tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhaval Patel <>
Subject Tomcat 5.5.12 + APR (Apache Portable Runtime) + SSL (OpenSSL) on Windows
Date Thu, 17 Nov 2005 17:36:44 GMT
Hello all,

I am trying to configure HTTPS with Tomcat 5.5.12 on Windows XP. I am using J2SE
1.5.0_05. I am a student and I dont have signed certificate. I tried two methods
which are mentioned on Tomcat documentation: 

(1) Using .keystore (generated by keytool)
    I followed the documentation
( Generted .keystore, put
it in C:\, configure web.xml and restart the tomcat.
    It works as the way it suppose to. When you goto https://localhost:8443, you
will get warning and it's working. 
    Btw in this way, I am note using APR (Apache Portable Runtime). When I use
those binray, I didnt get it to work. I put openssl.exe and tcnative-1.dll in my
bin directory which I downloaed from website which apache documentation
mentioned. I restarted the tomcat, I can see server status and things look fine
on regular HTTP. But HTTPs does not work. I get request timed out from browser
about https://localhost:8443 and it produces no error message.
   Then I read at some place that if you want APR you have do some extra
configuration, which I followed in part 2.

(2) Using OpenSSL.

   I installed OpenSSL. I read documentation about how to generate key and
certificate in OpenSSL howto. Then did following:

a) goto c:\Tomcat5.5\bin
b) openssl genrsa -des3 -out privkey.pem 2048 (generate key)
c) openssl req -new -key privkey.pem -out cert.csr (genrate certificate request)
d) openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 (create
self signed certificate)
e) followed APR config guide from tomcat 5.5 documentations. 
f) restart the tomcat.
g) same error as I get before. request time out and no error in logs.

    I dont know how to make it working. I would like to know more about it. APR
documentations says about APR Connectors configuration in which there are http,
https and etc. I believe that is <Connector port="8080" ... />, <Connector
port="8443" ... /> and etc. Am I right? If I am right, then sslProtocol entry in
two documentation (SSL and APR) are getting different entries (TLS vs. TLSv1). I
dont know how to do it.

    Does anyone know how to do it using real certificate (signed by Verisign or
something)? Does anyone know how to make it work with self signed certificate?

    Thank you in advance.


P.S. Forgive me for writing long, but I want to explain everything is full
details. Thanks.

Yahoo! FareChase: Search multiple travel sites in one click.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message