You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Bill <qb...@gmail.com> on 2023/09/22 17:25:53 UTC

SSL Cert install help.

Hello All,
     I may have started my SSL Cert install & config at step 2 instead of
step 1... :-(

Basically I have created my key store, my p12 file and have my cert all in
a sub directory of the conf directory.

I have updated the server xml with my connectors per online directions.
Yet my SSL (https) cert/site doesn't work.

The catalina logs do not provide a whole lot of help for me as a TC novice.
I did see this in the log:

(org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The Apache
Tomcat Native library which allows using OpenSSL was not found on the
java.library.path: [/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib])

but I'm pretty sure I didn't install native, but the regular version of TC.
So my question is, was I supposed to install or turn something on before
beginning the process of key store and p12 file and connector configuration?
If yes, what ?
Thanks for any help. B

Re: SSL Cert install help.

Posted by Christopher Schultz <ch...@christopherschultz.net>.

Bill,

On 9/22/23 13:25, Bill wrote:
> Hello All,
>       I may have started my SSL Cert install & config at step 2 instead of
> step 1... :-(

Most mistakes are recoverable :)

> Basically I have created my key store, my p12 file and have my cert all in
> a sub directory of the conf directory.

All of those things are usually in the same file. What files do you 
actually have, and what is in each of them, specifically? If you have a 
keystore of any kind (including p12 files), post the output of:

$  keytool -list -keystore [filename]

> I have updated the server xml with my connectors per online directions.
> Yet my SSL (https) cert/site doesn't work.

Can you please post your <Connector> configuration, replacing any secrets?

Also, what do you mean "doesn't work"? Tomcat does not start? 
Connections are refused? Browser doesn't like server's cert? Can't 
complete handshake?

> The catalina logs do not provide a whole lot of help for me as a TC novice.
> I did see this in the log:
> 
> (org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The Apache
> Tomcat Native library which allows using OpenSSL was not found on the
> java.library.path: [/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib])

This is a warning. If you don't intend to use tcnative, you can disable 
the AprLifecycleListener and it will no longer emit that message.

> but I'm pretty sure I didn't install native, but the regular version of TC.

The "native" connector is just a Connector, not all of Tomcat. The 
"regular" version of Tomcat supports several types of connectors, the 
"native" one included.

> So my question is, was I supposed to install or turn something on before
> beginning the process of key store and p12 file and connector configuration?

No, if you have your keystore in order and refer to it properly in the 
config then that's all you should need.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org