You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dhaval Patel <dh...@yahoo.com> on 2005/11/17 18:36:44 UTC
Tomcat 5.5.12 + APR (Apache Portable Runtime) + SSL (OpenSSL) on Windows
Hello all,
I am trying to configure HTTPS with Tomcat 5.5.12 on Windows XP. I am using J2SE
1.5.0_05. I am a student and I dont have signed certificate. I tried two methods
which are mentioned on Tomcat documentation:
(1) Using .keystore (generated by keytool)
I followed the documentation
(http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html). Generted .keystore, put
it in C:\, configure web.xml and restart the tomcat.
It works as the way it suppose to. When you goto https://localhost:8443, you
will get warning and it's working.
Btw in this way, I am note using APR (Apache Portable Runtime). When I use
those binray, I didnt get it to work. I put openssl.exe and tcnative-1.dll in my
bin directory which I downloaed from website which apache documentation
mentioned. I restarted the tomcat, I can see server status and things look fine
on regular HTTP. But HTTPs does not work. I get request timed out from browser
about https://localhost:8443 and it produces no error message.
Then I read at some place that if you want APR you have do some extra
configuration, which I followed in part 2.
(2) Using OpenSSL.
I installed OpenSSL. I read documentation about how to generate key and
certificate in OpenSSL howto. Then did following:
a) goto c:\Tomcat5.5\bin
b) openssl genrsa -des3 -out privkey.pem 2048 (generate key)
c) openssl req -new -key privkey.pem -out cert.csr (genrate certificate request)
d) openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 (create
self signed certificate)
e) followed APR config guide from tomcat 5.5 documentations.
f) restart the tomcat.
g) same error as I get before. request time out and no error in logs.
I dont know how to make it working. I would like to know more about it. APR
documentations says about APR Connectors configuration in which there are http,
https and etc. I believe that is <Connector port="8080" ... />, <Connector
port="8443" ... /> and etc. Am I right? If I am right, then sslProtocol entry in
two documentation (SSL and APR) are getting different entries (TLS vs. TLSv1). I
dont know how to do it.
Does anyone know how to do it using real certificate (signed by Verisign or
something)? Does anyone know how to make it work with self signed certificate?
Thank you in advance.
Regards,
Dhaval
P.S. Forgive me for writing long, but I want to explain everything is full
details. Thanks.
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.12 + APR (Apache Portable Runtime) + SSL (OpenSSL) on Windows
Posted by Remy Maucherat <re...@gmail.com>.
On 11/17/05, Dhaval Patel <dh...@yahoo.com> wrote:
> Thanks for your response Remy. But I didnt quite get it. I need help configuring
> SSL with Tomcat on Windows XP. I read the documentation that I found. I could not
> solve the problem that's why I posted on forum. I wrote what I did. How a newbie
> knows what is irrelevant and what is not.
I think it is quite evident that the connector configuration in
server.xml is important.
--
xxxxxxxxxxxxxxxxxxxxxxxxx
Rémy Maucherat
Developer & Consultant
JBoss Group (Europe) SàRL
xxxxxxxxxxxxxxxxxxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.12 + APR (Apache Portable Runtime) + SSL (OpenSSL) on Windows
Posted by Dhaval Patel <dh...@yahoo.com>.
Thanks for your response Remy. But I didnt quite get it. I need help configuring
SSL with Tomcat on Windows XP. I read the documentation that I found. I could not
solve the problem that's why I posted on forum. I wrote what I did. How a newbie
knows what is irrelevant and what is not.
Thanks anyway.
Regards,
Dhaval
--- Remy Maucherat <re...@gmail.com> wrote:
> On 11/17/05, Dhaval Patel <dh...@yahoo.com> wrote:
> > Hello all,
> >
> > Then I read at some place that if you want APR you have do some extra
> > configuration, which I followed in part 2.
> >
> > (2) Using OpenSSL.
> >
> > I installed OpenSSL. I read documentation about how to generate key and
> > certificate in OpenSSL howto. Then did following:
> >
> > a) goto c:\Tomcat5.5\bin
> > b) openssl genrsa -des3 -out privkey.pem 2048 (generate key)
> > c) openssl req -new -key privkey.pem -out cert.csr (genrate certificate
> request)
> > d) openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 (create
> > self signed certificate)
> > e) followed APR config guide from tomcat 5.5 documentations.
> > f) restart the tomcat.
> > g) same error as I get before. request time out and no error in logs.
> >
> > I dont know how to make it working. I would like to know more about it.
> APR
> > documentations says about APR Connectors configuration in which there are
> http,
> > https and etc. I believe that is <Connector port="8080" ... />, <Connector
> > port="8443" ... /> and etc. Am I right? If I am right, then sslProtocol entry
> in
> > two documentation (SSL and APR) are getting different entries (TLS vs.
> TLSv1). I
> > dont know how to do it.
> >
> > Does anyone know how to do it using real certificate (signed by Verisign
> or
> > something)? Does anyone know how to make it work with self signed
> certificate?
> >
> > Thank you in advance.
> >
> >
> > Regards,
> > Dhaval
> >
> > P.S. Forgive me for writing long, but I want to explain everything is full
> > details. Thanks.
>
> I suppose giving the Connector element is an irrelevant detail (since
> you read the APR page, you probably noticed the attributes were not
> the same as for JSSE, as they resemble the ones used for mod_ssl) ;)
>
> --
> xxxxxxxxxxxxxxxxxxxxxxxxx
> Rémy Maucherat
> Developer & Consultant
> JBoss Group (Europe) SàRL
> xxxxxxxxxxxxxxxxxxxxxxxxx
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.12 + APR (Apache Portable Runtime) + SSL (OpenSSL) on Windows
Posted by Remy Maucherat <re...@gmail.com>.
On 11/17/05, Dhaval Patel <dh...@yahoo.com> wrote:
> Hello all,
>
> Then I read at some place that if you want APR you have do some extra
> configuration, which I followed in part 2.
>
> (2) Using OpenSSL.
>
> I installed OpenSSL. I read documentation about how to generate key and
> certificate in OpenSSL howto. Then did following:
>
> a) goto c:\Tomcat5.5\bin
> b) openssl genrsa -des3 -out privkey.pem 2048 (generate key)
> c) openssl req -new -key privkey.pem -out cert.csr (genrate certificate request)
> d) openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 (create
> self signed certificate)
> e) followed APR config guide from tomcat 5.5 documentations.
> f) restart the tomcat.
> g) same error as I get before. request time out and no error in logs.
>
> I dont know how to make it working. I would like to know more about it. APR
> documentations says about APR Connectors configuration in which there are http,
> https and etc. I believe that is <Connector port="8080" ... />, <Connector
> port="8443" ... /> and etc. Am I right? If I am right, then sslProtocol entry in
> two documentation (SSL and APR) are getting different entries (TLS vs. TLSv1). I
> dont know how to do it.
>
> Does anyone know how to do it using real certificate (signed by Verisign or
> something)? Does anyone know how to make it work with self signed certificate?
>
> Thank you in advance.
>
>
> Regards,
> Dhaval
>
> P.S. Forgive me for writing long, but I want to explain everything is full
> details. Thanks.
I suppose giving the Connector element is an irrelevant detail (since
you read the APR page, you probably noticed the attributes were not
the same as for JSSE, as they resemble the ones used for mod_ssl) ;)
--
xxxxxxxxxxxxxxxxxxxxxxxxx
Rémy Maucherat
Developer & Consultant
JBoss Group (Europe) SàRL
xxxxxxxxxxxxxxxxxxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org