You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by José Manuel Prada Sierra <pe...@hotmail.com> on 2004/06/14 19:19:51 UTC
combine http and https
Hi mariano.
First of all sorry by send my question to your private email, and sorry to
all of tomcat list users.
I have done all you write in your message.
I have j2sdk1.4.1 and j2re1.4.2_04 and it isn't necessary download jsse.
I have create the certificate like you write above, with de password
"changeit".
Mi server.xml is:
<!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="false"
acceptCount="100" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"/>
</Connector>
I think that the problem may be into the server.xml
when I connect to my application with the port 8443, it show me a website
certificate.
I have not sslProtocol, keystorieFile... Are they necessary? If it is true,
what should I do?
Thanks.
<------------------------------------------------------------------------------------------->
Do you have well configured Tomcat's server.xml file for SSL connections ?
For example:
<Connector port="8443" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
keystoreFile="/...../.../Tomcat's SSL File"
keystorePass="........"/>
And well generated certificate necesary for SSL ?:
1. If you are running a 1.3 JVM, download JSSE 1.0.3 (or later) from
http://java.sun.com/products/jsse/ and either make it an installed extension
on the system, or else set an environment variable JSSE_HOME that points at
the directory into which you installed JSSE.
2. Create a certificate keystore by executing the following command:
Windows:%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
Unix:$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
and specify a password value of "changeit".
3. Uncomment the "SSL HTTP/1.1 Connector" entry in
$CATALINA_HOME/conf/server.xml and tweak as necessary.
And, please don't send e-mails to private address, always to Tomcat list
address.
Mariano López
_________________________________________________________________
¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en
MSN Motor. http://motor.msn.es/researchcentre/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: combine http and https
Posted by Mariano <ml...@sescam.org>.
The lines:
keystoreFile="/...../.../Tomcat's SSL File"
keystorePass="........"
are absolutely necessary for connector on port 8443.
Try to set this line with yours values and set connector on port 8443 like i
put in previous message, It must work.
Regards
Mariano López
-----Mensaje original-----
De: José Manuel Prada Sierra [mailto:petinboy@hotmail.com]
Enviado el: lunes, 14 de junio de 2004 19:20
Para: tomcat-user@jakarta.apache.org
Asunto: combine http and https
Hi mariano.
First of all sorry by send my question to your private email, and sorry to
all of tomcat list users.
I have done all you write in your message.
I have j2sdk1.4.1 and j2re1.4.2_04 and it isn't necessary download jsse.
I have create the certificate like you write above, with de password
"changeit".
Mi server.xml is:
<!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="false"
acceptCount="100" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"/>
</Connector>
I think that the problem may be into the server.xml
when I connect to my application with the port 8443, it show me a website
certificate.
I have not sslProtocol, keystorieFile... Are they necessary? If it is true,
what should I do?
Thanks.
<---------------------------------------------------------------------------
---------------->
Do you have well configured Tomcat's server.xml file for SSL connections ?
For example:
<Connector port="8443" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
keystoreFile="/...../.../Tomcat's SSL File"
keystorePass="........"/>
And well generated certificate necesary for SSL ?:
1. If you are running a 1.3 JVM, download JSSE 1.0.3 (or later) from
http://java.sun.com/products/jsse/ and either make it an installed extension
on the system, or else set an environment variable JSSE_HOME that points at
the directory into which you installed JSSE.
2. Create a certificate keystore by executing the following command:
Windows:%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
Unix:$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
and specify a password value of "changeit".
3. Uncomment the "SSL HTTP/1.1 Connector" entry in
$CATALINA_HOME/conf/server.xml and tweak as necessary.
And, please don't send e-mails to private address, always to Tomcat list
address.
Mariano López
_________________________________________________________________
¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en
MSN Motor. http://motor.msn.es/researchcentre/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org