tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Purcell" <purce...@charter.net>
Subject Re: SSL Certificate Beginner Question
Date Wed, 30 Nov 2005 04:28:37 GMT
Yes Thanks David,

I did add the "keystoreFile=XXX" and "keystorePass="xxx". But it still
hangs. Since I was on Windows I used a full path to the file.  I forgot
about the <security constraint element. Thanks I will give that a try and
post back.

Do I need the <security element if I just try https://localhost:8443? Just
curious. I know when I asked for the cert, Verisign asked me for my dns
name, so maybe the simple localhost will not work and only the dns entry
will work. ...

Thanks much for your time.

Scott


----- Original Message -----
From: "David Wall" <d.wall@computer.org>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, November 29, 2005 10:25 PM
Subject: Re: SSL Certificate Beginner Question


>
> >     <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
> ><!--
> ><Connector
> >           port="8443" minProcessors="5" maxProcessors="75"
> >           enableLookups="true" disableUploadTimeout="true"
> >           acceptCount="100" debug="0" scheme="https" secure="true";
> >           clientAuth="false" sslProtocol="TLS"/>
> >-->
> >
> >
> You probably want to add the following attributes to the Connector above:
>
> keystoreFile="keys/tomcatkeys" keystorePass="123"
>
> Obviously, make the keystoreFile point to the name of the Java keystore
> that you put your certificate inside, along with the password for that
> keystore.  I believe the base is $CATALINA_HOME if you use a relative
> pathname like above.
>
> You'll also need to update your webapp's web.xml file with something
> like (that is, if you want Tomcat to enforce SSL on your webapp):
>
> (after any servlet-mapping XML elements, before the session-config
> and/or welcome-file-list XML elements of web-app element in
WEB-INF/web.xml)
>
> <security-constraint>
>   <web-resource-collection>
>     <web-resource-name>Entire site</web-resource-name>
>     <url-pattern>/*</url-pattern>
>     <http-method>GET</http-method>
>     <http-method>POST</http-method>
>   </web-resource-collection>
>   <user-data-constraint>
>     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>   </user-data-constraint>
> </security-constraint>
>
>
>
> Hope that helps...
>
> David
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message