https certs with aaf+pe containers compatibility

[policy/engine.git] / packages / base / src / files / install / servers / common / tomcat / conf / server.xml

diff --git a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
index a78dfc8..02c548c 100644 (file)
--- a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
+++ b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
@@ -104,10 +104,14 @@
          documentation -->
 
     <!-- Use http instead of https
+    Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
+    passed in to the tomcat JVM:
+
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
-               keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"/>
+               keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
+               truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
     -->
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" />