tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fran├žois Andromaque <francois.androma...@sib.fr>
Subject Re: Re:certificate for tomcat and ssl
Date Thu, 31 May 2001 13:46:24 GMT
So, have i followed the same instructions?

i've inserted jsse.jar, jnet.jar, jcert.jar in both $JAVA_HOME/jre/lib/ext
and $TOMCAT_HOME/lib

security.provider.2=com.sun.net.ssl.internal.ssl.Provider

<Connector className="org.apache.tomcat.service.PoolTcpConnector">
        <Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
        <Parameter name="port" value="8443"/>
        <Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
        <Parameter name="keystore"
value="$JAVA_HOME/jre/lib/security/jssecacerts" />
        <Parameter name="keypass" value="xx" />
        <Parameter name="clientAuth" value="false" />
</Connector>

keytool -genkey -alias -keystrore
$JAVA_HOME/jre/lib/security/jssecacerts -keypass xx

I've restarted my tomcat server and it starts listening for SSL connections
on port 8443.
(Starting tcp endpoint on 8443 with
org.apache.tomcat.service.http.HttpConnectionHandler is written)
but a client can't get a connection to my server by the URL
https://server_ip_adr:8443
(no problem with http://server_ip_adr:8443)




----- Original Message -----
From: "Twylite" <twylite@crypt.co.za>
To: <tomcat-user@jakarta.apache.org>
Sent: Thursday, May 31, 2001 4:49 PM
Subject: Re:certificate for tomcat and ssl


> Oooh yeah, one other thing.
>
> You will notice that I don't specify the keystore.  Tomcat uses the
default keystore for the user executing Tomcat,
> unless you specify the keystore in the server.xml file.  I am logged in an
run tomcat as Administrator (dev box,
> shuddup about the security ;p ), and start tomcat manually (I don't run it
as a service).  My keystore will actually be
> $USER_HOME/.keystore, which works out to something like
/winnt/profiles/administrator/.keystore, but that's a
> nasty thing to code into your server.xml .
>
> If you have a keystore stored elsewhere, specify the location when you use
keytool, and specify the location in the
> server.xml .
>
> Twylite


Mime
View raw message