You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Zama Ques <qu...@yahoo.in> on 2014/11/28 09:46:38 UTC
Self signed certificate not working for tomcat 6
|
down votefavorite | I am trying to configure self signed certificate for our tomcat server. For that initially I created the keystore certificate file using keytool .The command I tried for this iskeytool -genkey -alias example -keyalg RSA -keystore /home/zaman/certs/keystorefile.key
chmod 600 /home/zaman/certs/keystorefile.key
$ ls -l /home/zaman/certs/keystorefile.key
-rw-r--r-- 1 zaman zaman 1329 Nov 27 15:51 /home/ssdg/certs/keystorefile.key
Then uncommneted the SSL connector tag in server.xml to add reference to keystore file
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" keystoreFile="/home/zaman/certs/keystorefile.key" keystorePass="test123"
clientAuth="false" sslProtocol="TLS" />
After this I restarted tomcat server , but cannot access tomcat link (https://localhost:8443) using https. Nothing is seen in log file .$ netstat -apn | grep 8443
tcp 0 0 :::8443 :::* LISTEN 25759/java
What I am missing to make https work for tomcat using self signed certificate?Please suggest
ThanksZaman |
Re: Self signed certificate not working for tomcat 6
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Zama,
Whoops, just realized this was a 4-month old thread. It looked new to
me :)
Anyhow, I hope me response helps... 4 months late.
- -chris
On 1/19/15 10:37 AM, Christopher Schultz wrote:
> Zama,
>
> On 11/28/14 3:46 AM, Zama Ques wrote:
>> I am trying to configure self signed certificate for our tomcat
>> server. For that initially I created the keystore certificate
>> file using keytool .The command I tried for this is:
>
>> keytool -genkey -alias example -keyalg RSA \ -keystore
>> /home/zaman/certs/keystorefile.key
>
>> chmod 600 /home/zaman/certs/keystorefile.key
>
> Set the execute bit for a keystore? Odd. If it were me, I'd have
> the mode set to 0440, depending upon the user/group overlap of the
> Tomcat server process.
>
>> $ ls -l /home/zaman/certs/keystorefile.key -rw-r--r-- 1 zaman
>> zaman 1329 Nov 27 15:51 /home/ssdg/certs/keystorefile.key
>
> That's not mode 600. That's also not
> /home/zaman/certs/keystorefile.key. Is the keystore really 4 months
> old? Something is not right, here.
>
>> Then un-commented the SSL connector tag in server.xml to add
>> reference to keystore file:
>
>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> keystoreFile="/home/zaman/certs/keystorefile.key"
>> keystorePass="test123" clientAuth="false" sslProtocol="TLS" />
>
>> After this I restarted tomcat server , but cannot access tomcat
>> link (https://localhost:8443) using https. Nothing is seen in
>> log file.
>
>> $ > netstat -apn | grep 8443 tcp 0 0 :::8443 :::*
>> LISTEN 25759/java
>
>> What I am missing to make https work for tomcat using self
>> signed certificate?
>
> How do you try to connect? What message do you get? Is there
> *nothing at all* in the Tomcat log? There should be messages about
> starting connectors, etc.
>
> What is in your keystore?
>
> $ keytool -list -keystore /home/zaman/certs/keystorefile.key
>
> -chris
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUvSVOAAoJEBzwKT+lPKRYa2kP/0a+anuUMshzh6L3oKB3VH50
X5pScU3LdsYSrlEBF+onwEAp677d5HlrRHi7Ek0tMHYwUgGduZKixkfB/a7iTFF1
WaJyvp1m7KQw0Rpk1oTSFRz875y8fF3en3Wet4AAHSxhEXKEwDXwkiaA45bcN8b5
vbZU7KfskrNdCcUWr3JDhN8VHOe7egBrpkB+CsVuitkV/VzcbGjfAN30MmtJ4PAM
yL6+GdBK6yoVRV8bC+/DpSKaaNNdNnyUm3HY1fJXKJRMKmpubKoB/birmeVqkYlE
Sim7kmwoQwAqF3tfFNQGwzQ0pTVcu+xdgxxQf2dEs2rPuPJTiGXMIWho/yU5dCR4
A2t4+1jXc6u00qTKebbnJu3PMmTowIhOjI9CkxofOgyeifeH/hnG79V6Z5qQZp7s
4/if6POp3bemrZRrbDO5qUrjC7t1m9RuLWAMIqvy6KXKaOewIjfZ8leev/dgSkmC
9HkJiaTQMrqOUsP5w7JCqhP6+m5q2mBadmvDdQCIN0D3V7/2cFOxJ3OYzNXrDX2b
eYRQJGIYsiyfCKyDeofKrwOW8sLrrxK6OKM7RAji/whJI5bosrtbA3nOUOlKP3Rf
dF8ED8xS2cpaMIpa/QfJa4Gc26KrwXhoJQ9hAUEw1LIZVDYuK7IsoIE7z7/b9j7t
hDy0ev7PK7G08oGtYRkA
=Lyzq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Self signed certificate not working for tomcat 6
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Zama,
On 11/28/14 3:46 AM, Zama Ques wrote:
> I am trying to configure self signed certificate for our tomcat
> server. For that initially I created the keystore certificate file
> using keytool .The command I tried for this is:
> keytool -genkey -alias example -keyalg RSA \ -keystore
> /home/zaman/certs/keystorefile.key
>
> chmod 600 /home/zaman/certs/keystorefile.key
Set the execute bit for a keystore? Odd. If it were me, I'd have the
mode set to 0440, depending upon the user/group overlap of the Tomcat
server process.
> $ ls -l /home/zaman/certs/keystorefile.key -rw-r--r-- 1 zaman zaman
> 1329 Nov 27 15:51 /home/ssdg/certs/keystorefile.key
That's not mode 600.
That's also not /home/zaman/certs/keystorefile.key.
Is the keystore really 4 months old?
Something is not right, here.
> Then un-commented the SSL connector tag in server.xml to add
> reference to keystore file:
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> keystoreFile="/home/zaman/certs/keystorefile.key"
> keystorePass="test123" clientAuth="false" sslProtocol="TLS" />
>
> After this I restarted tomcat server , but cannot access tomcat
> link (https://localhost:8443) using https. Nothing is seen in log
> file.
>
> $ > netstat -apn | grep 8443 tcp 0 0 :::8443
> :::* LISTEN 25759/java
>
> What I am missing to make https work for tomcat using self signed
> certificate?
How do you try to connect? What message do you get? Is there *nothing
at all* in the Tomcat log? There should be messages about starting
connectors, etc.
What is in your keystore?
$ keytool -list -keystore /home/zaman/certs/keystorefile.key
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUvSTVAAoJEBzwKT+lPKRYd68P/01Hz4kS5zlfsuRXgazMYmo1
rxDV6C+LZDQJJ+p5jcmmzcoOSexmKiRA4EkQHWacfSNKg3oizTtQ9Y1wliBvlGxg
sDeAgXjxyyQpqmkzuiHXVsQFjn9VoTOkq+g9Yd0iJERMQ0abmkdrAblXXGLPVxxh
85lnSpDmz8a34S1QayW4JpvjJMvA+dUoUCKTTIquE/ruAS/MnusjcXNeec1zyE4o
eOAYj3qyw2E2UHL6/Iaprp1BckgMxiXUHHB+hbCwHe9NGjr9ybD96Ov0jYkC6lmh
6RjNR9ZHXfghEOZgNcSB3JNldYqiatA9kmqcHoRXf3RMUsSR+hV2n2wLYp9GjNCH
CTF1R9bRcBTZNauU6xhAF7QkVqhqqhBJ0HgBJuGl6xsuKUHEe1QNx4gJgrMN6HE6
uAIRwk7J32IWGqiSGgdVA4PgtwTbasvm33WGAE7HTzED0FaiyscEr50gjocXNQ3W
hKmLaUr/nITrDhrqoooT/6DVjZ3dvt7KXWI9RT+ueEUTQ/0AfFmrUyNj2gz3bIKH
bG+F4Su2g7imjqwG/PIh3GLchLv0OkPs6RVT5dCeI/KH4AUBnf61OKOp8yZbousD
J/KdQwf2tHNUrc+By1r8886p8X2QQZ2QwFRLT1MOzhRGlfYNMxA4QldsVITY2e5l
6IcfvbK1SRpCIUZWDsZ+
=im07
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org