You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Di...@psdi.com on 2000/12/20 20:21:05 UTC

SOLUTION - Re: Tomcat 3.2.1 binary standalone + SSL - Reworded


Ok, after much beating of my head against my desk, I think I have figured it
out.

In the tomcat-ssl-howto, the keytool program is used at the beginning of the
process, and at the end of the process. What appears to have been forgotten is
that the second time keytool is used, it needs to be run against the cacerts
keystore as opposed to the user's keystore. This adds the certificate created to
the list of trusted CAs, which allows tomcat to present the certificate to the
browser. Of course there will be the usual warnings about the domain name not
matching and such, but it appears to work.

If I am wrong with this, please let me know.

Dion Vansevenant
Internetwork Administrator
MRO.com



|--------+------------------------->
|        |          Dion_Vansevenan|
|        |          t@psdi.com     |
|        |                         |
|        |          20/12/2000     |
|        |          11:06          |
|        |          Please respond |
|        |          to tomcat-user |
|        |                         |
|--------+------------------------->
  >--------------------------------------------------------------------|
  |                                                                    |
  |       To:     tomcat-user@jakarta.apache.org                       |
  |       cc:     (bcc: Dion Vansevenant/PSDI)                         |
  |       Subject:     Tomcat 3.2.1 binary standalone + SSL - Reworded |
  >--------------------------------------------------------------------|






Ok, let's ask this. Has the current binary for Tomcat 3.2.1 been compiled to use
JSSE? I've seen posts in the archive that indicate previous binaries were not,
but that may have been during beta.

I am using the Tomcat 3.2.1 binary which I downloaded on Monday. We want a
standalone configuration as all of our pages are jsp, no static pages at all,
thus no real need for Apache. I can get the standard connection at port 8080 to
work, but when I try to connect vis SSL with IE5 I get a blank certificates
dialog box asking me to choose a certificate.

I have followed the intsructions in the tomcat-ssl-howto and in server.xml. What
have I missed? The tomcat-ssl-howto mentions something about a selfSign.pem, but
doesn't say anything about creating it, or where to put it, or anything.

I told keytool that I wanted my keystore to be /usr/local/tomcat/conf/keystore
and it created that file in that directory. Everything else seems to be ok.

When I hit the https address (https://ip.add.re.ss:8443/examples/jsp/index.htm)
tomcat reports:

2000-12-20 10:50:21 - Ctx(  ): 400 R( /) null
2000-12-20 10:50:21 - Ctx(  ): IOException in: R( /) Socket closed

I've set the logging in server.xml to DEBUG for all three log files, but nothing
additional seems to be recorded in the logs.

Any suggestions?

Thanks in advance.

Dion Vansevenant
Internetwork Administrator
MRO.com