You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Suneet Shah <su...@gmail.com> on 2011/01/18 07:54:42 UTC

Enabling SSL on Tomcat 6

Hello,

I am trying to enable SSL on Tomcat 6 without any luck. I am using a 
self signed cert. I have placed my entries in the server.xml file below.

Any thoughts on what I am doing wrong? I also pasted below the steps 
that I used to generate the cert.

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
            SSLEngine="on"
            SSLCertificateFile="/ssl/server.csr"
            SSLCertificateKeyFile="/ssl/server.key"
            SSLPassword="password"
     />


WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
property 'SSLEngine' to 'on' did not find a matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule 
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
property 'SSLCertificateFile' to '/ssl/server.csr' did not find a 
matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule 
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
property 'SSLCertificateKeyFile' to '/ssl/server.key' did not find a 
matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule 
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
property 'SSLPassword' to 'password' did not find a matching property.

Steps to create a cert:

#selfsigned cert using openssl

openssl genrsa -des3 -out server.key 1024

openssl req -new -key server.key -out server.csr

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key

openssl x509 -req -days 365 -in server.csr -signkey server.key -out 
server.crt

keytool -genkey -alias tomcat -keyalg RSA -keystore /ssl/tomcatks

keytool -certreq -alias tomcat -file tomcat.csr -keystore /ssl/tomcatks

echo 02 > serial.txt

openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req 
-in tomcat.csr -out tomcat.cer -days 365

keytool -import -alias serverCA -file server.crt -keystore /ssl/tomcatks



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Enabling SSL on Tomcat 6

Posted by Konstantin Kolinko <kn...@gmail.com>.

2011/1/18 Suneet Shah <su...@gmail.com>:
> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLEngine' to 'on' did not find a matching property.

There are two implementations of SSL available in Tomcat.  One is
implemented using Java cryptography API.  Another uses native
libraries.

Your connector is pure java (Nio), but your configuration settings are
for the APR (native) connector. Thus the warning messages in your log.
Read the docs more carefully - it is described there.

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Enabling SSL on Tomcat 6

Posted by amcereijo cereijo <am...@gmail.com>.

Hi,

I have this configuration for my tomcat 6.0.30

<Connector port="8449" maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
 SSLEnabled="true"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
 enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS"
keystoreFile="conf\tomcatserver.keystore"
 keystorePass="tomcat"/>

Your changes about my configuration:

   - where I have keystoreFile="conf\tomcatserver.keystore" I think you must
   put "tomcatks" (I think this your keystore)
   - where I have keystorePass="tomcat" I think you must put password for
   "tomcatks"


Regards, Ángel.

2011/1/18 Suneet Shah <su...@gmail.com>

> Hello,
>
> I am trying to enable SSL on Tomcat 6 without any luck. I am using a self
> signed cert. I have placed my entries in the server.xml file below.
>
> Any thoughts on what I am doing wrong? I also pasted below the steps that I
> used to generate the cert.
>
> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
>   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>   enableLookups="false" disableUploadTimeout="true"
>   acceptCount="100" scheme="https" secure="true"
>   clientAuth="false" sslProtocol="TLS"
>           SSLEngine="on"
>           SSLCertificateFile="/ssl/server.csr"
>           SSLCertificateKeyFile="/ssl/server.key"
>           SSLPassword="password"
>    />
>
>
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLEngine' to 'on' did not find a matching property.
> Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLCertificateFile' to '/ssl/server.csr' did not find a matching property.
> Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLCertificateKeyFile' to '/ssl/server.key' did not find a matching
> property.
> Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLPassword' to 'password' did not find a matching property.
>
> Steps to create a cert:
>
> #selfsigned cert using openssl
>
> openssl genrsa -des3 -out server.key 1024
>
> openssl req -new -key server.key -out server.csr
>
> cp server.key server.key.org
>
> openssl rsa -in server.key.org -out server.key
>
> openssl x509 -req -days 365 -in server.csr -signkey server.key -out
> server.crt
>
> keytool -genkey -alias tomcat -keyalg RSA -keystore /ssl/tomcatks
>
> keytool -certreq -alias tomcat -file tomcat.csr -keystore /ssl/tomcatks
>
> echo 02 > serial.txt
>
> openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req -in
> tomcat.csr -out tomcat.cer -days 365
>
> keytool -import -alias serverCA -file server.crt -keystore /ssl/tomcatks
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>