You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Richard da Silva <ro...@yahoo.com> on 2010/10/22 14:53:55 UTC

SSL Certificate : Unable to configure Tomcat "server.xml"

Hi all,

I've been fighting with a very silly problem all day.

I have an instance of Sun Identity Manager (IDM) running on a Tomcat server.

To be able to use some of its Resources features, we have had to create and install SSL Certificates.

Using some of the online documentation on the installation of SSL Certificates, I was able to successfully copy the Certificate to the keystore. (I did not create a new keystore. Instead, I used the default keystore which comes with the JAVA kit :  "cacerts" )

Everything seemed to work fine, and I got the confirmation message saying : "Certificate installed in keystore"

The final stage involves configuring the Tomcat "server.xml" file, to be able to allow SSL connection, and also to pinpoint the location of the Keystore. 

First, I commented out the "Connector Port 8080" details.  And then, I modified the "Connector port 8443" as follows : 


<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="tomcat"
keystoreFile="C:\Program Files\Java\jdk1.6.0_21\jre\lib\security\cacerts" keypass="my_password"/> 


And, this is where my problems began.

For some reason, I cannot get this to work.

At first, I was using Tomcat version 6.0.21   

I began to get several errors in my Tomcat window 

(a)  only one usage allowed for each of the following :  port / protocol / maxThreads, 

etc, etc

(b) System parameter "maxThreads"........no match found for parameter;
     System parameter "scheme"........no match found for parameter;
     System parameter "clientAuth"........no match found for parameter;

etc, etc



I began to wonder if, maybe, there was something wrong with the Tomcat version (6.0.21)

Last year, I had successfully performed a similar procedure (installed Certificate, modified Tomcat server.xml file, etc).  But, that version I used was :  6.0.18

So, I decided to try it.  I downloaded an older version of Tomcat (6.0.18), and repeated the process all over again.

This time, there were none of the above-mentioned errors. But, I got another error : 

Alias "tomcat" not found.

So, I removed that line ----- keyAlias="tomcat" ---- and re-started the server.

This time, something else happened : when I start-up the server, the Tomcat window goes haywire. I see phrases and lines of data (output) flashing on the screen at the speed of light. And, then, my computer hangs.  I have to re-boot it, to get it working again.

I'm at a total loss. 

I have racked my brain for any and all possible causes. At first, I thought that, maybe, I ought to have created a whole NEW keystore (as it mentions in the online manual). But, since I was able to successfully import my certificate into the default "cacerts", I figured that was not the reason.

And, besides, there is obviously something wrong with the newer version of Tomcat, because the older version (which I am now using), did not give me those earlier errors.

But, I still do not know what  I am doing wrong.

Any help will be greatly appreciated.


Thanks.


Richard da Silva

Re: SSL Certificate : Unable to configure Tomcat "server.xml"

Posted by Pid <pi...@pidster.com>.
On 22/10/2010 14:04, Pid * wrote:
> On 22 Oct 2010, at 13:54, Richard da Silva <ro...@yahoo.com> wrote:
> 
>> Hi all,
>>
>> I've been fighting with a very silly problem all day.
>>
>> I have an instance of Sun Identity Manager (IDM) running on a Tomcat server.
>>
>> To be able to use some of its Resources features, we have had to create and install SSL Certificates.
>>
>> Using some of the online documentation on the installation of SSL Certificates, I was able to successfully copy the Certificate to the keystore. (I did not create a new keystore. Instead, I used the default keystore which comes with the JAVA kit :  "cacerts" )
>>
>> Everything seemed to work fine, and I got the confirmation message saying : "Certificate installed in keystore"
>>
>> The final stage involves configuring the Tomcat "server.xml" file, to be able to allow SSL connection, and also to pinpoint the location of the Keystore.
>>
>> First, I commented out the "Connector Port 8080" details.  And then, I modified the "Connector port 8443" as follows :
>>
>>
>> <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="tomcat"
>> keystoreFile="C:\Program Files\Java\jdk1.6.0_21\jre\lib\security\cacerts" keypass="my_password"/>
> 
> You need to specify that it's an HTTP connector, rather than say an
> AJP connector.
> 
> Check your configuration against the docs.

Actually, I'm talking total nonsense.

Can you please remove the comments from server.xml and paste it, inline,
into here?


The docs are here:

 http://tomcat.apache.org/tomcat-6.0-doc/config/http.html


p


>> And, this is where my problems began.
>>
>> For some reason, I cannot get this to work.
>>
>> At first, I was using Tomcat version 6.0.21
>>
>> I began to get several errors in my Tomcat window
>>
>> (a)  only one usage allowed for each of the following :  port / protocol / maxThreads,
>>
>> etc, etc
>>
>> (b) System parameter "maxThreads"........no match found for parameter;
>>      System parameter "scheme"........no match found for parameter;
>>      System parameter "clientAuth"........no match found for parameter;
>>
>> etc, etc
>>
>>
>>
>> I began to wonder if, maybe, there was something wrong with the Tomcat version (6.0.21)
>>
>> Last year, I had successfully performed a similar procedure (installed Certificate, modified Tomcat server.xml file, etc).  But, that version I used was :  6.0.18
>>
>> So, I decided to try it.  I downloaded an older version of Tomcat (6.0.18), and repeated the process all over again.
>>
>> This time, there were none of the above-mentioned errors. But, I got another error :
>>
>> Alias "tomcat" not found.
>>
>> So, I removed that line ----- keyAlias="tomcat" ---- and re-started the server.
>>
>> This time, something else happened : when I start-up the server, the Tomcat window goes haywire. I see phrases and lines of data (output) flashing on the screen at the speed of light. And, then, my computer hangs.  I have to re-boot it, to get it working again.
>>
>> I'm at a total loss.
>>
>> I have racked my brain for any and all possible causes. At first, I thought that, maybe, I ought to have created a whole NEW keystore (as it mentions in the online manual). But, since I was able to successfully import my certificate into the default "cacerts", I figured that was not the reason.
>>
>> And, besides, there is obviously something wrong with the newer version of Tomcat, because the older version (which I am now using), did not give me those earlier errors.
>>
>> But, I still do not know what  I am doing wrong.
>>
>> Any help will be greatly appreciated.
>>
>>
>> Thanks.
>>
>>
>> Richard da Silva
>>
>>

Re: SSL Certificate : Unable to configure Tomcat "server.xml"

Posted by Pid * <pi...@pidster.com>.
On 22 Oct 2010, at 13:54, Richard da Silva <ro...@yahoo.com> wrote:

> Hi all,
>
> I've been fighting with a very silly problem all day.
>
> I have an instance of Sun Identity Manager (IDM) running on a Tomcat server.
>
> To be able to use some of its Resources features, we have had to create and install SSL Certificates.
>
> Using some of the online documentation on the installation of SSL Certificates, I was able to successfully copy the Certificate to the keystore. (I did not create a new keystore. Instead, I used the default keystore which comes with the JAVA kit :  "cacerts" )
>
> Everything seemed to work fine, and I got the confirmation message saying : "Certificate installed in keystore"
>
> The final stage involves configuring the Tomcat "server.xml" file, to be able to allow SSL connection, and also to pinpoint the location of the Keystore.
>
> First, I commented out the "Connector Port 8080" details.  And then, I modified the "Connector port 8443" as follows :
>
>
> <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="tomcat"
> keystoreFile="C:\Program Files\Java\jdk1.6.0_21\jre\lib\security\cacerts" keypass="my_password"/>

You need to specify that it's an HTTP connector, rather than say an
AJP connector.

Check your configuration against the docs.


p


> And, this is where my problems began.
>
> For some reason, I cannot get this to work.
>
> At first, I was using Tomcat version 6.0.21
>
> I began to get several errors in my Tomcat window
>
> (a)  only one usage allowed for each of the following :  port / protocol / maxThreads,
>
> etc, etc
>
> (b) System parameter "maxThreads"........no match found for parameter;
>      System parameter "scheme"........no match found for parameter;
>      System parameter "clientAuth"........no match found for parameter;
>
> etc, etc
>
>
>
> I began to wonder if, maybe, there was something wrong with the Tomcat version (6.0.21)
>
> Last year, I had successfully performed a similar procedure (installed Certificate, modified Tomcat server.xml file, etc).  But, that version I used was :  6.0.18
>
> So, I decided to try it.  I downloaded an older version of Tomcat (6.0.18), and repeated the process all over again.
>
> This time, there were none of the above-mentioned errors. But, I got another error :
>
> Alias "tomcat" not found.
>
> So, I removed that line ----- keyAlias="tomcat" ---- and re-started the server.
>
> This time, something else happened : when I start-up the server, the Tomcat window goes haywire. I see phrases and lines of data (output) flashing on the screen at the speed of light. And, then, my computer hangs.  I have to re-boot it, to get it working again.
>
> I'm at a total loss.
>
> I have racked my brain for any and all possible causes. At first, I thought that, maybe, I ought to have created a whole NEW keystore (as it mentions in the online manual). But, since I was able to successfully import my certificate into the default "cacerts", I figured that was not the reason.
>
> And, besides, there is obviously something wrong with the newer version of Tomcat, because the older version (which I am now using), did not give me those earlier errors.
>
> But, I still do not know what  I am doing wrong.
>
> Any help will be greatly appreciated.
>
>
> Thanks.
>
>
> Richard da Silva
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org