tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Faine, Mark" <Mark.R.Fa...@msfc.nasa.gov>
Subject RE: SSL configuration question
Date Fri, 01 Apr 2005 16:04:42 GMT
We've been running with Tomcat 4 and Apache 2 for a very long time.
Recently another department was put in charge of all of our static pages.
This means we will have nothing on our servers but dynamic pages (java web
apps) and this is good.  The other department specializes in static HTML
pages.  We are now playing more to our strengths.  I've removing
Apache/mod_jk from the mix and we are now running exclusively on Tomcat 5,
on our development server.  Previously we couldn't get our apps to run on
Tomcat 5 but I've figured it out recently and was hoping that perhaps we
might see a little bit of a performance increase.

If the testing works out and our apps benchmark well under Tomcat we will
move our production servers to Tomcat 5 exclusively.  This is why I needed
to be sure I could move the SSL certs between the two servers.

Thanks,
-Mark


-----Original Message-----
From: Mikhail Kruk [mailto:meshko@cs.brandeis.edu] 
Sent: Friday, April 01, 2005 9:31 AM
To: Tomcat Users List
Subject: RE: SSL configuration question

Fortunately it's not that Frequent that people end up where you did :) You
should first finalize your config and decide whether you will run Tomcat
standalone or with Apache/IIS, test it with a self-signed cert and only
actually go ahead and buy the real cert before going live.

> Thanks, the link you provided allowed me to get it imported correctly.  
> This should go on a FAQ.
> 
> Thanks again,
> -Mark
>  
> 
> -----Original Message-----
> From: Mikhail Kruk [mailto:meshko@cs.brandeis.edu]
> Sent: Thursday, March 31, 2005 3:42 PM
> To: Tomcat Users List
> Subject: RE: SSL configuration question
> 
> > The certificate I imported was not self-signed (or should not be).  
> > It is what I received back from Entrust after submitting a CSR. It 
> > was already in use on Apache before I decided not to use Apache anymore.
> > It worked before on Apache. I shut down apache and was intending to 
> > use the cert on only Tomcat.
> 
> You can't easily import the certificate that was generated for Apache 
> into Tomcat -- you need to have the prvite key part in your keystore 
> and your private key is in your Apache.  There must be a way to get 
> the key from Apache and move it to Tomcat, but I'm not sure what it is.
> This might help:
> http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694
> 
> > 
> > 
> > Thanks,
> > -Mark
> >  
> > 
> > -----Original Message-----
> > From: Sasisekar S Sundaram [mailto:sekarmdu@louisiana.edu]
> > Sent: Thursday, March 31, 2005 2:43 PM
> > To: Tomcat Users List
> > Subject: Re: SSL configuration question
> > 
> > It shows both "issued to" and "issue by" because it is a self signed 
> > certificate. when you get you certificate authorized by some one 
> > like verisign, and then import that certificate into your keystore, 
> > you'll get "issued by" as that certifying authority's name.
> > ----- Original Message -----
> > From: "Faine, Mark" <Mark.R.Faine@msfc.nasa.gov>
> > To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
> > Sent: Thursday, March 31, 2005 1:13 PM
> > Subject: RE: SSL configuration question
> > 
> > 
> > > Thanks, I tried that before and got a permission error, but it 
> > > works
> now.
> > >
> > > -Mark
> > >
> > >
> > > -----Original Message-----
> > > From: Hein Behrens [mailto:info@curvaciones.com]
> > > Sent: Thursday, March 31, 2005 12:41 PM
> > > To: Tomcat Users List
> > > Subject: Re: SSL configuration question
> > >
> > > Answer to number 2 is edit your server.xml change 8443 to 443 in 
> > > the ssl section also check that the the normal port redirects to 443.
> > >
> > > Where you see 8443 change to 443.
> > >
> > > 2 changes in your server.xml.
> > >
> > >
> > > ----- Original Message -----
> > > From: "Faine, Mark" <Mark.R.Faine@msfc.nasa.gov>
> > > To: <tomcat-user@jakarta.apache.org>
> > > Sent: Thursday, March 31, 2005 7:44 PM
> > > Subject: SSL configuration question
> > >
> > >
> > > > Solaris 8, Tomcat 5.0.28
> > > >
> > > > I've configured my tomcat installation with my SSL key from 
> > > > Entrust
> and
> > it
> > > > is working (sort of).
> > > >
> > > > 1.  It is not correctly configured.  It shows my organization as 
> > > > both "issued to" and "issue by" when I view the certificate
information.
> > Could
> > > > someone explain what I have done wrong and how to correct it.
> > > >
> > > > 2.  It must be run on port 8443 because I need to run it as a 
> > > > user
> other
> > > > than root.  How can I bypass this limitation and run it on the
> standard
> > > 443
> > > > port?
> > > >
> > > > Thanks,
> > > > -Mark
> > > >
> > > > ----------------------------------------------------------------
> > > > ----- To unsubscribe, e-mail: 
> > > > tomcat-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail: 
> > > > tomcat-user-help@jakarta.apache.org
> > > >
> > > >
> > >
> > > ------------------------------------------------------------------
> > > --- To unsubscribe, e-mail: 
> > > tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: 
> > > tomcat-user-help@jakarta.apache.org
> > >
> > > ------------------------------------------------------------------
> > > --- To unsubscribe, e-mail: 
> > > tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: 
> > > tomcat-user-help@jakarta.apache.org
> > >
> > 
> > 
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > 
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message