tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Coetmeur, Alain" <>
Subject RE: Tomcat and SSL
Date Tue, 30 Jan 2001 15:45:19 GMT
I've done this
with tomcat 3.2.1
with JSSE (loaded at sun)

I've added jsse jars in the classpach,;
changed few properties about security providers,

in the server.xml I've activated the SSL
connector that is commented out...

it works perfectly with that
section in server.xml
        <Connector className="org.apache.tomcat.service.PoolTcpConnector">
            <Parameter name="handler" 
            <Parameter name="socketFactory" 
                value="" />
            <Parameter name="port" 
            <Parameter name="keystore"
value="d:\openssl\maui\cacerts" />
            <Parameter name="storetype"              value="jks" />
            <Parameter name="keypass"              value="changeit" />
            <Parameter name="secure"	    value="true" />
	    <!-- Parameter name="clientAuth"      value="true" / -->

I had more problems than that
because I wanted also to support 
apache redirection, and to allow
tomcat to call itself back in SSL
(needed to run the XSL taglib example using the include tag)

-you need to use  ajp13 protocol version in apache
(this mean not using the conf-auto generated file
but edit it manually under another name, and include it
instead in the httpd.conf of apache)
and nable it in tomcat (uncomment the connector in web.xml)
-to support HTTPS client URL
you need to define a property
so that JSSE URL factory is used instead of standard one.
-you need to set a valid server certificat otherwise
Java HTTPS URL will reject the connection.
-you need to trust the server CA for the same reason

but it does work at the end, even for the most demanding users...

-----Message d'origine-----
De: Allen Akers []
Nope...I want Tomcat to do SSL directly.  I have it working just fine with
Apache+mod_jk+Tomcat, but I don't need Apache because everything being
served is jsp or servlet, so Apache is unneeded overhead and an extra thing
to maintain.

View raw message