You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Gene Waters <ge...@caci.com> on 2011/09/16 22:43:14 UTC
How to Configure Tomcat 7.0 for SSL
Version of Tomcat: Apache Tomcat 7.0
Server: Windows 2003
Problem: Configuring Tomcat 7.0 SSL using Apr Implementation
Apache Tomcat splash screen (https://localhost:8443<https://localhost:8443/>) fails after including key, cert in server.xml configuration using following entries:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
SSLEngine="on"
SSLCertificateFile="webapps\<server>.cert"
SSLCertificateKeyFile="webapps\<server>.key" />
Thanks,
Gene
Re: How to Configure Tomcat 7.0 for SSL
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gene,
On 9/16/2011 4:43 PM, Gene Waters wrote:
> SSLCertificateFile="webapps\<server>.cert"
> SSLCertificateKeyFile="webapps\<server>.key" />
You definitely don't want those files there: an easy misconfiguration
could result in those files being remotely readable. Oops.
I would put them under CATALINA_BASE/conf and make sure you use
fully-qualified paths.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk53W8cACgkQ9CaO5/Lv0PAygQCgj1um/2LtAXi1xinfwktTNc+I
RTYAoLodVvjTNb20xwHNcJtp+I57oWMd
=JFE/
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: How to Configure Tomcat 7.0 for SSL
Posted by Gene Waters <ge...@caci.com>.
Thanks Marvin,
We will give it a try and let you know,
Gene
Gene A. Waters
CACI International Inc.
Senior Business Objects - Programmer Analyst
Navy Enterprise Team Ships (NETS), Norfolk, VA
Work Phone: (757) 852-6943
email: gewaters@caci.com, gene.waters.ctr@navy.mil
________________________________________
From: Marvin Addison [marvin.addison@gmail.com]
Sent: Monday, September 19, 2011 9:36 AM
To: Tomcat Users List
Subject: Re: How to Configure Tomcat 7.0 for SSL
> SSLEngine="on"
There's no such attribute for this connector. The attribute you want
is SSLEnabled="true". I would also recommend the following attributes
for security-conscious deployments:
SSLProtocol="SSLv3+TLSv1"
SSLCipherSuite="!ADH:HIGH:MEDIUM:-SSLv2"
If you continue to have trouble, post the output of catalina.out.
M
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to Configure Tomcat 7.0 for SSL
Posted by Marvin Addison <ma...@gmail.com>.
> SSLEngine="on"
There's no such attribute for this connector. The attribute you want
is SSLEnabled="true". I would also recommend the following attributes
for security-conscious deployments:
SSLProtocol="SSLv3+TLSv1"
SSLCipherSuite="!ADH:HIGH:MEDIUM:-SSLv2"
If you continue to have trouble, post the output of catalina.out.
M
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org