You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ML Harmon <ml...@gmail.com> on 2011/10/14 16:37:04 UTC
Using the Apache Tomcat 6.0 SSL Configuration HOW-TO guide, but it is
not working
Using this link, to setup my Apache Tomcat 6.0 webserver with SSL, but I
can't get it to work. I am very new to Apache Tomcat 6.0. Infact this is the
first time I have ever worked with it.
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
Our Apache Tomcat 6.0 is currently running on a Windows 2003 server. We *CAN
* currently bring up a browser and login to our application on port 8086,
and have been using this for several years.
But* now* we want to secure our connection with SSL, so I have been trying
to use the above link to set it up.
Here is what I have done.
1. Create a keystore file to store the server's private key and self-signed
certificate by executing the following command:
Windows:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
2. Uncomment the "SSL HTTP/1.1 Connector" entry in
$CATALINA_BASE/conf/server.xml and modify as described.
3. Define a SLL Connector in my server.xml
Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
4. Create a local certificate
keytool -genkey -alias tomcat -keyalg RSA \
-keystore <your_keystore_filename>
5. Create a CSR for my Issuing RootCA to sign.
keytool -certreq -keyalg RSA -alias tomcat -file
certreq.csr \ -keystore <your_keystore_filename>
6. Have my issuing RootCA sign and create my cert.
7. Import my Chain Certificate into my keystore i.e. I have created my on
RootCA certificate with a stand-alone CA since we are using a two tier
approach to creating certs. Our certs are created and signed on a Windows
2008 Certificate Service Server.
keytool -import -alias root -keystore
<your_keystore_filename> \ -trustcacerts -file
<filename_of_the_chain_certificate>
8. Import my Certificate.
keytool -import -alias tomcat -keystore
<your_keystore_filename> \ -file <your_certificate_filename>
RESULTS are as follows:
I can run http://localhost:8086 from my browser on our Tomcat Web server and
the default web page does load.
Running https://localhost:8443 does not display a web page.
I can at least load up a web page if I exclude SSLEnabled=TRUE from my
connector entry using port 8443 but of course I don't have SSLEnabled=True.
I don't even know enough about Tomcat to know how to troubleshoot this, am
very new to this.
Re: Using the Apache Tomcat 6.0 SSL Configuration HOW-TO guide, but
it is not working
Posted by Pid * <pi...@pidster.com>.
On 19 Oct 2011, at 16:15, ML Harmon <ml...@gmail.com> wrote:
> I don't see any log file? what would be the log files name?
Please don't top post (see below).
> On Fri, Oct 14, 2011 at 9:55 AM, Konstantin Kolinko
> <kn...@gmail.com>wrote:
>
>> 2011/10/14 ML Harmon <ml...@gmail.com>:
>>>
>>> I don't even know enough about Tomcat to know how to troubleshoot this,
>> am
>>> very new to this.
>>>
>>
>> 1) If you know where your server.xml is, you should know where your
>> log files are as well.
>>
>> There is logs folder that is sibling to conf.
Did you find the logs folder as indicated above? What is in it?
p
>>
>> 2) There are two different implementations of SSL connector
>> (Java-based and OpenSSL-based), that are configured rather
>> differently.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using the Apache Tomcat 6.0 SSL Configuration HOW-TO guide, but
it is not working
Posted by ML Harmon <ml...@gmail.com>.
I don't see any log file? what would be the log files name?
On Fri, Oct 14, 2011 at 9:55 AM, Konstantin Kolinko
<kn...@gmail.com>wrote:
> 2011/10/14 ML Harmon <ml...@gmail.com>:
> >
> > I don't even know enough about Tomcat to know how to troubleshoot this,
> am
> > very new to this.
> >
>
> 1) If you know where your server.xml is, you should know where your
> log files are as well.
>
> There is logs folder that is sibling to conf.
>
> 2) There are two different implementations of SSL connector
> (Java-based and OpenSSL-based), that are configured rather
> differently.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Using the Apache Tomcat 6.0 SSL Configuration HOW-TO guide, but
it is not working
Posted by Konstantin Kolinko <kn...@gmail.com>.
2011/10/14 ML Harmon <ml...@gmail.com>:
>
> I don't even know enough about Tomcat to know how to troubleshoot this, am
> very new to this.
>
1) If you know where your server.xml is, you should know where your
log files are as well.
There is logs folder that is sibling to conf.
2) There are two different implementations of SSL connector
(Java-based and OpenSSL-based), that are configured rather
differently.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org