You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Michael A. Tucker" <mi...@gmail.com> on 2008/11/05 16:29:58 UTC
SSL setup help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm trying to setup SSL on a web app that I have running on a server. I
created my keystore.key file and then uncommented this section in my
server.xml file:
> Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> keystoreFile="${/usr/local/jre1.6.0_06/bin/keystore.key}/.keystore" keystorePass="changeit"
> clientAuth="false" sslProtocol="TLS"
Now when I go to https://localhost:8443/ I get "failed to connect" page
load error. I think I'm not doing something wrong in the server.xml
file, but I'm not sure what. I already have another program running on
443 so could that interfere? I also don't know what APR means in the
SSL doc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJEbv2iSj9VAB3NO8RAkyLAJ0ZhVqiOz0cKuZILoYMYQTjojD8awCfXjHY
pI7vAxr3JZan3Mq87uzrhMU=
=8iED
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL setup help
Posted by Bill Barker <wb...@wilshire.com>.
The entry
keystoreFile="${/usr/local/jre1.6.0_06/bin/keystore.key}/.keystore" is
almost certainly wrong. For this to work, you would have to start Tomcat
with the weird
entry -D/usr/local/jre1.6.0_06/bin/keystore.key=/path/to/my/keystore/keys.
Tomcat does variable substitution when parsing the various config xml files
based on System properties when it sees something like ${variable}. (This is
a Tomcat-specific feature, so you can't count on porting it to another
container).
"Michael A. Tucker" <mi...@gmail.com> wrote in message
news:4911BBF6.80802@gmail.com...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm trying to setup SSL on a web app that I have running on a server. I
> created my keystore.key file and then uncommented this section in my
> server.xml file:
>
>> Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>>
>> keystoreFile="${/usr/local/jre1.6.0_06/bin/keystore.key}/.keystore"
>> keystorePass="changeit"
>> clientAuth="false" sslProtocol="TLS"
>
> Now when I go to https://localhost:8443/ I get "failed to connect" page
> load error. I think I'm not doing something wrong in the server.xml
> file, but I'm not sure what. I already have another program running on
> 443 so could that interfere? I also don't know what APR means in the
> SSL doc.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJEbv2iSj9VAB3NO8RAkyLAJ0ZhVqiOz0cKuZILoYMYQTjojD8awCfXjHY
> pI7vAxr3JZan3Mq87uzrhMU=
> =8iED
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL setup help
Posted by Serge Fonville <se...@gmail.com>.
Hi,
To configure tomcat using SSL on Windows I use:
multi-host tomcat ssl on windows
download and install java 1.5 jdk
set JAVA_HOME to the root of the JDK directory
add JAVA_HOME\bin to the path
install Visual C++ 2008 redistributable
download and install openssl
http://www.openssl.org --> related -->binaries (at the top)
place the files in c:\program files\openssl
set OPENSSL_HOME to c:\program files\openssl
add OPENSSL_HOME\bin to the path
search for an openssl.cnf on google
download and install tomcat
download tomcat and extract to c:\program files\apache software
foundation\tomcat
set CATALINE_HOME to c:\program files\apache software foundation\tomcat
download tomcat native and extract to CATALINA_HOME\bin
add CATALINA_HOME\bin to the path
set CLASSPATH to
.;%CATALINA_HOME%\libservlet-api.jar;%CATALINA_HOME%\lib\jsp-api.jar
cd %CATALINA_HOME\conf
mkdir ssl
cd ssl
genrsa -aes256 -out key.pem 8192
Enter pass phrase for key.pem: proactix
req -new -key key.pem -sha1 -x509 -out cert.pem
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="443"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="${catalina.home}/conf/ssl/cert.pem"
SSLCertificateKeyFile="${catalina.home}/conf/ssl/key.pem"
SSLPassword="proactix"
sslProtocol="TLSv1"/>
The same should be similar on Linux
Regards,
Serge Fonville
On Wed, Nov 5, 2008 at 4:29 PM, Michael A. Tucker <
michael.adam.tucker@gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm trying to setup SSL on a web app that I have running on a server. I
> created my keystore.key file and then uncommented this section in my
> server.xml file:
>
> > Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> > maxThreads="150" scheme="https" secure="true"
> >
> keystoreFile="${/usr/local/jre1.6.0_06/bin/keystore.key}/.keystore"
> keystorePass="changeit"
> > clientAuth="false" sslProtocol="TLS"
>
> Now when I go to https://localhost:8443/ I get "failed to connect" page
> load error. I think I'm not doing something wrong in the server.xml
> file, but I'm not sure what. I already have another program running on
> 443 so could that interfere? I also don't know what APR means in the
> SSL doc.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJEbv2iSj9VAB3NO8RAkyLAJ0ZhVqiOz0cKuZILoYMYQTjojD8awCfXjHY
> pI7vAxr3JZan3Mq87uzrhMU=
> =8iED
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>