You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Suneet Shah <su...@gmail.com> on 2011/01/18 07:54:42 UTC
Enabling SSL on Tomcat 6
Hello,
I am trying to enable SSL on Tomcat 6 without any luck. I am using a
self signed cert. I have placed my entries in the server.xml file below.
Any thoughts on what I am doing wrong? I also pasted below the steps
that I used to generate the cert.
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLEngine="on"
SSLCertificateFile="/ssl/server.csr"
SSLCertificateKeyFile="/ssl/server.key"
SSLPassword="password"
/>
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'SSLEngine' to 'on' did not find a matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'SSLCertificateFile' to '/ssl/server.csr' did not find a
matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'SSLCertificateKeyFile' to '/ssl/server.key' did not find a
matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'SSLPassword' to 'password' did not find a matching property.
Steps to create a cert:
#selfsigned cert using openssl
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt
keytool -genkey -alias tomcat -keyalg RSA -keystore /ssl/tomcatks
keytool -certreq -alias tomcat -file tomcat.csr -keystore /ssl/tomcatks
echo 02 > serial.txt
openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req
-in tomcat.csr -out tomcat.cer -days 365
keytool -import -alias serverCA -file server.crt -keystore /ssl/tomcatks
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Enabling SSL on Tomcat 6
Posted by Konstantin Kolinko <kn...@gmail.com>.
2011/1/18 Suneet Shah <su...@gmail.com>:
> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLEngine' to 'on' did not find a matching property.
There are two implementations of SSL available in Tomcat. One is
implemented using Java cryptography API. Another uses native
libraries.
Your connector is pure java (Nio), but your configuration settings are
for the APR (native) connector. Thus the warning messages in your log.
Read the docs more carefully - it is described there.
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Enabling SSL on Tomcat 6
Posted by amcereijo cereijo <am...@gmail.com>.
Hi,
I have this configuration for my tomcat 6.0.30
<Connector port="8449" maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf\tomcatserver.keystore"
keystorePass="tomcat"/>
Your changes about my configuration:
- where I have keystoreFile="conf\tomcatserver.keystore" I think you must
put "tomcatks" (I think this your keystore)
- where I have keystorePass="tomcat" I think you must put password for
"tomcatks"
Regards, Ángel.
2011/1/18 Suneet Shah <su...@gmail.com>
> Hello,
>
> I am trying to enable SSL on Tomcat 6 without any luck. I am using a self
> signed cert. I have placed my entries in the server.xml file below.
>
> Any thoughts on what I am doing wrong? I also pasted below the steps that I
> used to generate the cert.
>
> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> SSLEngine="on"
> SSLCertificateFile="/ssl/server.csr"
> SSLCertificateKeyFile="/ssl/server.key"
> SSLPassword="password"
> />
>
>
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLEngine' to 'on' did not find a matching property.
> Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLCertificateFile' to '/ssl/server.csr' did not find a matching property.
> Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLCertificateKeyFile' to '/ssl/server.key' did not find a matching
> property.
> Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLPassword' to 'password' did not find a matching property.
>
> Steps to create a cert:
>
> #selfsigned cert using openssl
>
> openssl genrsa -des3 -out server.key 1024
>
> openssl req -new -key server.key -out server.csr
>
> cp server.key server.key.org
>
> openssl rsa -in server.key.org -out server.key
>
> openssl x509 -req -days 365 -in server.csr -signkey server.key -out
> server.crt
>
> keytool -genkey -alias tomcat -keyalg RSA -keystore /ssl/tomcatks
>
> keytool -certreq -alias tomcat -file tomcat.csr -keystore /ssl/tomcatks
>
> echo 02 > serial.txt
>
> openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req -in
> tomcat.csr -out tomcat.cer -days 365
>
> keytool -import -alias serverCA -file server.crt -keystore /ssl/tomcatks
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>