tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hanks Wang (hanwan)" <han...@cisco.com>
Subject RE: Https doesn't work while using tomcat6.0+APR+OpenSSL
Date Tue, 04 Mar 2008 02:35:33 GMT
Hi guys,

[ISSUE RESOLVED]

I change the tomcat back to version5.5 and APR works very well now,
seems it is a little bug in tomcat6.0.14.

Thanks
Han 

-----Original Message-----
From: Hanks Wang (hanwan) 
Sent: Monday, March 03, 2008 5:27 PM
To: Tomcat Developers List
Subject: RE: Https doesn't work while using tomcat6.0+APR+OpenSSL

Hi all,
The warning that I mentioned at the bottom of former mail is gotten rid
of by using latest Tomcat-Native dll file. but I still can't access the
https page.
 
Add more clues here:
 
1. If I input "localhost:443"(no  https prefix) in browser address
fielder, it will bring me to Tomcat welcome page which is same with
http://localhost:8080" ,  besides the address fielder content is
http://localhost:443/ ; 2. I can access http://localhost:8080
<http://localhost:8080> successfully; 3. I can't access
https://localhost:443 , request interrupted error.
4. I can't access localhost:port, here port is any number except 443 &
8080;
 
Any suggestion?
 
Thanks
Han

________________________________

From: Hanks Wang (hanwan)
Sent: Monday, March 03, 2008 5:11 PM
To: 'Tomcat Developers List'
Subject: Https doesn't work while using tomcat6.0+APR+OpenSSL


Hi all,
 
Tomcat6.0, JDK6.0, WindowsXP,.
 
I can see below info while starting tomcat server, which should mean the
tomcat starts successfully under the APR mode:
Mar 3, 2008 4:58:17 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Mar 3, 2008 4:58:17 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-443
 
But I always fail to access localhost:443, which gives me some info like
"The connection was interrupted" after very long wait.
 
Case reproduce:
 
1. Download OpenSSL from
http://www.slproweb.com/products/Win32OpenSSL.html
<http://www.slproweb.com/products/Win32OpenSSL.html>  and install it on
my machine;
2. execute "genrsa -des3 -out tomcatkey.pem 2048 (passwd is tomcat)
3. execute "req -new -x509 -key tomcatkey.pem -out tomcatcert.pem -days
1095" 
So far I get the private key and the certification: tomcatkey.pem and
tomcatcert.pem successfully;
 
4. Edit the conf/server.xml as below:
<Server port="8005" shutdown="SHUTDOWN">
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JasperListener" />
  <Listener
className="org.apache.catalina.mbeans.ServerLifecycleListener" />
.....
  <Service name="Catalina">
    <Connector
    port="8080" maxHttpHeaderSize="8192"     maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"    enableLookups="false"
redirectPort="443" acceptCount="100"
    connectionTimeout="20000" disableUploadTimeout="true" />
 
<!--  ssl for apr -->
    <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"  enableLookups="false"
disableUploadTimeout="true"
        acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="all" SSLEngine="on"
SSLCertificateFile="tomcatcert.pem"
SSLCertificateKeyFile="tomcatkey.pem"
       SSLPassword="tomcat"/>  
.....
 
I tried every instruction in tomcat doc, but can't access https by APR
at all.
The https feature works well if I use "Http11NioProtocol" Connector.
 
Any suggestion please?
 
btw, there is one warning when starting the Tomcat:
An older version 1.1.9 of the Apache Tomcat Native library is installed,
while Tomcat recommends version greater then 1.1.10
 
Thanks!
Han
 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message