You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by keyur sheth <ke...@yahoo.com> on 2006/09/07 04:23:45 UTC
Error while converting tomcat container from http to https
Hi everybody,
I am trying to make the tomcat container secure by converting it from http to https. I am using the documentation on the following website.
http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
I had implemented this before by creating the self-signed certificate and it worked. But for converting it to make it trusted I deleted all the files like the .keystore file and created the new .keystore and followed the steps in documentation.
I am implementing the part in which you send the CSR to the CA for gettting the trusted certificate. So I sent the CSR and got the three certificates from the trusted authority. The root certificate, chain certificate and the signed certificate. I imported all the certificate files one by one following the sequence root, chain and signed certificate.
But now there is some error by which I am not able to see the page when I write the URL with https://xxxx.xxx.xxx:8443/gridsphere. But if I give http://xxxx.xxx.xxx:8080/ tomcat is starting and also also http://xxxx.xxx.xxx:8080/gridsphere the gridsphere application is starting. I shutdown the tomcat and also restarted the tomcat by making all these changes. But still it didn't showed up. The error shown is as follows:-
Sep 2, 2006 1:39:14 PM org.apache.coyote.http11.Http11BaseProtocol start
SEVERE: Error starting endpoint
java.io.IOException: Couldn't find private key in this file
at org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.init(PureTLSSocketFactory.java:149)
at org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.createSocket(PureTLSSocketFactory.java:69)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)
at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:149)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:95)
at org.apache.catalina.connector.Connector.start(Connector.java:1089)
at org.apache.catalina.core.StandardService.start(StandardService.java:459)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Sep 2, 2006 1:39:14 PM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: Protocol handler start failed: java.io.IOException: Couldn't find private key in this file
at org.apache.catalina.connector.Connector.start(Connector.java:1091)
at org.apache.catalina.core.StandardService.start(StandardService.java:459)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Can somebody tell me what mistake I am doing. Have anybody faced the same problem before.
Thanking you,
Keyur
---------------------------------
All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.
Re: Error while converting tomcat container from http to https
Posted by annlee <an...@manchester.ac.uk>.
Hi Keyur,
I've just tried this out and it works. You should add the
SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" in
Connector tag in server.xml file that resides under $CATALINA_HOME/conf
directory. So, it should look like this in server.xml
<Connector keystoreFile="/path/to/keystore" keystorePass="keystorepassword"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation"/>
Change the keystoreFile and keystorePass accordingly.
Hope this help.
Ann
Keyu Sheth wrote:
>
> Hi Bill,
>
> Where should I put the sslimplementation tag in the Connector
> tag. Because in the tomcat documentation for SSL this type of tag is not
> there. So can you please elaborate on this. And also give me the correct
> syntax for ssLImplementation.
>
> Keyur
>
> Bill Barker <wb...@wilshire.com> wrote:
> PureTLS doesn't use the standard Java keystore format. Consult the
> PureTLS
> docs for the correct format. Alternatively, specify
> sSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" on
> the element to use JSSE instead of PureTLS.
>
> "keyur sheth" wrote in message
> news:20060907022345.85536.qmail@web32709.mail.mud.yahoo.com...
>> Hi everybody,
>>
>> I am trying to make the tomcat container secure by
>> converting it from http to https. I am using the documentation on the
>> following website.
>> http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
>>
>> I had implemented this before by creating the
>> self-signed certificate and it worked. But for converting it to make it
>> trusted I deleted all the files like the .keystore file and created the
>> new .keystore and followed the steps in documentation.
>>
>> I am implementing the part in which you send the CSR
>> to the CA for gettting the trusted certificate. So I sent the CSR and got
>> the three certificates from the trusted authority. The root certificate,
>> chain certificate and the signed certificate. I imported all the
>> certificate files one by one following the sequence root, chain and
>> signed
>> certificate.
>>
>> But now there is some error by which I am not able to
>> see the page when I write the URL with
>> https://xxxx.xxx.xxx:8443/gridsphere. But if I give
>> http://xxxx.xxx.xxx:8080/ tomcat is starting and also also
>> http://xxxx.xxx.xxx:8080/gridsphere the gridsphere application is
>> starting. I shutdown the tomcat and also restarted the tomcat by making
>> all these changes. But still it didn't showed up. The error shown is as
>> follows:-
>>
>> Sep 2, 2006 1:39:14 PM org.apache.coyote.http11.Http11BaseProtocol start
>> SEVERE: Error starting endpoint
>> java.io.IOException: Couldn't find private key in this file
>> at
>> org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.init(PureTLSSocketFactory.java:149)
>> at
>> org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.createSocket(PureTLSSocketFactory.java:69)
>> at
>> org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
>> at
>> org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)
>> at
>> org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:149)
>> at
>> org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:95)
>> at
>> org.apache.catalina.connector.Connector.start(Connector.java:1089)
>> at
>> org.apache.catalina.core.StandardService.start(StandardService.java:459)
>> at
>> org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
>> at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:585)
>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>> Sep 2, 2006 1:39:14 PM org.apache.catalina.startup.Catalina start
>> SEVERE: Catalina.start:
>> LifecycleException: Protocol handler start failed: java.io.IOException:
>> Couldn't find private key in this file
>> at
>> org.apache.catalina.connector.Connector.start(Connector.java:1091)
>> at
>> org.apache.catalina.core.StandardService.start(StandardService.java:459)
>> at
>> org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
>> at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:585)
>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>>
>>
>> Can somebody tell me what mistake I am doing. Have anybody
>> faced the same problem before.
>>
>> Thanking you,
>> Keyur
>>
>>
>>
>>
>>
>>
>> ---------------------------------
>> All-new Yahoo! Mail - Fire up a more powerful email and get things done
>> faster.
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
> ---------------------------------
> How low will we go? Check out Yahoo! Messengers low PC-to-Phone call
> rates.
>
--
View this message in context: http://www.nabble.com/Error-while-converting-tomcat-container-from-http-to-https-tf2230735.html#a6244765
Sent from the Tomcat - User forum at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Error while converting tomcat container from http to https
Posted by keyur sheth <ke...@yahoo.com>.
Hi Bill,
Where should I put the sslimplementation tag in the Connector tag. Because in the tomcat documentation for SSL this type of tag is not there. So can you please elaborate on this. And also give me the correct syntax for ssLImplementation.
Keyur
Bill Barker <wb...@wilshire.com> wrote:
PureTLS doesn't use the standard Java keystore format. Consult the PureTLS
docs for the correct format. Alternatively, specify
sSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" on
the element to use JSSE instead of PureTLS.
"keyur sheth" wrote in message
news:20060907022345.85536.qmail@web32709.mail.mud.yahoo.com...
> Hi everybody,
>
> I am trying to make the tomcat container secure by
> converting it from http to https. I am using the documentation on the
> following website.
> http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
>
> I had implemented this before by creating the
> self-signed certificate and it worked. But for converting it to make it
> trusted I deleted all the files like the .keystore file and created the
> new .keystore and followed the steps in documentation.
>
> I am implementing the part in which you send the CSR
> to the CA for gettting the trusted certificate. So I sent the CSR and got
> the three certificates from the trusted authority. The root certificate,
> chain certificate and the signed certificate. I imported all the
> certificate files one by one following the sequence root, chain and signed
> certificate.
>
> But now there is some error by which I am not able to
> see the page when I write the URL with
> https://xxxx.xxx.xxx:8443/gridsphere. But if I give
> http://xxxx.xxx.xxx:8080/ tomcat is starting and also also
> http://xxxx.xxx.xxx:8080/gridsphere the gridsphere application is
> starting. I shutdown the tomcat and also restarted the tomcat by making
> all these changes. But still it didn't showed up. The error shown is as
> follows:-
>
> Sep 2, 2006 1:39:14 PM org.apache.coyote.http11.Http11BaseProtocol start
> SEVERE: Error starting endpoint
> java.io.IOException: Couldn't find private key in this file
> at
> org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.init(PureTLSSocketFactory.java:149)
> at
> org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.createSocket(PureTLSSocketFactory.java:69)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)
> at
> org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:149)
> at
> org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:95)
> at
> org.apache.catalina.connector.Connector.start(Connector.java:1089)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:459)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
> Sep 2, 2006 1:39:14 PM org.apache.catalina.startup.Catalina start
> SEVERE: Catalina.start:
> LifecycleException: Protocol handler start failed: java.io.IOException:
> Couldn't find private key in this file
> at
> org.apache.catalina.connector.Connector.start(Connector.java:1091)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:459)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>
>
> Can somebody tell me what mistake I am doing. Have anybody
> faced the same problem before.
>
> Thanking you,
> Keyur
>
>
>
>
>
>
> ---------------------------------
> All-new Yahoo! Mail - Fire up a more powerful email and get things done
> faster.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------
How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates.
Re: Error while converting tomcat container from http to https
Posted by Bill Barker <wb...@wilshire.com>.
PureTLS doesn't use the standard Java keystore format. Consult the PureTLS
docs for the correct format. Alternatively, specify
sSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" on
the <Connector /> element to use JSSE instead of PureTLS.
"keyur sheth" <ke...@yahoo.com> wrote in message
news:20060907022345.85536.qmail@web32709.mail.mud.yahoo.com...
> Hi everybody,
>
> I am trying to make the tomcat container secure by
> converting it from http to https. I am using the documentation on the
> following website.
> http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
>
> I had implemented this before by creating the
> self-signed certificate and it worked. But for converting it to make it
> trusted I deleted all the files like the .keystore file and created the
> new .keystore and followed the steps in documentation.
>
> I am implementing the part in which you send the CSR
> to the CA for gettting the trusted certificate. So I sent the CSR and got
> the three certificates from the trusted authority. The root certificate,
> chain certificate and the signed certificate. I imported all the
> certificate files one by one following the sequence root, chain and signed
> certificate.
>
> But now there is some error by which I am not able to
> see the page when I write the URL with
> https://xxxx.xxx.xxx:8443/gridsphere. But if I give
> http://xxxx.xxx.xxx:8080/ tomcat is starting and also also
> http://xxxx.xxx.xxx:8080/gridsphere the gridsphere application is
> starting. I shutdown the tomcat and also restarted the tomcat by making
> all these changes. But still it didn't showed up. The error shown is as
> follows:-
>
> Sep 2, 2006 1:39:14 PM org.apache.coyote.http11.Http11BaseProtocol start
> SEVERE: Error starting endpoint
> java.io.IOException: Couldn't find private key in this file
> at
> org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.init(PureTLSSocketFactory.java:149)
> at
> org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.createSocket(PureTLSSocketFactory.java:69)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)
> at
> org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:149)
> at
> org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:95)
> at
> org.apache.catalina.connector.Connector.start(Connector.java:1089)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:459)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
> Sep 2, 2006 1:39:14 PM org.apache.catalina.startup.Catalina start
> SEVERE: Catalina.start:
> LifecycleException: Protocol handler start failed: java.io.IOException:
> Couldn't find private key in this file
> at
> org.apache.catalina.connector.Connector.start(Connector.java:1091)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:459)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>
>
> Can somebody tell me what mistake I am doing. Have anybody
> faced the same problem before.
>
> Thanking you,
> Keyur
>
>
>
>
>
>
> ---------------------------------
> All-new Yahoo! Mail - Fire up a more powerful email and get things done
> faster.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org