You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Daniel Blumenthal <da...@wordchamp.com> on 2008/02/21 08:52:10 UTC
setting up SSL
I'm having a real problem getting SSL working with Tomcat. Back when I was
using Apache and mod_jk2, I had SSL working with Tomcat. But now that I've
switched to just using Tomcat, I can't seem to get it to work. I'm using
Linux (Fedora Core 5) and Tomcat 5.5.26. I've reverted to a clean version
of Tomcat. I create a keystore using the following command:
% keytool -genkey -alias tomcat -keyalg RSA -keystore temp.kdb
(password = "changeit")
% cp temp.kdb /usr/local/tomcat/conf
I then edit server.xml, uncommenting the extra controller, and changing the
ports to 80 and 443. Finally, I add the following lines to the https
connector:
keystoreFile="/usr/local/tomcat/conf/temp.kdb"
keystorePass="changeit"
After restarting Tomcat, I am able to connect to http://localhost and
http://localhost:443, but any attempt to get to https://localhost just hangs
until the browser times out. Catalina.out doesn't list any errors, and in
fact says that:
Feb 21, 2008 2:24:31 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-80
Feb 21, 2008 2:24:31 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-443
Any ideas? Is it possible that Tomcat isn't able to find the openssl
libraries (or something?). I'm really tearing my hair out here - any help
would be greatly appreciated.
Thanks!
Daniel
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: setting up SSL
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Daniel Blumenthal [mailto:daniel@wordchamp.com]
> Subject: RE: setting up SSL
>
> Except Tomcat is taking over a minute to initialize.
Another topic frequently discussed. Search the archives for random SSL
APR:
http://marc.info/?l=tomcat-user&w=2&r=1&s=random+SSL+APR&q=b
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: setting up SSL
Posted by Daniel Blumenthal <da...@wordchamp.com>.
Ah, never mind - it looks like this only happens the first time.
> -----Original Message-----
> From: Daniel Blumenthal [mailto:daniel@wordchamp.com]
> Sent: Thursday, February 21, 2008 11:17 AM
> To: 'Tomcat Users List'
> Subject: RE: setting up SSL
>
> Thanks! This is exactly what I needed. I've followed the
> instructions (creating a simple certificate, and self-signing
> just for testing purposes), and things are working... Except
> Tomcat is taking over a minute to initialize. Is this normal?
>
>
>
> > -----Original Message-----
> > From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
> > Sent: Thursday, February 21, 2008 9:09 AM
> > To: Tomcat Users List
> > Subject: RE: setting up SSL
> >
> > > From: Daniel Blumenthal [mailto:daniel@wordchamp.com]
> > > Subject: setting up SSL
> > >
> > > Any ideas? Is it possible that Tomcat isn't able to find
> > the openssl
> > > libraries (or something?).
> >
> > Did you read the doc for using SSL with APR? Did you
> ignore the big
> > bold message at the top of the normal SSL doc:
> >
> > "IMPORTANT NOTE: This Howto refers to usage of JSSE. When
> using APR,
> > Tomcat will use OpenSSL, which uses a different configuration."
> >
> > You can either remove APR, or follow the doc for SSL with APR:
> > http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
> >
> > - Chuck
> >
> >
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> > PROPRIETARY MATERIAL and is thus for use only by the intended
> > recipient. If you received this in error, please contact the sender
> > and delete the e-mail and its attachments from all computers.
> >
> >
> ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org To
> unsubscribe,
> > e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org To
> unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: setting up SSL
Posted by Daniel Blumenthal <da...@wordchamp.com>.
Thanks! This is exactly what I needed. I've followed the instructions
(creating a simple certificate, and self-signing just for testing purposes),
and things are working... Except Tomcat is taking over a minute to
initialize. Is this normal?
> -----Original Message-----
> From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
> Sent: Thursday, February 21, 2008 9:09 AM
> To: Tomcat Users List
> Subject: RE: setting up SSL
>
> > From: Daniel Blumenthal [mailto:daniel@wordchamp.com]
> > Subject: setting up SSL
> >
> > Any ideas? Is it possible that Tomcat isn't able to find
> the openssl
> > libraries (or something?).
>
> Did you read the doc for using SSL with APR? Did you ignore
> the big bold message at the top of the normal SSL doc:
>
> "IMPORTANT NOTE: This Howto refers to usage of JSSE. When
> using APR, Tomcat will use OpenSSL, which uses a different
> configuration."
>
> You can either remove APR, or follow the doc for SSL with APR:
> http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> PROPRIETARY MATERIAL and is thus for use only by the intended
> recipient. If you received this in error, please contact the
> sender and delete the e-mail and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org To
> unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: setting up SSL
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Daniel Blumenthal [mailto:daniel@wordchamp.com]
> Subject: setting up SSL
>
> Any ideas? Is it possible that Tomcat isn't able to find the openssl
> libraries (or something?).
Did you read the doc for using SSL with APR? Did you ignore the big
bold message at the top of the normal SSL doc:
"IMPORTANT NOTE: This Howto refers to usage of JSSE. When using APR,
Tomcat will use OpenSSL, which uses a different configuration."
You can either remove APR, or follow the doc for SSL with APR:
http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org