Two Tomcat SSL Providers & One FreeBSD

Question

Versions used:

1. JDK 1.6

2. Apache Tomcat 6.0.2X

3. CryptoPro CSP 3.6 provider (www.cryptopro.ru)

Question: On FreeBSD8 I need to have two opened HTTPS different ports (443 and 444, for example). In other words, I need two providers, working simultaneously:

1. Ordinary SSL signed certificate (# Thawte) on 443 port

2. Special russian security provider (# DIGTProvider, based on CryptoPro CSP software) on 444 port

I also have to mentioned, that the major provider is the 2'nd provider. Here is some of DIGTProvider options:

• add to ${JRE_HOME}/lib/security/java.security this line

  security.provider.N=com.digt.trusted.jce.provider.DIGTProvider ssl.SocketFactory.provider=com.digt.trusted.jsse.provider.DigtSocketFactory

• uncomment and edit in conf/server.xml HTTPS section:

  sslProtocol="GostTLS" (added)

• edit bin/catalina.sh and add:

  export LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/opt/cprocsp/lib/ia32"

  export JAVA_OPTS="${JAVA_OPTS} -Dcom.digt.trusted.jsse.server.certFile=/home//server-gost.cer -Dcom.digt.trusted.jsse.server.keyPasswd=11111111"

As I know if I just define in server.xml tomcat's configuration file two SSL connectors, tomcat would not start, because in JRE you can use only one JSSE provider.

Thanks for help.

Answer 1

The solution is simple: do two copies of tomcat6 dist, and configure one with Ordinary SSL signed certificate and another one with Special russian security provider.