tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Stephen <joseph_vaith...@yahoo.com>
Subject RE: Tomcat SSL Setup
Date Wed, 18 Dec 2002 22:58:31 GMT
In case you still want to run Tomcat Standalone 

The problem with your setup was that certificate was
in the incorrect format. You need to conevert the
certificate to der 
The following links give very detailed instructions on
how to achive this. if you still face problems let me
know.
http://www.comu.de/docs/tomcat_ssl.htm

http://www.openssl.org/docs/apps/pkcs8.html#COMMAND_OPTIONS

Regards,
Joe
 

--- "Justin L. Spies" <jspies@pantek.com> wrote: >
Ken,
> Thanks for the hints.  Since they (Apache/Tomcat)
> are running on the
> same system at this point, that won't be an issue. 
> Could you point me
> the direction of some documentation that would help
> me get this setup?
> I've setup mod_jk with standard Apache before and it
> has been straight
> forward.  I am assuming that Apache handles the
> encryption/decryption
> and passes the requests off to Tomcat via the
> connector AFTER it
> decrypts the request--is this correct?
> 
> Sincerely,
> Pantek Incorporated
> Justin L. Spies
> 
> URI: http://www.pantek.com
> Ph   440.519.1802
> Fax  440.248.5274
> Cell 440.336.3317
> 
> 
> -----Original Message-----
> From: Ken Anderson [mailto:ka@pacific.net] 
> Sent: Wednesday, December 18, 2002 4:51 PM
> To: Tomcat Users List
> Subject: Re: Tomcat SSL Setup
> 
> 
> Have you considered the advantages of using one of
> the apache connectors
> 
> instead of tomcat standalone for SSL support?
> 
> I fought with Tomcat ssl support a couple years ago,
> and was unable to 
> get it to work. I'm sure the support is there now,
> but ssl support is 
> transparent if you use mod_jk or mod_webapp with
> Apache, and it's 
> easier, since you already have all the cerificates
> in place.
> 
> The downside is that the connection between apache
> and tomcat is NOT 
> encrypted, so if you are running TC and Apache on
> different servers, 
> this might be an issue.
> 
> Ken A.
> 
> 
> Justin L. Spies wrote:
> > One piece of information I forgot to mention:
> > 	O/S:     Red Hat Linux 7.2
> > 	Apache:  Custom Compiled 1.3.26
> > 	Tomcat:  4.0.4 RPM installation
> > 	JSDK:	   j2sdk1.4.0_01
> > 
> > Thanks again.
> > 
> > Justin L. Spies
> > 
> > 
> > -----Original Message-----
> > From: Justin L. Spies [mailto:jspies@pantek.com]
> > Sent: Wednesday, December 18, 2002 2:43 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Tomcat SSL Setup
> > 
> > 
> > Hello all,
> > I've been working on getting SSL configured for
> Tomcat and seem to be 
> > having a small problem.  I must be mistyping
> something because the 
> > only thing I get back from Netscape 7.0 is:
> > 	"Netscape 7.0 and www.mydomain.com cannot
> communicate securely 
> > because they have no common encryption
> algorithms."
> > 
> > Here is what I have done so far:
> > 
> > 1.	I changed /etc/tomcat4/server.xml and
> uncommented the following:
> > 
> >     <Connector 
> >
>
className="org.apache.catalina.connector.http.HttpConnector"
> >                port="8443" minProcessors="5"
> maxProcessors="75"
> >                enableLookups="true"
> >                acceptCount="10" debug="0"
> scheme="https"
> secure="true">
> >       <Factory 
> >
>
className="org.apache.catalina.net.SSLServerSocketFactory"
> >                clientAuth="false" 
> > keystoreFile="keystores/mydomain.keystore"
> keystorePass="xxxxxxxx" 
> > protocol="TLS"/>
> >     </Connector>
> > 
> > 2.	I ran the following commands to import the
> Verisign key:
> > 	/usr/java/j2sdk1.4.0_01/bin/keytool -import
> -alias root \
> > 	  -keystore
> /var/tomcat4/keystores/mydomain.keystore  \
> > 	  -trustcacerts -file /etc/verisign.key
> > 
> > 3.	I ran the following commands to import a
> previously created SSL
> > certificate
> > 	/usr/java/j2sdk1.4.0_01/bin/keytool -import
> -alias tomcat \
> > 	  -keystore
> /var/tomcat4/keystores/mydomain.keystore  \
> > 	  -trustcacerts -file
> /home/httpd/ssl/www.mydomain.com.cer
> > 
> > 4.	In /etc/tomcat4/server.xml, I noticed the
> following:
> >          * Download and install JSSE 1.0.2 or
> later, and put the JAR 
> > files
> >            into "$JAVA_HOME/jre/lib/ext".
> >  
> > 	I found jsse.jar in $JAVA_HOME/jre/lib so I ran
> the following:
> > 		ln -s $JAVA_HOME/jre/lib/jsse.jar
> $JAVA_HOME/jre/lib/ext/jsse.jar
> > 
> > 5.	I then restarted Tomcat and tried the following
> URL:
> > 
>
http://www.mydomain.com:8080/examples/servlets/index.hml
> > 
> > 	This was a test simply to make sure Tomcat
> started properly.  In
> this 
> > it worked fine.
> > 
> > 6.	I then restarted Tomcat and tried the following
> URL:
> > 
>
https://www.mydomain.com:8443/examples/servlets/index.html
> > 
> > 	This test failed with the above error message.
> > 
> > 
> > Does anyone have any ideas?  Oh, and BTW, I can
> visit 
> > https://www.mydomain.com/index.html and the home
> page for the site 
> > comes up in SSL mode without a problem, so I know
> that the SSL 
> > certificate, under Apache, is working fine.
> > 
> > Thanks,
> > Justin L. Spies
> > 
> > 
> > 
> > --
> > To unsubscribe, e-mail: 
> >
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail: 
> > <mailto:tomcat-user-help@jakarta.apache.org>
> > 
> > 
> > 
> > --
> > To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail: 
> > <mailto:tomcat-user-help@jakarta.apache.org>
> > 
> > 
> > 
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:  
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
=== message truncated === 

________________________________________________________________________
Missed your favourite TV serial last night? Try the new, Yahoo! TV.
       visit http://in.tv.yahoo.com

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message