You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Jeffrey C. Baldwin" <Je...@ncmail.net> on 2007/07/26 19:24:29 UTC
Tomcat 5.0.28 - SSL Setup
Hello All,
I'm in a bit of a pinch here. Just had an old Solaris server fail that
housed our TomCat environment and now I'm trying to put the pieces back
together on a new server. I have a few of the applications up and
running.. but now I've run into an app that wants to run over ssl and
I'm having a hard time getting it to work.
Environment: Tomcat 5.0.28 running on CentOS 5
I am including my server.xml below.
I have already generated my certificate after reading this document and
put the cert into /usr/local/tomcat:
http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
Can someone please advice me on how to get ssl up and running on port 8443?
<?xml version='1.0' encoding='utf-8'?>
<Server>
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<GlobalNamingResources>
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<Resource auth="Container" description="User database that can be
updated and saved" name="UserDatabase"
type="org.apache.catalina.UserDatabase"/>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" port="8080" redirectPort="8443"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25">
</Connector>
<Connector port="8009" protocol="AJP/1.3"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"
redirectPort="8443">
</Connector>
<Engine defaultHost="localhost" name="Catalina">
<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false" />
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true" />
</Host>
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt" timestamp="true"/>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>
</Engine>
</Service>
</Server>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.0.28 - SSL Setup
Posted by "Jeffrey C. Baldwin" <Je...@ncmail.net>.
Lyallex,
That worked! Thank you! I had copied and pasted from the TomCat SSL
HowTo, but that didn't work...
I appreciate your time! Now, on to other TomCat problems.... this
server failure is killing me!
-jeff
Lyallex wrote:
> The first thing that strikes me is that you have not defined a
> connector for
> port 8443, here's one of mine (Tomcat 5.5.23)
>
> <Connector port="8443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="false" keystoreFile="..." sslProtocol="TLS" />
>
> I think you probably need this because (at the very least) you have
> 'redirectPort="8443"' in your non ssl Connector config
>
> Rgds
> Duncan
>
> On 7/26/07, Jeffrey C. Baldwin <Je...@ncmail.net> wrote:
>> Hello All,
>>
>> I'm in a bit of a pinch here. Just had an old Solaris server fail that
>> housed our TomCat environment and now I'm trying to put the pieces back
>> together on a new server. I have a few of the applications up and
>> running.. but now I've run into an app that wants to run over ssl and
>> I'm having a hard time getting it to work.
>>
>> Environment: Tomcat 5.0.28 running on CentOS 5
>>
>> I am including my server.xml below.
>>
>> I have already generated my certificate after reading this document and
>> put the cert into /usr/local/tomcat:
>> http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
>>
>> Can someone please advice me on how to get ssl up and running on
>> port 8443?
>>
>> <?xml version='1.0' encoding='utf-8'?>
>> <Server>
>> <Listener
>> className="org.apache.catalina.mbeans.ServerLifecycleListener"/>
>> <Listener
>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
>>
>> <GlobalNamingResources>
>> <Environment name="simpleValue" type="java.lang.Integer"
>> value="30"/>
>> <Resource auth="Container" description="User database that can be
>> updated and saved" name="UserDatabase"
>> type="org.apache.catalina.UserDatabase"/>
>> <ResourceParams name="UserDatabase">
>> <parameter>
>> <name>factory</name>
>>
>> <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
>> </parameter>
>> <parameter>
>> <name>pathname</name>
>> <value>conf/tomcat-users.xml</value>
>> </parameter>
>> </ResourceParams>
>> </GlobalNamingResources>
>> <Service name="Catalina">
>> <Connector acceptCount="100" connectionTimeout="20000"
>> disableUploadTimeout="true" port="8080" redirectPort="8443"
>> maxSpareThreads="75" maxThreads="150" minSpareThreads="25">
>> </Connector>
>> <Connector port="8009" protocol="AJP/1.3"
>> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"
>> redirectPort="8443">
>> </Connector>
>> <Engine defaultHost="localhost" name="Catalina">
>> <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true"
>> autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>> directory="logs" prefix="localhost_access_log." suffix=".txt"
>> pattern="common" resolveHosts="false" />
>> <Logger className="org.apache.catalina.logger.FileLogger"
>> directory="logs" prefix="localhost_log." suffix=".txt"
>> timestamp="true" />
>> </Host>
>> <Logger className="org.apache.catalina.logger.FileLogger"
>> prefix="catalina_log." suffix=".txt" timestamp="true"/>
>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>
>> </Engine>
>> </Service>
>> </Server>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.0.28 - SSL Setup
Posted by Lyallex <ly...@gmail.com>.
The first thing that strikes me is that you have not defined a connector for
port 8443, here's one of mine (Tomcat 5.5.23)
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" keystoreFile="..." sslProtocol="TLS" />
I think you probably need this because (at the very least) you have
'redirectPort="8443"' in your non ssl Connector config
Rgds
Duncan
On 7/26/07, Jeffrey C. Baldwin <Je...@ncmail.net> wrote:
> Hello All,
>
> I'm in a bit of a pinch here. Just had an old Solaris server fail that
> housed our TomCat environment and now I'm trying to put the pieces back
> together on a new server. I have a few of the applications up and
> running.. but now I've run into an app that wants to run over ssl and
> I'm having a hard time getting it to work.
>
> Environment: Tomcat 5.0.28 running on CentOS 5
>
> I am including my server.xml below.
>
> I have already generated my certificate after reading this document and
> put the cert into /usr/local/tomcat:
> http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
>
> Can someone please advice me on how to get ssl up and running on port 8443?
>
> <?xml version='1.0' encoding='utf-8'?>
> <Server>
> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/>
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
> <GlobalNamingResources>
> <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
> <Resource auth="Container" description="User database that can be
> updated and saved" name="UserDatabase"
> type="org.apache.catalina.UserDatabase"/>
> <ResourceParams name="UserDatabase">
> <parameter>
> <name>factory</name>
> <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
> </parameter>
> <parameter>
> <name>pathname</name>
> <value>conf/tomcat-users.xml</value>
> </parameter>
> </ResourceParams>
> </GlobalNamingResources>
> <Service name="Catalina">
> <Connector acceptCount="100" connectionTimeout="20000"
> disableUploadTimeout="true" port="8080" redirectPort="8443"
> maxSpareThreads="75" maxThreads="150" minSpareThreads="25">
> </Connector>
> <Connector port="8009" protocol="AJP/1.3"
> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"
> redirectPort="8443">
> </Connector>
> <Engine defaultHost="localhost" name="Catalina">
> <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true"
> autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs" prefix="localhost_access_log." suffix=".txt"
> pattern="common" resolveHosts="false" />
> <Logger className="org.apache.catalina.logger.FileLogger"
> directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true" />
> </Host>
> <Logger className="org.apache.catalina.logger.FileLogger"
> prefix="catalina_log." suffix=".txt" timestamp="true"/>
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>
> </Engine>
> </Service>
> </Server>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org