Two Tomcat SSL Providers & One FreeBSD

Posted by mosg on Server Fault See other posts from Server Fault or by mosg
Published on 2010-04-21T08:38:17Z Indexed on 2010/04/21 8:44 UTC
Read the original article Hit count: 401

Filed under:
|
|

Hello everyone.

Question: On FreeBSD8 I need to have two opened HTTPS different ports (443 and 444, for example). In other words, I need two providers, working simultaneously:

  1. Ordinary SSL signed certificate (# Thawte) on 443 port

  2. Special russian security provider (# DIGTProvider, based on CryptoPro CSP software) on 444 port

I also have to mentioned, that the major provider is the 2'nd provider. Here is some of DIGTProvider options:

  • add to ${JRE_HOME}/lib/security/java.security this line

    security.provider.N=com.digt.trusted.jce.provider.DIGTProvider ssl.SocketFactory.provider=com.digt.trusted.jsse.provider.DigtSocketFactory

  • uncomment and edit in conf/server.xml HTTPS section:

    sslProtocol="GostTLS" (added)

  • edit bin/catalina.sh and add:

    export LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/opt/cprocsp/lib/ia32"

    export JAVA_OPTS="${JAVA_OPTS} -Dcom.digt.trusted.jsse.server.certFile=/home//server-gost.cer -Dcom.digt.trusted.jsse.server.keyPasswd=11111111"

As I know if I just define in server.xml tomcat's configuration file two SSL connectors, tomcat would not start, because in JRE you can use only one JSSE provider.

Thanks for help.

© Server Fault or respective owner

Related posts about freebsd

Related posts about tomcat