What is difference between keystore/truststore in JAVA_OPTS and in the Connector? Eg:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=<trustStorePath> \
-Djavax.net.ssl.trustStorePassword=<trustStorePassword> \
-Djavax.net.ssl.keyStorePassword=<keystorePassword> \
-Djavax.net.ssl.keyStore=<keystorePath> \
-Djavax.net.ssl.keyStoreType=JKS \
-Djavax.net.ssl.trustStoreType=JKS"
and
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keyAlias="server"
keystoreFile="/home/user_name/your_site_name.jks"
keystorePass="your_keystore_password" />
I would like to use second approach. Can I get rid of first JAVA_OPTS settings? Is there any advantage of using first approach if there is second one (connector with params)?
The first one sets the default SSLContext for the whole JVM, the second one only configures the SSLContext for the https SSL Connector, i.e. for clients connecting to your application via https.
The JAVA_OPTS settings seems redundant if you only use SSL for the https server. It remains useful if you want to add a trusted server certificate or a client key to set up SSL connections to another server over secure http, ldap, ftp etc.