tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhaval Patel <dhava...@yahoo.com>
Subject Re: Tomcat 5.5.12- APR Connector - SSL configuration
Date Wed, 30 Nov 2005 21:22:33 GMT
Hi Nate,

  Welcome aboard. I am waiting for the answer of this problem since a long time.
I have searched this mailing list but no body answered it correctly. You can
search on the list archive of Nov. 2005, you will find my messages. I have
searched on google about it, but could not find anything. I found that tomcat
documentation is the only (and insuffiecient) source of this. 

  You are third person that has this problem. Looks like there is bug. Hope we
will get solution.

Regards.
D

--- Nate Rock <nrock@infinitecampus.com> wrote:

> Someone may have already posted this, but since I just joined the
> mailing list, I figured it might help someone else if it hasn't already
> been sent.
> 
> I am having trouble getting an HTTPS connection to my tomcat server
> using the native APR connector under Tomcat 5.5.12. 
> 
> I am familiar with how to set up HTTPS connectors in 5.0.28 so I figured
> it would be easy to set up in 5.5.12 using the APR connector, but I
> think I am just missing something simple.
> 
> Under Tomcat 5.0.28 here is what we were using:
> 
> <Connector 	port="443" 
> 		maxHttpHeaderSize="8192"
> 		maxThreads="150" 
> 		minSpareThreads="25" 
> 		maxSpareThreads="75"
> 		enableLookups="false" 
> 		disableUploadTimeout="true"
> 		acceptCount="100" 
> 		scheme="https" 
> 		secure="true"
> 		clientAuth="false"
> 		sslProtocol="SSL" 
> 		keystoreFile="c:\certs\server\server.p12" 
> 		keystorePass="serverPassword" 
> 		keystoreType="PKCS12"
> 		/>
> 
> After reading the docs located at 
> 
> http://tomcat.apache.org/tomcat-5.5-doc/apr.html
> 
> I took a stab at using the existing server.p12 file and exported the
> certificate in PEM encoding using Keystore Explorer 2.0 and saved it to
> c:\certs\server\server.cer
> 
> When opening it in a text editor, I get the following which looks
> correct.
> 
> -----BEGIN CERTIFICATE-----
> MIICqzCCAhSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBgTEZMBcGA1UEAxMQcm9j
> a2hvd3NlLmljLm9yZzEYMBYGA1UEChMPSW5maW5pdGUgQ2FtcHVzMRMwEQYDVQQL
> EwpIb3N0aW5nIENBMRQwEgYDVQQHEwtBcmRlbiBIaWxsczESMBAGA1UECBMJTWlu
> bmVzb3RhMQswCQYDVQQGEwJVUzAeFw0wNTExMjkyMTQ1MTVaFw0wNjExMjQyMTQ1
> MTVaMIGDMRkwFwYDVQQDExByb2NraG93c2UuaWMub3JnMRgwFgYDVQQKEw9JbmZp
> bml0ZSBDYW1wdXMxFTATBgNVBAsTDFNpdGUgTWFuYWdlcjEUMBIGA1UEBxMLQXJk
> ZW4gSGlsbHMxEjAQBgNVBAgTCU1pbm5lc290YTELMAkGA1UEBhMCVVMwgZ8wDQYJ
> KoZIhvcNAQEBBQADgY0AMIGJAoGBAKhU44dOUQAaHPokbNbcoFvQpleL4zCJ6xKH
> C3nP0bQzB9XoXHNp/ec4EKOGhwfITbo8eEhAdXrAZNNEcH0BQYtd7QaT1GMqyJrV
> bQbcNBBqJnu9N4l8jAfclKp+6kMy2V4i6PIJB2E1zxTgS9ourhg36NGc1RCbUazz
> 0ussu8nbAgMBAAGjLzAtMAwGA1UdEwQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUH
> AwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBAUAA4GBAIGX1f3uCQgIpqa+rVJgZ2se
> FRRTPbZ576jpTqJtPlAARPCqBw2uM5tG36FV+dW9kVeWG3Y1GafLgpFUD5j/nl2p
> p47mUjYhQFqEzOkoW3WuNspKuDkd5TACn721vECdaUVTUEmpJ5XBb9Q710chv9ZO
> v6h8ZTNOoU2cvqJV3MhC
> -----END CERTIFICATE-----
> 
> I then added the following connector to my server.xml
> 
> <Connector port="443" 
> 		maxHttpHeaderSize="8192"
> 		maxThreads="150" 
> 		minSpareThreads="25" 
> 		maxSpareThreads="75"
> 		enableLookups="false" 
> 		disableUploadTimeout="true"
> 		acceptCount="100" 
> 		SSLCertificateFile="c:\certs\server\server.cer"
> 		/>
> 
> But when I try to connect to the server using https://server/ the
> browser times out and I get a page cannot be found error.
> 
> Thinking that it needed the private key as well I exported the primary
> key in PEM format and saved it to c:\certs\server\server.pem
> 
> When I open it in a text editor, I get the following which also looks
> correct
> 
> -----BEGIN PRIVATE KEY-----
> MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKhU44dOUQAaHPok
> bNbcoFvQpleL4zCJ6xKHC3nP0bQzB9XoXHNp/ec4EKOGhwfITbo8eEhAdXrAZNNE
> cH0BQYtd7QaT1GMqyJrVbQbcNBBqJnu9N4l8jAfclKp+6kMy2V4i6PIJB2E1zxTg
> S9ourhg36NGc1RCbUazz0ussu8nbAgMBAAECgYB5M8YwIn/IJwU+RwPnISyFb5KV
> 7q9Cv8t2p63no29G5Id7ybbnkyWyWngAhlirjdoJgojI3UC5hdYTGHA2UbUyzRe6
> Fm5y26opOBYYfyLwu3hvVjYoIyhTX+QNfCRFcKNrIBKecmGmh+YIZwGGlru/1zHn
> fp4YmVodfJqEARRfIQJBANESeiK95X1EBXEwNIah3KuxvdJlMNc4oMLuCdLuGm7I
> 9ViBYI+3giiFKZjGvtwfeNHWyiU5s4PnnAOd48pJdHcCQQDOHWl+CkQ/OxRTrxI8
> P+++Ucn35h/TsnVmTMfGYoiGYwYvx46rSZ3a++0TKwUDVn3KXEBzIMKslw61yiEU
> fyK9AkEAwZf3amYms3iiBW5apPQKjx21pLW4pQG1suqSRDPgXAdPUBX04P9O0dCE
> dQhLwS6PRNc8NX4ZoSF9EMhKHo0n/wJAcYnII7L6Fy6vKs3kqKW7pcYeEF2GqLHE
> c97VqVV7yTNhJA60a2x49TkTRhzLfSQ21LLumbyxICtx4ff/MvA5rQJAYOc1Dqmp
> kSl7vTrSeUuO4yRPi/R7ALRs6dqQQTtQ9egC1F+3sgIWb6rdJOBsdtEeFx0AGgfF
> +p3VdiyrJl2h5Q==
> -----END PRIVATE KEY-----
> 
> I then modified the following connector in my server.xml
> 
> <Connector port="443" 
> 		maxHttpHeaderSize="8192"
> 		maxThreads="150" 
> 		minSpareThreads="25" 
> 		maxSpareThreads="75"
> 		enableLookups="false" 
> 		disableUploadTimeout="true"
> 		acceptCount="100" 
> 		SSLCertificateFile="c:\certs\server\server.cer"
> 		SSLCertificateKeyFile="c:\certs\server\serverKey.key"
> 		SSLPassword="serverPassword"
> 		/>
> 
> I also tried putting a few of the other attributes in that are SSL
> specific but it's still a no-go:
> 
> <Connector port="443" 
> 		maxHttpHeaderSize="8192"
> 		maxThreads="150" 
> 		minSpareThreads="25" 
> 		maxSpareThreads="75"
> 		enableLookups="false" 
> 		disableUploadTimeout="true"
> 		acceptCount="100" 
> 		scheme="https" 
> 		secure="true"
> 		SSLCertificateFile="c:\certs\server\server.cer"
> 		SSLCertificateKeyFile="c:\certs\server\serverKey.key"
> 		SSLPassword="serverPassword"
> 		/>
> 
> And
> 
> <Connector port="443" 
> 		maxHttpHeaderSize="8192"
> 		maxThreads="150" 
> 		minSpareThreads="25" 
> 		maxSpareThreads="75"
> 		enableLookups="false" 
> 		disableUploadTimeout="true"
> 		acceptCount="100" 
> 		secure="true"
> 		SSLCertificateFile="c:\certs\server\server.cer"
> 		SSLCertificateKeyFile="c:\certs\server\serverKey.key"
> 		SSLPassword="serverPassword"
> 		/>
> 
> And
> 
> <Connector port="443" 
> 		maxHttpHeaderSize="8192"
> 		maxThreads="150" 
> 		minSpareThreads="25" 
> 		maxSpareThreads="75"
> 		enableLookups="false" 
> 		disableUploadTimeout="true"
> 		acceptCount="100" 
> 		scheme="https" 
> 		SSLCertificateFile="c:\certs\server\server.cer"
> 		SSLCertificateKeyFile="c:\certs\server\serverKey.key"
> 		SSLPassword="serverPassword"
> 		/>
> 
> All to no avail =(
> 
> I figure someone has gotten this working =D any assistance would be
> muchly appreciated!!!
> 
> *Note* the PEM encoding above is valid as is the password for the
> private key. This information isn't being used in production and is a
> certificate I generated for testing purposes so feel free to use it to
> test anything out.
> 
>    -rOcK
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 



		
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message