You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jana Nguyen <ja...@gmail.com> on 2006/04/15 00:13:58 UTC
help using SSL with Tomcat error no server.pem?
Hi there,
I've posted my issues not being able to connect using tomcat with ssl
using port 8443 some days ago, but did not get any response.
I am running Tomcat 5.5 on RH Linux as user 'tomcat', I'm trying to
get tomcat to run on a secure port 8443 instead of 8080. I
uncommented the "SSL HTTP/1.1 Connector" entry in
$CATALINA_HOME/conf/server.xml and generated a host certificate as
user 'tomcat' :
%keytool -genkey -alias tomcat -keyalg RSA
The .keystore file got generated in the tomcat home
dir at /export/home/tomcat. After that I restarted the tomcat
container I launch my browser to:
https://<hostname>:8443
I get error "unable to connect to server"
In catalina.out file, error:
Apr 14, 2006 2:49:36 PM
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory init
INFO: Error initializing SocketFactory
java.io.FileNotFoundException: server.pem (No such file or directory)
This is what looks like in my server.xml file at section SSL:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
Any help would be appreciated!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: help using SSL with Tomcat error no server.pem?
Posted by Bill Barker <wb...@wilshire.com>.
You are using the PureTLS flavor of the SSL Connector. This one expects
something closer to an OpenSSL style keystore (which defaults to
'server.pem' if not specified) with the private key and cert PEM encoded in
the same text file. In particular, it doesn't use a JKS keystore.
Assuming that you meant to use PureTLS, you should consult the PureTLS docs
for more information on what it needs. It seems that the PureTLS examples
got left out of the TC 5 docs. There is some documentation at
http://tomcat.apache.org/tomcat-3.3-doc/tomcat-ssl-howto.html#s6, that while
it's for Tomcat 3, the configuration attributes are the same as for TC 5
(since TC 5 PureTLS support is a port of the TC 3 version :). In
particular, it's 'clientauth' not 'clientAuth'.
If you meant to use JSSE, then either remove the PureTLS jar from the
classpath, or (e.g. it's an installed extension needed for other apps), add
the attribute to your <Connector /> tag:
sSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation"
which will override Tomcat's preference for PureTLS if found. Even so, you
need to go back and read
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html since from below you
haven't finished setting up your keystore.
"Jana Nguyen" <ja...@gmail.com> wrote in message
news:1b7c7e3b0604141513m1692fbedu1980ed28566c4ee5@mail.gmail.com...
Hi there,
I've posted my issues not being able to connect using tomcat with ssl
using port 8443 some days ago, but did not get any response.
I am running Tomcat 5.5 on RH Linux as user 'tomcat', I'm trying to
get tomcat to run on a secure port 8443 instead of 8080. I
uncommented the "SSL HTTP/1.1 Connector" entry in
$CATALINA_HOME/conf/server.xml and generated a host certificate as
user 'tomcat' :
%keytool -genkey -alias tomcat -keyalg RSA
The .keystore file got generated in the tomcat home
dir at /export/home/tomcat. After that I restarted the tomcat
container I launch my browser to:
https://<hostname>:8443
I get error "unable to connect to server"
In catalina.out file, error:
Apr 14, 2006 2:49:36 PM
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory init
INFO: Error initializing SocketFactory
java.io.FileNotFoundException: server.pem (No such file or directory)
This is what looks like in my server.xml file at section SSL:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
/>
Any help would be appreciated!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org