Two Tomcat SSL Providers & One FreeBSD
Posted
by mosg
on Server Fault
See other posts from Server Fault
or by mosg
Published on 2010-04-21T08:38:17Z
Indexed on
2010/04/21
8:44 UTC
Read the original article
Hit count: 405
Hello everyone.
Question: On FreeBSD8 I need to have two opened HTTPS different ports (443 and 444, for example). In other words, I need two providers, working simultaneously:
Ordinary SSL signed certificate (# Thawte) on 443 port
Special russian security provider (# DIGTProvider, based on CryptoPro CSP software) on 444 port
I also have to mentioned, that the major provider is the 2'nd provider. Here is some of DIGTProvider options:
add to ${JRE_HOME}/lib/security/java.security this line
security.provider.N=com.digt.trusted.jce.provider.DIGTProvider ssl.SocketFactory.provider=com.digt.trusted.jsse.provider.DigtSocketFactory
uncomment and edit in conf/server.xml HTTPS section:
sslProtocol="GostTLS" (added)
edit bin/catalina.sh and add:
export LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/opt/cprocsp/lib/ia32"
export JAVA_OPTS="${JAVA_OPTS} -Dcom.digt.trusted.jsse.server.certFile=/home//server-gost.cer -Dcom.digt.trusted.jsse.server.keyPasswd=11111111"
As I know if I just define in server.xml tomcat's configuration file two SSL connectors, tomcat would not start, because in JRE you can use only one JSSE provider.
Thanks for help.
© Server Fault or respective owner