You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rick Chisholm <rc...@southlandonline.com> on 2009/03/03 22:51:06 UTC
tomcat + SSL
This has got to be a popular one...
I have a tomcat5.5 install on debian5 - I used the keytool to generate
a .keystore file in /etc/tomcat5.5
I've followed the SSL how-to, but when I restart tomcat port 8443 is nowhere
to be found. So now I've started with a barebones connector built from the
server-minimal.xml just to verify things are working.
Seems that as soon as I point the connector at the keystore and enable the SSL
elements in the connector, it fails to launch. Tomcat's lack of logging is
killing me!
current connector:
<Connector port="8443"
scheme="https" secure="true" compression="on"
clientAuth="false"
keystoreFile="/etc/tomcat5.5/.keystore"
sslProtocol="SSL" />
switched sslProtocol to see if it had any effect...
ideas?
--
-=-=-=-=-=-=-+-=-=-=-=-=-=-
Rick Chisholm
Manager Information Technology
Southland Insurance
t. 519-326-4455 x. 4444
f. 519-326-1324
e. rchisholm@southlandonline.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat + SSL
Posted by Rick Chisholm <rc...@southlandonline.com>.
On March 4, 2009 09:34:29 am Caldarale, Charles R wrote:
> You'll need to contact your OS supplier
> for support for a repackaged one.
thx Chuck - will seek support elsewhere.
--
-=-=-=-=-=-=-+-=-=-=-=-=-=-
Rick Chisholm
Manager Information Technology
Southland Insurance
t. 519-326-4455 x. 4444
f. 519-326-1324
e. rchisholm@southlandonline.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: tomcat + SSL
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Rick Chisholm [mailto:rchisholm@southlandonline.com]
> Subject: Re: tomcat + SSL
>
> define repackaged... this is what apt-get install tomcat5.5
> gave me
That's repackaged. A real Tomcat is one downloaded from tomcat.apache.org. The 3rd-party repackagers are notorious for changing Tomcat enough to make it incompatible with real ones. You'll need to contact your OS supplier for support for a repackaged one.
> the docs make it sound like you have to setup log4j to get
> logging...
What docs are you looking at? Tomcat logs pretty much everything already; the configuration (in a real Tomcat) is defined in conf/logging.properties.
> nothing getting written to /var/log or /var/lib/tomcat5.5/logs
Those locations are not used by a real Tomcat. Again, if you insist on using a repackaged, adulterated form of Tomcat, you'll have to get support from whomever you got it from. I'd strongly suggest throwing away what you've got, downloading and installing a real Tomcat, and trying it again.
If you're just starting out with Tomcat, I would also suggest using the current 6.0 version rather than the older 5.5.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat + SSL
Posted by Rick Chisholm <rc...@southlandonline.com>.
On March 3, 2009 05:04:48 pm Caldarale, Charles R wrote:
> Real Tomcat, or a repackaged one?
define repackaged... this is what apt-get install tomcat5.5 gave me, it's not
something that came along with another app, if that's what you're asking.
> There's no lack of logging in a real Tomcat... but if you're using a
> 3rd-party version, there's no telling to where the log files have been
> scattered.
the docs make it sound like you have to setup log4j to get logging... nothing
getting written to /var/log or /var/lib/tomcat5.5/logs
>
> The 8443 connector is commented out in the default server.xml; did you fix
> that?
did that the first time around - and ran keytool as per Tomcat docs, but that
actually generated .keystore in the home dir of the user it's executed as. I
removed that keystore and generated another redirecting the store
to /etc/tomcat5.5 and added the keystoreFile attribute to the connector still
nothing.
If I just have <Connector port="8443"> I get an open http port on 8443, it
only seems to fail once you set it up as an SSL port.
--
-=-=-=-=-=-=-+-=-=-=-=-=-=-
Rick Chisholm
Manager Information Technology
Southland Insurance
t. 519-326-4455 x. 4444
f. 519-326-1324
e. rchisholm@southlandonline.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: tomcat + SSL
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Rick Chisholm [mailto:rchisholm@southlandonline.com]
> Subject: tomcat + SSL
>
> I have a tomcat5.5 install on debian5
Real Tomcat, or a repackaged one?
> Tomcat's lack of logging is killing me!
There's no lack of logging in a real Tomcat... but if you're using a 3rd-party version, there's no telling to where the log files have been scattered.
> current connector:
> <Connector port="8443"
> scheme="https" secure="true" compression="on"
> clientAuth="false"
> keystoreFile="/etc/tomcat5.5/.keystore"
> sslProtocol="SSL" />
The 8443 connector is commented out in the default server.xml; did you fix that?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org