tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin L. Spies" <jsp...@pantek.com>
Subject RE: Tomcat SSL Setup
Date Wed, 18 Dec 2002 22:05:01 GMT
Ken,
Thanks for the hints.  Since they (Apache/Tomcat) are running on the
same system at this point, that won't be an issue.  Could you point me
the direction of some documentation that would help me get this setup?
I've setup mod_jk with standard Apache before and it has been straight
forward.  I am assuming that Apache handles the encryption/decryption
and passes the requests off to Tomcat via the connector AFTER it
decrypts the request--is this correct?

Sincerely,
Pantek Incorporated
Justin L. Spies

URI: http://www.pantek.com
Ph   440.519.1802
Fax  440.248.5274
Cell 440.336.3317


-----Original Message-----
From: Ken Anderson [mailto:ka@pacific.net] 
Sent: Wednesday, December 18, 2002 4:51 PM
To: Tomcat Users List
Subject: Re: Tomcat SSL Setup


Have you considered the advantages of using one of the apache connectors

instead of tomcat standalone for SSL support?

I fought with Tomcat ssl support a couple years ago, and was unable to 
get it to work. I'm sure the support is there now, but ssl support is 
transparent if you use mod_jk or mod_webapp with Apache, and it's 
easier, since you already have all the cerificates in place.

The downside is that the connection between apache and tomcat is NOT 
encrypted, so if you are running TC and Apache on different servers, 
this might be an issue.

Ken A.


Justin L. Spies wrote:
> One piece of information I forgot to mention:
> 	O/S:     Red Hat Linux 7.2
> 	Apache:  Custom Compiled 1.3.26
> 	Tomcat:  4.0.4 RPM installation
> 	JSDK:	   j2sdk1.4.0_01
> 
> Thanks again.
> 
> Justin L. Spies
> 
> 
> -----Original Message-----
> From: Justin L. Spies [mailto:jspies@pantek.com]
> Sent: Wednesday, December 18, 2002 2:43 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Tomcat SSL Setup
> 
> 
> Hello all,
> I've been working on getting SSL configured for Tomcat and seem to be 
> having a small problem.  I must be mistyping something because the 
> only thing I get back from Netscape 7.0 is:
> 	"Netscape 7.0 and www.mydomain.com cannot communicate securely 
> because they have no common encryption algorithms."
> 
> Here is what I have done so far:
> 
> 1.	I changed /etc/tomcat4/server.xml and uncommented the following:
> 
>     <Connector 
> className="org.apache.catalina.connector.http.HttpConnector"
>                port="8443" minProcessors="5" maxProcessors="75"
>                enableLookups="true"
>                acceptCount="10" debug="0" scheme="https"
secure="true">
>       <Factory 
> className="org.apache.catalina.net.SSLServerSocketFactory"
>                clientAuth="false" 
> keystoreFile="keystores/mydomain.keystore" keystorePass="xxxxxxxx" 
> protocol="TLS"/>
>     </Connector>
> 
> 2.	I ran the following commands to import the Verisign key:
> 	/usr/java/j2sdk1.4.0_01/bin/keytool -import -alias root \
> 	  -keystore /var/tomcat4/keystores/mydomain.keystore  \
> 	  -trustcacerts -file /etc/verisign.key
> 
> 3.	I ran the following commands to import a previously created SSL
> certificate
> 	/usr/java/j2sdk1.4.0_01/bin/keytool -import -alias tomcat \
> 	  -keystore /var/tomcat4/keystores/mydomain.keystore  \
> 	  -trustcacerts -file /home/httpd/ssl/www.mydomain.com.cer
> 
> 4.	In /etc/tomcat4/server.xml, I noticed the following:
>          * Download and install JSSE 1.0.2 or later, and put the JAR 
> files
>            into "$JAVA_HOME/jre/lib/ext".
>  
> 	I found jsse.jar in $JAVA_HOME/jre/lib so I ran the following:
> 		ln -s $JAVA_HOME/jre/lib/jsse.jar
$JAVA_HOME/jre/lib/ext/jsse.jar
> 
> 5.	I then restarted Tomcat and tried the following URL:
> 	http://www.mydomain.com:8080/examples/servlets/index.hml
> 
> 	This was a test simply to make sure Tomcat started properly.  In
this 
> it worked fine.
> 
> 6.	I then restarted Tomcat and tried the following URL:
> 	https://www.mydomain.com:8443/examples/servlets/index.html
> 
> 	This test failed with the above error message.
> 
> 
> Does anyone have any ideas?  Oh, and BTW, I can visit 
> https://www.mydomain.com/index.html and the home page for the site 
> comes up in SSL mode without a problem, so I know that the SSL 
> certificate, under Apache, is working fine.
> 
> Thanks,
> Justin L. Spies
> 
> 
> 
> --
> To unsubscribe, e-mail: 
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> 


--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message