tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs ssl-howto.xml
Date Wed, 12 Sep 2001 17:38:48 GMT
craigmcc    01/09/12 10:38:47

  Modified:    catalina/src/bin catalina.bat catalina.sh
               webapps/tomcat-docs ssl-howto.xml
  Log:
  Simplify the process of installing SSL support by the following actions:
  * Have SSLSocketFactory register the JSSE provider if needed
    (see previous commit)
  * Have "catalina.bat" and "catalina.sh" automatically add the JSSE JAR
    files to the system classpath used to start Tomcat, if an environment
    variable named "JSSE_HOME" is defined.
  * Trimmed out the steps that are no longer needed from the HOW-TO docs.
  
  Submitted by:	Wolfgang Hoschek <wolfgang.hoschek@cern.ch>
  
  Revision  Changes    Path
  1.18      +10 -2     jakarta-tomcat-4.0/catalina/src/bin/catalina.bat
  
  Index: catalina.bat
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/bin/catalina.bat,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- catalina.bat	2001/08/27 19:10:25	1.17
  +++ catalina.bat	2001/09/12 17:38:47	1.18
  @@ -16,7 +16,11 @@
   rem
   rem   JAVA_HOME     Must point at your Java Development Kit installation.
   rem
  -rem $Id: catalina.bat,v 1.17 2001/08/27 19:10:25 craigmcc Exp $
  +rem   JSSE_HOME     (Optional) May point at your Java Secure Sockets Extension
  +rem                 (JSSE) installation, whose JAR files will be added to the
  +rem                 system class path used to start Tomcat.
  +rem
  +rem $Id: catalina.bat,v 1.18 2001/09/12 17:38:47 craigmcc Exp $
   rem ---------------------------------------------------------------------------
   
   
  @@ -65,10 +69,14 @@
   rem ----- Set Up The Runtime Classpath ----------------------------------------
   
   set CP=%CATALINA_HOME%\bin\bootstrap.jar;%JAVA_HOME%\lib\tools.jar
  +if "%JSSE_HOME%" == "" goto noJsse
  +set CP=%CP%;%JSSE_HOME%\lib\jcert.jar;%JSSE_HOME%\lib\jnet.jar;%JSSE_HOME%\jsse.jar
  +:noJsse
   set CLASSPATH=%CP%
   echo Using CATALINA_BASE: %CATALINA_BASE%
   echo Using CATALINA_HOME: %CATALINA_HOME%
  -echo Using CLASSPATH: %CLASSPATH%
  +echo Using CLASSPATH:     %CLASSPATH%
  +echo Using JAVA_HOME:     %JAVA_HOME%
   
   
   rem ----- Execute The Requested Command ---------------------------------------
  
  
  
  1.19      +8 -1      jakarta-tomcat-4.0/catalina/src/bin/catalina.sh
  
  Index: catalina.sh
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/bin/catalina.sh,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- catalina.sh	2001/09/12 00:54:28	1.18
  +++ catalina.sh	2001/09/12 17:38:47	1.19
  @@ -20,7 +20,11 @@
   #                 command is executed.  Defaults to
   #                 "-classic -Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
   #
  -# $Id: catalina.sh,v 1.18 2001/09/12 00:54:28 craigmcc Exp $
  +#   JSSE_HOME     (Optional) May point at your Java Secure Sockets Extension
  +#                 (JSSE) installation, whose JAR files will be added to the
  +#                 system class path used to start Tomcat.
  +#
  +# $Id: catalina.sh,v 1.19 2001/09/12 17:38:47 craigmcc Exp $
   # -----------------------------------------------------------------------------
   
   
  @@ -86,6 +90,9 @@
   
   if [ -f "$JAVA_HOME/lib/tools.jar" ] ; then
     CP=$CP:"$JAVA_HOME/lib/tools.jar"
  +fi
  +if [ -f "$JSSE_HOME/lib/jsse.jar" ] ; then
  +  CP=$CP:"$JSSE_HOME/lib/jcert.jar":"$JSSE_HOME/lib/jnet.jar":"$JSSE_HOME/lib/jsse.jar"
   fi
   
   
  
  
  
  1.7       +15 -62    jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml
  
  Index: ssl-howto.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- ssl-howto.xml	2001/09/07 18:39:08	1.6
  +++ ssl-howto.xml	2001/09/12 17:38:47	1.7
  @@ -31,20 +31,14 @@
   <ol>
   <li>Download JSSE 1.0.2 (or later) from
      <a href="http://java.sun.com/products/jsse/">http://java.sun.com/products/jsse/</a>
  -   and either make it an <em>installed extension</em> on the system, or else
add it
  -   to the classpath being passed to Tomcat in the Catalina startup script.
  -</li><br/><br/>
  +   and either make it an <em>installed extension</em> on the system, or else
  +   set an environment variable <code>JSSE_HOME</code> that points at the
  +   directory into which you installed JSSE.</li><br/><br/>
   <li>Create a certificate keystore by executing the following command:
   <source>
   keytool -genkey -alias tomcat -keyalg RSA
   </source>
       and specify a password value of "changeit".</li><br/><br/>
  -<li>Edit <code>$JAVA_HOME/jre/lib/security/java.security</code> and add
  -<source>
  -security.provider.2=com.sun.net.ssl.internal.ssl.Provider
  -</source>
  -    (if you already have a <code>security.provider.2</code> entry, use the
  -    next available numeric identifier).</li><br/><br/>
   <li>Uncomment the "SSL HTTP/1.1 Connector" entry in
       <code>$CATALINA_HOME/conf/server.xml</code> and tweak as necessary.</li>
       <br/><br/>
  @@ -182,25 +176,16 @@
   package.  If you are running JDK 1.4 (currently in beta), these classes have
   been integrated directly into the JDK, so you can skip this entire step.</p>
   
  -<p>After expanding the package, there are two ways to make it available to Tomcat.
  -The easiest approach is to simply make it an <em>installed extension</em> by

  -copying all three JAR files (<code>jcert.jar</code>, <code>jnet.jar</code>,
and
  -<code>jsse.jar</code>) into your <code>$JAVA_HOME/jre/lib/ext</code>
directory.
  -In effect, this eliminates the need to have them in any <code>CLASSPATH</code>.</p>
  -
  -<p>If making the JSSE libraries an installed extension is either not possible or
  -not desirable in your particular environment, the alternative approach is to 
  -add the JAR files to Tomcat's startup <code>CLASSPATH</code>. Because Tomcat
  -ignores the system <code>CLASSPATH</code>, this approach involves modifying
the 
  -Catalina command script for your particular environment (<code>catalina.sh</code>
  -under Unix, or <code>catalina.bat</code> in Windows). Add the JSSE libraries
to
  -the classpath being passed to the <code>java</code> command.</p>
  -
  -<p><strong>WARNING</strong> - Do <strong>not</strong> copy
any of these JAR
  -files into any of the internal Tomcat directories. Also, do not make them both an
  -installed extension <em>and</em> include them in the startup script's 
  -<code>CLASSPATH</code>. Either of these two scenerios will cause Tomcat to
fail
  -on startup.</p>
  +<p>After expanding the package, there are two ways to make it available to
  +Tomcat (choose one or the other):</p>
  +<ul>
  +<li>Make JSSE an <em>installed extension</em> by copying all three JAR
files
  +    (<code>jcert.jar</code>, <code>jnet.jar</code>, and <code>jsse.jar</code>)
  +    into your <code>$JAVA_HOME/jre/lib/ext</code> directory.</li>
  +<li>Create a new environment variable <code>JSSE_HOME</code> that contains
  +    the absolute path to the directory into which you unpacked the
  +    JSSE binary distribution.</li>
  +</ul>
   
   </subsection>
   
  @@ -259,35 +244,6 @@
   
   </subsection>
   
  -<subsection name="Add the SSL Provider to the JVM">
  -
  -<p>When the JVM attempts to load up the necessary classes for SSL during
  -server startup, it checks for an appropriate <em>Provider</em> for each
  -cryptographic service.  In order to let the JVM know that it has a suitable
  -SSL provider installed (which you did when you installed JSSE), you must
  -edit the <code>$JAVA_HOME/jre/lib/security/java.security</code> file and
  -add an entry.  The very first section of this configuration file should
  -already have one or more lines that look like this:</p>
  -<source>
  -security.provider.1=sun.security.provider.Sun
  -</source>
  -
  -<p>The syntax here is:</p>
  -<source>
  -security.provider.{search-order}={fully-qualified-Provider-class-name}
  -</source>
  -
  -<p>In order to register the SSL provider, add a line like this:</p>
  -<source>
  -security.provider.2=com.sun.net.ssl.internal.ssl.Provider
  -</source>
  -
  -<p>If there is already an entry for <code>security.provider.2</code>,
  -simply use the next available number (such as
  -<code>security.provider.3</code>) that is not currently in use.</p>
  -
  -</subsection>
  -
   <subsection name="Edit the Tomcat Configuration File">
   
   <p>The final step is to configure your secure socket in the
  @@ -400,11 +356,8 @@
   <li>I get "java.security.NoSuchAlgorithmException" errors in my
       log files.
       <blockquote>
  -    <p>The JVM cannot find the JSSE JAR files, or you have not registered
  -    the JSSE Provider.  Follow all of the directions to
  -    <a href="#Download and Install JSSE">download and install JSSE</a>, and
  -    <a href="#Add the SSL Provider to the JVM">register the SSL provider</a>
  -    with your JVM.</p>
  +    <p>The JVM cannot find the JSSE JAR files.  Follow all of the directions to
  +    <a href="#Download and Install JSSE">download and install JSSE</a>.</p>
       </blockquote></li>
   
   <li>When Tomcat starts up, I get an exception like
  
  
  

Mime
View raw message