tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Coetmeur, Alain" <alain.coetm...@caissedesdepots.fr>
Subject RE: Tomcat and SSL
Date Tue, 30 Jan 2001 15:45:19 GMT
I've done this
with tomcat 3.2.1
with JSSE (loaded at sun)

I've added jsse jars in the classpach,;
changed few properties about security providers,

in the server.xml I've activated the SSL
connector that is commented out...


it works perfectly with that
section in server.xml
        <Connector className="org.apache.tomcat.service.PoolTcpConnector">
            <Parameter name="handler" 
 
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
            <Parameter name="socketFactory" 
                value="org.apache.tomcat.net.SSLSocketFactory" />
            <Parameter name="port" 
                value="8543"/>
            <Parameter name="keystore"
value="d:\openssl\maui\cacerts" />
            <Parameter name="storetype"              value="jks" />
            <Parameter name="keypass"              value="changeit" />
            <Parameter name="secure"	    value="true" />
	    <!-- Parameter name="clientAuth"      value="true" / -->
        </Connector>

I had more problems than that
because I wanted also to support 
apache redirection, and to allow
tomcat to call itself back in SSL
(needed to run the XSL taglib example using the include tag)

eg:
-you need to use  ajp13 protocol version in apache
(this mean not using the conf-auto generated file
but edit it manually under another name, and include it
instead in the httpd.conf of apache)
and nable it in tomcat (uncomment the connector in web.xml)
-to support HTTPS client URL
you need to define a property
so that JSSE URL factory is used instead of standard one.
-you need to set a valid server certificat otherwise
Java HTTPS URL will reject the connection.
-you need to trust the server CA for the same reason

but it does work at the end, even for the most demanding users...




-----Message d'origine-----
De: Allen Akers [mailto:Akers@cc.admin.unt.edu]
Nope...I want Tomcat to do SSL directly.  I have it working just fine with
Apache+mod_jk+Tomcat, but I don't need Apache because everything being
served is jsp or servlet, so Apache is unneeded overhead and an extra thing
to maintain.

Mime
View raw message