You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dave Brondsema <da...@brondsema.net> on 2006/02/20 17:30:51 UTC
scheme="https" not working?
I'm using Tomcat 5.5.15 on Windows 2000. I have this connector:
<Connector scheme="https" port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\Program Files\Apache Software
Foundation\Tomcat 5.5\conf\ssl_keystore" keystorePass="XXX"
keystoreType="JKS"/>
I can access
http://eaglesnest-test.cornerstone.edu:443/manager/html
but I get no response when attempting to access
https://eaglesnest-test.cornerstone.edu:443/manager/html
Somehow it's running unsecured but still on port 443.
What's happening?
Here are the logfiles:
DEBUG 2006-02-20 11:20:29,288 org.apache.catalina.startup.Embedded -
Setting naming prefix=org.apache.naming
DEBUG 2006-02-20 11:20:29,413 org.apache.catalina.startup.Catalina -
Digester for server.xml created 125
DEBUG 2006-02-20 11:20:30,600 org.apache.coyote.http11.Http11AprProtocol
- Attribute soLinger: -1
DEBUG 2006-02-20 11:20:30,600 org.apache.coyote.http11.Http11AprProtocol
- Attribute soTimeout: 60000
DEBUG 2006-02-20 11:20:30,600 org.apache.coyote.http11.Http11AprProtocol
- Attribute tcpNoDelay: true
DEBUG 2006-02-20 11:20:30,632 org.apache.coyote.http11.Http11AprProtocol
- Attribute port: 443
DEBUG 2006-02-20 11:20:30,632 org.apache.coyote.http11.Http11AprProtocol
- Attribute maxHttpHeaderSize: 8192
DEBUG 2006-02-20 11:20:30,632 org.apache.coyote.http11.Http11AprProtocol
- Attribute maxThreads: 150
DEBUG 2006-02-20 11:20:30,632 org.apache.coyote.http11.Http11AprProtocol
- Attribute minSpareThreads: 25
DEBUG 2006-02-20 11:20:30,632 org.apache.coyote.http11.Http11AprProtocol
- Attribute maxSpareThreads: 75
DEBUG 2006-02-20 11:20:30,632 org.apache.coyote.http11.Http11AprProtocol
- Attribute enableLookups: false
DEBUG 2006-02-20 11:20:30,647 org.apache.coyote.http11.Http11AprProtocol
- Attribute backlog: 100
DEBUG 2006-02-20 11:20:30,647 org.apache.coyote.http11.Http11AprProtocol
- Attribute secure: true
DEBUG 2006-02-20 11:20:30,647 org.apache.coyote.http11.Http11AprProtocol
- Attribute clientauth: false
DEBUG 2006-02-20 11:20:30,647 org.apache.coyote.http11.Http11AprProtocol
- Attribute secure: true
DEBUG 2006-02-20 11:20:30,647 org.apache.coyote.http11.Http11AprProtocol
- Attribute protocol: TLS
DEBUG 2006-02-20 11:20:30,647 org.apache.coyote.http11.Http11AprProtocol
- Attribute keystore: C:\Program Files\Apache Software Foundation\Tomcat
5.5\conf\ssl_keystore
DEBUG 2006-02-20 11:20:30,647 org.apache.coyote.http11.Http11AprProtocol
- Attribute keypass: XXX
DEBUG 2006-02-20 11:20:30,647 org.apache.coyote.http11.Http11AprProtocol
- Attribute keytype: JKS
INFO 2006-02-20 11:20:30,975 org.apache.catalina.realm.JAASRealm -
Setting useContextClassLoader = false
DEBUG 2006-02-20 11:20:30,975 org.apache.catalina.core.ContainerBase -
Add child StandardContext[] StandardHost[eaglesnest-test.cornerstone.edu]
DEBUG 2006-02-20 11:20:30,991 org.apache.catalina.core.ContainerBase -
Add child StandardHost[eaglesnest-test.cornerstone.edu]
StandardEngine[Catalina]
DEBUG 2006-02-20 11:20:31,179 org.apache.catalina.connector.Connector -
Creating name for connector Catalina:type=Connector,port=443
DEBUG 2006-02-20 11:20:31,179 org.apache.coyote.http11.Http11AprProtocol
- Attribute jkHome: C:\Program Files\Apache Software Foundation\Tomcat 5.5
INFO 2006-02-20 11:20:31,194 org.apache.coyote.http11.Http11AprProtocol
- Initializing Coyote HTTP/1.1 on http-443
INFO 2006-02-20 11:20:31,194 org.apache.catalina.startup.Catalina -
Initialization processed in 1781 ms
...
--
Dave Brondsema
Software Developer
Cornerstone University
Re: scheme="https" not working?
Posted by Dave Brondsema <da...@brondsema.net>.
Markus Schönhaber wrote:
> Dave Brondsema wrote:
>> I'm using Tomcat 5.5.15 on Windows 2000. I have this connector:
>> <Connector scheme="https" port="443" maxHttpHeaderSize="8192"
>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>> enableLookups="false" disableUploadTimeout="true"
>> acceptCount="100" secure="true"
>> clientAuth="false" sslProtocol="TLS"
>> keystoreFile="C:\Program Files\Apache Software
>> Foundation\Tomcat 5.5\conf\ssl_keystore" keystorePass="XXX"
>> keystoreType="JKS"/>
>>
>> I can access
>> http://eaglesnest-test.cornerstone.edu:443/manager/html
>> but I get no response when attempting to access
>> https://eaglesnest-test.cornerstone.edu:443/manager/html
>>
>> Somehow it's running unsecured but still on port 443.
>>
>> What's happening?
>>
>>
>> Here are the logfiles:
>>
>> DEBUG 2006-02-20 11:20:29,288 org.apache.catalina.startup.Embedded -
>> Setting naming prefix=org.apache.naming
>> DEBUG 2006-02-20 11:20:29,413 org.apache.catalina.startup.Catalina -
>> Digester for server.xml created 125
>> DEBUG 2006-02-20 11:20:30,600 org.apache.coyote.http11.Http11AprProtocol
>> - Attribute soLinger: -1
>
> [...]
>
> Since you're using APR, you have to configure your <Connector> the APR way:
> http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
> AFAIK you can't use the Java keystore with APR but have to use certificates.
>
> As an alternative: don't use APR and keep your configuration as-is.
>
Thanks, that worked. But shouldn't there be errors or warnings if I'm
using Java keystore attributes (e.g. keystoreFile) with APR?
--
Dave Brondsema
Software Developer
Cornerstone University
Re: scheme="https" not working?
Posted by Markus Schönhaber <ma...@schoenhaber.de>.
Dave Brondsema wrote:
> I'm using Tomcat 5.5.15 on Windows 2000. I have this connector:
> <Connector scheme="https" port="443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" secure="true"
> clientAuth="false" sslProtocol="TLS"
> keystoreFile="C:\Program Files\Apache Software
> Foundation\Tomcat 5.5\conf\ssl_keystore" keystorePass="XXX"
> keystoreType="JKS"/>
>
> I can access
> http://eaglesnest-test.cornerstone.edu:443/manager/html
> but I get no response when attempting to access
> https://eaglesnest-test.cornerstone.edu:443/manager/html
>
> Somehow it's running unsecured but still on port 443.
>
> What's happening?
>
>
> Here are the logfiles:
>
> DEBUG 2006-02-20 11:20:29,288 org.apache.catalina.startup.Embedded -
> Setting naming prefix=org.apache.naming
> DEBUG 2006-02-20 11:20:29,413 org.apache.catalina.startup.Catalina -
> Digester for server.xml created 125
> DEBUG 2006-02-20 11:20:30,600 org.apache.coyote.http11.Http11AprProtocol
> - Attribute soLinger: -1
[...]
Since you're using APR, you have to configure your <Connector> the APR way:
http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
AFAIK you can't use the Java keystore with APR but have to use certificates.
As an alternative: don't use APR and keep your configuration as-is.
Regards
mks
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org