You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Matt Morgan <ma...@brooklynmuseum.org> on 2003/09/25 23:24:06 UTC

Configuring server.xml for SSL breaks Tomcat

I'm using 4.1.27 on debian 3.0 with the JDK 1.3 from Blackdown, and the 
last independent JSSE from Sun, the one intended for jdk1.3. Tomcat runs 
as user "tomcat4," whose home dir is /usr/share/tomcat4 and whose login 
shell is /bin/false.

Tomcat runs fine when I don't try to get SSL working. Annoyingly enough, 
it ran for a minute with SSL working, but that was with the default 
password on the keystore which I thought was a bad idea, long-term. So I 
created a new key, put it in the same place (with the same name), and 
restarted tomcat. Only Tomcat wouldn't start at all, not even the 
non-SSL connector.

So, I tried to go back to the old key. No good; same problem. Finally I 
went back to a /conf/server.xml file with the SSL connector commented 
out, and I could get Tomcat to restart (non-SSL only). I've tried about 
ten times to recreate the key with the default password and every time I 
reconfigure server.xml to start an SSL connector, Tomcat won't start.

I am creating the key as root, since I can't login as tomcat4; I use

/usr/lib/j2se/1.3/bin/keytool -genkey -alias tomcat -keyalg RSA

and then I copy the key to /usr/share/tomcat4 and chown it to tomcat4. 
This is what worked the one time. I have also tried using -keystore 
/usr/share/tomcat4/.keystore, which hasn't helped. I've deleted all the 
old .keystores from the system, so I know it's not trying to open an old 
one.

Basically, all I'm doing to server.xml is removing the comments around 
the pre-configured SSL connector. So it looks like this:

<Connector className="org.apache.catalina.connector.http.HttpConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="10" debug="0" scheme="https" secure="true">
    <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
    clientAuth="false" protocol="TLS"/>
</Connector>

I know certificates can be touchy, but I'm at a loss to understand why 
this worked once, and is failing to work now. And why would it prevent 
Tomcat from working in non-SSL?

Thanks,
Matt Morgan
Manager of Information Systems
Brooklyn Museum of Art

Re: Configuring server.xml for SSL breaks Tomcat

Posted by Matt Morgan <ma...@brooklynmuseum.org>.

Thanks. I tried both suggestions exhaustively but don't any much better
success.

I have apache running SSL on this same server. Should I be working on the
jk2 connector instead, to use Apache's SSL? That looked more complicated
at first.

Thanks,
Matt

> Matt,
>
> 2 suggestions:
> 1. Upgrade your JDK to 1.4.x.  JSSE is now integrated with the Java
> Runtime and, you never know, this step alone might fix your problem.
> 2. Create and configure the SSL connector using the Admin tool instead
> of manually editing server.xml.
>
>
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For
> additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Configuring server.xml for SSL breaks Tomcat

Posted by Matt Morgan <ma...@brooklynmuseum.org>.

Thanks. I tried both suggestions exhaustively but don't any much better
success.

I have apache running SSL on this same server. Should I be working on the
jk2 connector instead, to use Apache's SSL? That looked more complicated
at first.

Thanks,
Matt

> Matt,
>
> 2 suggestions:
> 1. Upgrade your JDK to 1.4.x.  JSSE is now integrated with the Java
> Runtime and, you never know, this step alone might fix your problem.
> 2. Create and configure the SSL connector using the Admin tool instead
> of manually editing server.xml.
>
>
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For
> additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Configuring server.xml for SSL breaks Tomcat

Posted by Christopher Williams <cc...@ntlworld.com>.

Matt,

2 suggestions:
1. Upgrade your JDK to 1.4.x.  JSSE is now integrated with the Java Runtime
and, you never know, this step alone might fix your problem.
2. Create and configure the SSL connector using the Admin tool instead of
manually editing server.xml.



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Configuring server.xml for SSL breaks Tomcat

Posted by Christopher Williams <cc...@ntlworld.com>.

Matt,

2 suggestions:
1. Upgrade your JDK to 1.4.x.  JSSE is now integrated with the Java Runtime
and, you never know, this step alone might fix your problem.
2. Create and configure the SSL connector using the Admin tool instead of
manually editing server.xml.