree

Versions Compared

Old Version 2

New Version 3

Key

Links

Help

Intranet Tools