You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Daniel Blumenthal <da...@wordchamp.com> on 2006/11/28 00:21:25 UTC
APR / SSL in 5.5.20
I'm in the process of moving to Tomcat 5.5.20, and I've come across a bit of
a snag. All of the conversion went fine until I started testing the SSL
with APR, and it looks like it needs a different configuration. My old
configuration is:
<Connector
className="org.apache.coyote.tomcat5.CoyoteConnector"
port="443"
minProcessors="5"
maxProcessors="75"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
debug="0"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/usr/local/tomcat/conf/ssl/localhost.kdb"
keystorePass="foobar"
truststoreFile="/usr/java/jdk/jre/lib/security/cacerts"
truststorePass="foobar"
/>
But it doesn't connect with this. The documentation says that you should
have something like this:
<Connector
port="443"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
SSLEngine="on"
SSLCertificateFile="${catalina.base}/conf/localhost.crt"
SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
I can export the .crt file from the .kdb file, but how do I get the "key"
file?
Best,
Daniel
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: APR / SSL in 5.5.20
Posted by Bill Barker <wb...@wilshire.com>.
There is an example in the javadocs for java.security.KeyStore.
"Daniel Blumenthal" <da...@wordchamp.com> wrote in message
news:019601c7129e$c8ac8270$0201a8c0@dialect1...
I saw this, but unfortunately it only tells you how to specify the key file.
It doesn't tell you how to generate it. It seems logical that if everything
works with the .kdb file, then that should hold all of the information that
I need to get SSL working. Maybe I'm asking the wrong question. Basically,
given a kdb file that works, I would like to be able to set up APR to handle
SSL. It seems like this should be a fairly straightforward conversion... ?
> -----Original Message-----
> From: R�my Maucherat [mailto:remy.maucherat@gmail.com]
> Sent: Monday, November 27, 2006 8:07 PM
> To: Tomcat Users List
> Subject: Re: APR / SSL in 5.5.20
>
> On 11/28/06, Daniel Blumenthal <da...@wordchamp.com> wrote:
> > SSLCertificateFile="${catalina.base}/conf/localhost.crt"
> >
> SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
> >
> > I can export the .crt file from the .kdb file, but how do I
> get the "key"
> > file?
>
> You should look in the mod_ssl documentation for some details
> (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertific
> atekeyfile).
>
> R�my
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org To
> unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re[2]: APR / SSL in 5.5.20
Posted by Dima Retov <di...@axisway.com>.
You are using certificate for java's SSL.
You need certificate for openssl.
May be you can convert certificate using following commands
http://mark.foster.cc/kb/openssl-keytool.html
Let me know if it worked for you.
Tuesday, November 28, 2006, 5:39:17 AM, you wrote:
DB> I saw this, but unfortunately it only tells you how to specify the key file.
DB> It doesn't tell you how to generate it. It seems logical that if everything
DB> works with the .kdb file, then that should hold all of the information that
DB> I need to get SSL working. Maybe I'm asking the wrong question. Basically,
DB> given a kdb file that works, I would like to be able to set up APR to handle
DB> SSL. It seems like this should be a fairly straightforward conversion... ?
>> -----Original Message-----
>> From: Rémy Maucherat [mailto:remy.maucherat@gmail.com]
>> Sent: Monday, November 27, 2006 8:07 PM
>> To: Tomcat Users List
>> Subject: Re: APR / SSL in 5.5.20
>>
>> On 11/28/06, Daniel Blumenthal <da...@wordchamp.com> wrote:
>> > SSLCertificateFile="${catalina.base}/conf/localhost.crt"
>> >
>> SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
>> >
>> > I can export the .crt file from the .kdb file, but how do I
>> get the "key"
>> > file?
>>
>> You should look in the mod_ssl documentation for some details
>> (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertific
>> atekeyfile).
>>
>> Rémy
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org To
>> unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
DB> ---------------------------------------------------------------------
DB> To start a new topic, e-mail: users@tomcat.apache.org
DB> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
DB> For additional commands, e-mail: users-help@tomcat.apache.org
--
Best regards,
Dima mailto:dima@axisway.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: APR / SSL in 5.5.20
Posted by Daniel Blumenthal <da...@wordchamp.com>.
I saw this, but unfortunately it only tells you how to specify the key file.
It doesn't tell you how to generate it. It seems logical that if everything
works with the .kdb file, then that should hold all of the information that
I need to get SSL working. Maybe I'm asking the wrong question. Basically,
given a kdb file that works, I would like to be able to set up APR to handle
SSL. It seems like this should be a fairly straightforward conversion... ?
> -----Original Message-----
> From: Rémy Maucherat [mailto:remy.maucherat@gmail.com]
> Sent: Monday, November 27, 2006 8:07 PM
> To: Tomcat Users List
> Subject: Re: APR / SSL in 5.5.20
>
> On 11/28/06, Daniel Blumenthal <da...@wordchamp.com> wrote:
> > SSLCertificateFile="${catalina.base}/conf/localhost.crt"
> >
> SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
> >
> > I can export the .crt file from the .kdb file, but how do I
> get the "key"
> > file?
>
> You should look in the mod_ssl documentation for some details
> (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertific
> atekeyfile).
>
> Rémy
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org To
> unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: APR / SSL in 5.5.20
Posted by Rémy Maucherat <re...@gmail.com>.
On 11/28/06, Daniel Blumenthal <da...@wordchamp.com> wrote:
> SSLCertificateFile="${catalina.base}/conf/localhost.crt"
> SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
>
> I can export the .crt file from the .kdb file, but how do I get the "key"
> file?
You should look in the mod_ssl documentation for some details
(http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatekeyfile).
Rémy
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org