tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs ssl-howto.xml
Date Fri, 31 Aug 2001 20:15:12 GMT
ccain       01/08/31 13:15:12

  Modified:    webapps/tomcat-docs ssl-howto.xml
  A few minor typo and semantic changes.
  Also included a short blurb about passing JSSE to Tomcat in the CLASSPATH
  rather than making it an installed extension, as suggested by
  Wolfgang Hoschek <>.
  Revision  Changes    Path
  1.5       +24 -14    jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml
  Index: ssl-howto.xml
  RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ssl-howto.xml	2001/08/27 20:39:55	1.4
  +++ ssl-howto.xml	2001/08/31 20:15:12	1.5
  @@ -7,7 +7,7 @@
  -        <author email="">Christopher Cain</author>
  +        <author email="">Christopher Cain</author>
           <title>SSL Configuration HOW-TO</title>
  @@ -30,9 +30,10 @@
   these simple steps.  For more information, read the rest of this HOW-TO.</p>
   <li>Download JSSE 1.0.2 (or later) from
  -    <a href=""></a>
  -    and make it an <em>installed extension</em> by copying the included JAR
  -    files into <code>$JAVA_HOME/jre/lib/ext</code>.</li><br/><br/>
  +   <a href=""></a>
  +   and either make it an <em>installed extension</em> on the system, or else
add it
  +   to the classpath being passed to Tomcat in the Catalina startup script.
   <li>Create a certificate keystore by executing the following command:
   keytool -genkey -alias tomcat -keyalg RSA
  @@ -100,7 +101,7 @@
   before receiving any sensitive information.  While a broader explanation of
   Certificates is beyond the scope of this document, think of a Certificate
   as a "digital driver's license" for an Internet address.  It states what
  -company the address is associated with, along with some basic contact
  +company the site is associated with, along with some basic contact
   information about the site owner or administrator.</p>
   <p>This "driver's license" is cryptographically signed by its owner, and is
  @@ -158,7 +159,7 @@
   handshake, where the client browser accepts the server certificate, must occur
   before the HTTP request is accessed.  As a result, the request information
   containing the virtual host name cannot be determined prior to authentication,
  -ant it is therefore not possible to assign multiple certificates to a single
  +and it is therefore not possible to assign multiple certificates to a single
   IP address.  If all virtual hosts on a single IP address need to authenticate
   against the same certificate, the addition of multiple virtual hosts should not
   interfere with normal SSL operations on the server.  Be aware, however, that
  @@ -181,16 +182,25 @@
   package.  If you are running JDK 1.4 (currently in beta), these classes have
   been integrated directly into the JDK, so you can skip this entire step.</p>
  -<p>After expanding the package, copy all three JAR files
  -(<code>jcert.jar</code>, <code>jnet.jar</code>, and <code>jsse.jar</code>)
  -into your <code>$JAVA_HOME/jre/lib/ext</code> directory.  This effectively
  -makes them "installed extensions," and eliminates the need to put them into
  -the <code>CLASSPATH</code>.</p>
  +<p>After expanding the package, there are two ways to make it available to Tomcat.
  +The easiest approach is to simply make it an <em>installed extension</em> by

  +copying all three JAR files (<code>jcert.jar</code>, <code>jnet.jar</code>,
  +<code>jsse.jar</code>) into your <code>$JAVA_HOME/jre/lib/ext</code>
  +In effect, this eliminates the need to have them in any <code>CLASSPATH</code>.</p>
  +<p>If making the JSSE libraries an installed extension is either not possible or
  +not desirable in your particular environment, the alternative approach is to 
  +add the JAR files to Tomcat's startup <code>CLASSPATH</code>. Because Tomcat
  +ignores the system <code>CLASSPATH</code>, this approach involves modifying
  +Catalina command script for your particular environment (<code></code>
  +under Unix, or <code>catalina.bat</code> in Windows). Add the JSSE libraries
  +the classpath being passed to the <code>java</code> command.</p>
   <p><strong>WARNING</strong> - Do <strong>not</strong> copy
any of these JAR
  -files into any of the internal Tomcat directories, or manually include them
  -on the <code>CLASSPATH</code> environment variable in your startup scripts.
  -Doing this will cause Tomcat to fail at startup time.</p>
  +files into any of the internal Tomcat directories. Also, do not make them both an
  +installed extension <em>and</em> include them in the startup script's 
  +<code>CLASSPATH</code>. Either of these two scenerios will cause Tomcat to
  +on startup.</p>

View raw message