Chapter 10: HTTP Connectors . SSLPassword: Specifies the
Chapter 10: HTTP Connectors . SSLPassword: Specifies the passphrase used for the server private key. No default value. If not specified, the user is prompted for a password when the key is used. . SSLVerifyClient: Sets client authentication. The default is none, meaning client authentication is not enabled. You can also set this to optional, require, or optionalNoCA. . SSLVerifyDepth: Sets the maximum accepted verification depth for client certificates. The default is 10. . SSLCACertificateFile: Sets the file containing PEM (Base64) encoded certificates of CAs for client authentication. This single file should contain the certificates of all the client authentication CAs concatenated. You can either use this or the SSLCACertificatePath, described next, to specify CA certificates for client authentication. . SSLCACertificatePath: Sets the directory containing CA certificates for client authentications. Each individual file in this directory contains a single PEM (Base64) encoded CA certificate used for client authentication. The filenames used for these files are mod_sslgenerated hash symbolic links; these files are typically placed here using the makefile from mod_ssl. . SSLCertificateChainFile: Sets the file containing the server CA certificates chain. This file contains a concatenation of the PEM (Base64) encoded CA certificates in chain order. . SSLCARevocationFile: Sets the file containing PEM (Base64) encoded CA certification revocation lists for certificate revocation during client authentication. This single file should contain the Certification Revocation Lists of all client-authentication CRLs concatenated. You can either use this or the SSLCARevocationPath, described next, to specify CA certificates for client authentication. . SSLCARevocationPath: Sets the directory containing CA Certificates Revocation Lists for certificate revocation during client authentication. Each individual file in this directory contains a single CA Certificates Revocation List used for certificate revocation. The filenames used for these files are mod_ssl generated hash symbolic links; these files are typically placed here using the makefile from mod_ssl. Configuring Tomcat for CGI Support Support for CGI in Tomcat 6 is accomplished by a Servlet (the org.apache.catalina.servlets .CGIServlet) that simulates the way a Web server would handle a CGI script processing the CGI environment variables and then executing the CGI executable. However, CGI is disabled in the default Tomcat configuration for security reasons. For instance, a CGI script would bypass the security policies defined for programs in the catalina.policy file. More information about these security policies is provided in Chapter 14 . Enabling CGI support across all applications in a Tomcat server requires the following steps. There are performance and security issues with CGI, and unless you have to support legacy application code, you should not enable it in a production environment. See Chapter 14 for more details. 1. Uncomment the servletand servlet-mappingsettings for CGI in CATALINA_HOME/conf/ web.xml these settings are commented by default. The servlet-mapping causes all requests for Web pages with a /cgi-bin/ prefix to be passed to the CGI Servlet, and the servletelement specifies the fully qualified Java class name of the servlet and its configurable parameters.
For high quality java hosting services please check tomcat web hosting website.