You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jana Nguyen <ja...@gmail.com> on 2006/04/15 00:13:58 UTC

help using SSL with Tomcat error no server.pem?

Hi there,

I've posted my issues not being able to connect using tomcat with ssl
using port 8443 some days ago, but did not get any response.

I am running Tomcat 5.5 on RH Linux as user 'tomcat', I'm trying to
get tomcat to run on a secure port 8443 instead of 8080.  I
uncommented the "SSL HTTP/1.1 Connector" entry in
$CATALINA_HOME/conf/server.xml and generated a host certificate as
user 'tomcat' :

%keytool -genkey -alias tomcat -keyalg RSA

The .keystore file got generated in the tomcat home
dir at /export/home/tomcat.  After that I restarted the tomcat
container I launch my browser to:

https://<hostname>:8443

I get error "unable to connect to server"

In catalina.out file, error:

Apr 14, 2006 2:49:36 PM
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory init
INFO: Error initializing SocketFactory
java.io.FileNotFoundException: server.pem (No such file or directory)

This is what looks like in my server.xml file at section SSL:

 <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

   <Connector port="8443" maxHttpHeaderSize="8192"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS" />

   <!-- Define an AJP 1.3 Connector on port 8009 -->
   <Connector port="8009"
              enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

Any help would be appreciated!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: help using SSL with Tomcat error no server.pem?

Posted by Bill Barker <wb...@wilshire.com>.

You are using the PureTLS flavor of the SSL Connector.  This one expects 
something closer to an OpenSSL style keystore (which defaults to 
'server.pem' if not specified) with the private key and cert PEM encoded in 
the same text file.  In particular, it doesn't use a JKS keystore.

Assuming that you meant to use PureTLS, you should consult the PureTLS docs 
for more information on what it needs.  It seems that the PureTLS examples 
got left out of the TC 5 docs.  There is some documentation at 
http://tomcat.apache.org/tomcat-3.3-doc/tomcat-ssl-howto.html#s6, that while 
it's for Tomcat 3, the configuration attributes are the same as for TC 5 
(since TC 5 PureTLS support is a port of the TC 3 version :).  In 
particular, it's 'clientauth' not 'clientAuth'.

If you meant to use JSSE, then either remove the PureTLS jar from the 
classpath, or (e.g. it's an installed extension needed for other apps), add 
the attribute to your <Connector /> tag:
   sSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation"
which will override Tomcat's preference for PureTLS if found.  Even so, you 
need to go back and read 
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html since from below you 
haven't finished setting up your keystore.

"Jana Nguyen" <ja...@gmail.com> wrote in message 
news:1b7c7e3b0604141513m1692fbedu1980ed28566c4ee5@mail.gmail.com...
Hi there,

I've posted my issues not being able to connect using tomcat with ssl
using port 8443 some days ago, but did not get any response.

I am running Tomcat 5.5 on RH Linux as user 'tomcat', I'm trying to
get tomcat to run on a secure port 8443 instead of 8080.  I
uncommented the "SSL HTTP/1.1 Connector" entry in
$CATALINA_HOME/conf/server.xml and generated a host certificate as
user 'tomcat' :

%keytool -genkey -alias tomcat -keyalg RSA

The .keystore file got generated in the tomcat home
dir at /export/home/tomcat.  After that I restarted the tomcat
container I launch my browser to:

https://<hostname>:8443

I get error "unable to connect to server"

In catalina.out file, error:

Apr 14, 2006 2:49:36 PM
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory init
INFO: Error initializing SocketFactory
java.io.FileNotFoundException: server.pem (No such file or directory)

This is what looks like in my server.xml file at section SSL:

 <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

   <Connector port="8443" maxHttpHeaderSize="8192"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS" />

   <!-- Define an AJP 1.3 Connector on port 8009 -->
   <Connector port="8009"
              enableLookups="false" redirectPort="8443" protocol="AJP/1.3" 
/>

Any help would be appreciated! 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org