You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Hoa Doan <ge...@yahoo.com> on 2007/03/05 19:55:57 UTC
SSL on Tomcat 5 problem.
I have gone through the steps provided on Tomcat SSL document and generated a .keystore file. I put it in my C:\keystore directory. Here are my server.xml config:
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="80" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https"
secure="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\keystore\.keystore" />
And this is my Catalina log file.
Mar 2, 2007 4:24:07 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-80
Mar 2, 2007 4:24:07 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-443
Mar 2, 2007 4:24:07 PM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Mar 2, 2007 4:24:07 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 421 ms
Mar 2, 2007 4:24:07 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Mar 2, 2007 4:24:07 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.20
Mar 2, 2007 4:24:08 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Mar 2, 2007 4:24:08 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-80
Mar 2, 2007 4:24:08 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-443
Mar 2, 2007 4:24:08 PM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Mar 2, 2007 4:24:08 PM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
Mar 2, 2007 4:24:08 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 875 ms
I am running all of this on Window XP home edition.
Thank you,
Henry
---------------------------------
Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
RE: SSL on Tomcat 5 problem.
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Hoa Doan [mailto:geizgeiz123@yahoo.com]
> Subject: RE: SSL on Tomcat 5 problem.
>
> But for curiosity what is tcnative-1.dll used for?
It's essentially the same code that httpd uses to handle HTTP traffic,
written in C. Since it's a bit closer to the comm hardware it provides
somewhat better throughput than the pure Java HTTP and AJP connectors in
Tomcat 5.5. When employed for HTTPS, it's noticeably faster, since it
uses the native code OpenSSL for encryption, rather than Sun's JSSE
logic. It also reduces the number of threads required for persistent
HTTP connections (using keep-alives), since it employs socket polling
rather than dedicated threads for that purpose (the NIO connector in
Tomcat 6 also uses a poll/select mechanism to avoid dedicated threads).
Whether or not the additional complexity and reduced portability is
worth the performance delta is entirely dependent on your workload and
environment.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL on Tomcat 5 problem.
Posted by Hoa Doan <ge...@yahoo.com>.
WOW!! It worked, all i did now was rename tcnative-1.dll.
Yes I read the fine print but miss interpret it. I thought I was using JSSE since i used the keytool to generate my own key. So what i generated is a non-APR, but the guide didn't say anything about renaming tcnative-1.dll.
But for curiosity what is tcnative-1.dll used for?
Thank you again,
Hoa
"Caldarale, Charles R" <Ch...@unisys.com> wrote: > From: Hoa Doan [mailto:geizgeiz123@yahoo.com]
> Subject: SSL on Tomcat 5 problem.
>
> I have gone through the steps provided on Tomcat SSL document
> and generated a .keystore file.
Unfortunately, you didn't look at the fine print.
> Mar 2, 2007 4:24:07 PM org.apache.coyote.http11.Http11AprProtocol init
> INFO: Initializing Coyote HTTP/1.1 on http-443
The above shows that you're using APR; the SSL config for that is quite
different from that of the pure Java connector. The first paragraph
under the ssl-howto page reads:
"IMPORTANT NOTE: This Howto refers to usage of JSSE. When using APR,
Tomcat will use OpenSSL, which uses a different configuration."
If you want to use your existing non-APR SSL config, delete or rename
the tcnative-1.dll in Tomcat's bin directory. If you want to continue
using APR, read the doc at the following link to configure it:
http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------
Expecting? Get great news right away with email Auto-Check.
Try the Yahoo! Mail Beta.
RE: SSL on Tomcat 5 problem.
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Hoa Doan [mailto:geizgeiz123@yahoo.com]
> Subject: SSL on Tomcat 5 problem.
>
> I have gone through the steps provided on Tomcat SSL document
> and generated a .keystore file.
Unfortunately, you didn't look at the fine print.
> Mar 2, 2007 4:24:07 PM org.apache.coyote.http11.Http11AprProtocol init
> INFO: Initializing Coyote HTTP/1.1 on http-443
The above shows that you're using APR; the SSL config for that is quite
different from that of the pure Java connector. The first paragraph
under the ssl-howto page reads:
"IMPORTANT NOTE: This Howto refers to usage of JSSE. When using APR,
Tomcat will use OpenSSL, which uses a different configuration."
If you want to use your existing non-APR SSL config, delete or rename
the tcnative-1.dll in Tomcat's bin directory. If you want to continue
using APR, read the doc at the following link to configure it:
http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org