tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Purcell" <spurc...@vertisinc.com>
Subject RE: SSL Certificate Beginner Question
Date Wed, 30 Nov 2005 19:12:14 GMT
I did not include a security constraint.
Is this needed for SSL? I spend some time looking at this element, and I was under the impression
that it was for form authentication? 




-----Original Message-----
From: frankburns@the-hub.demon.co.uk
[mailto:frankburns@the-hub.demon.co.uk]
Sent: Wednesday, November 30, 2005 10:16 AM
To: Tomcat Users List
Subject: Re: SSL Certificate Beginner Question


Did you include a security contraint element in your web.xml file? Something like this:

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTTPS for all of these pages of the application.</web-resource-name>
      <url-pattern>/secure/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>


purcell5@charter.net wrote:
> Real helpful ... I searched on SRV.12 and it brought up a bunch of links
> that have nothing to do with Tomcat  config of SSL.
> I probably posted a lame request. Let me try again.
> I have purchased a certificate via Verisign, and I have installed the
> certificate into a keystore. I am running Windows XP and Tomcat 5.5.12.
> I put the keystore and Cert.cer in the Tomcat/bin directory for organiation.
> I read that the default is usually in the home directory where tomcat is
> installed on Unix. But that is another OS.
> I followed the docs here under Tomcat 5 SSL and ran across this:
> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
> 
> The final step is to configure your secure socket in the
> $CATALINA_HOME/conf/server.xml file, where $CATALINA_HOME represents the
> directory into which you installed Tomcat 5. An example <Connector> element
> for an SSL connector is included in the default server.xml file installed
> with Tomcat. It will look something like this:
> 
>      <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <!--
> <Connector
>            port="8443" minProcessors="5" maxProcessors="75"
>            enableLookups="true" disableUploadTimeout="true"
>            acceptCount="100" debug="0" scheme="https" secure="true";           clientAuth="false"
sslProtocol="TLS"/>
>            clientAuth="false" sslProtocol="TLS"/>
> -->
> 
> 
> Anyway I uncommented this snippet from my Tomcat server.xml file and
> restarted. But I cannot hit https://localhost:8443 like the read-me states.
> I have checked all $TOMCAT_HOME/logs and see nothing. It just hangs when
> trying to call it. I can hit http://localhost and all is happy. But the
> certificate states it is coming from a certain URL. So I am not sure how
> that all works.
> 
> I hope this may help someone feed me back some relevant information.
> Scott
> 
> ----- Original Message -----
> From: "Hassan Schroeder" <hassan@webtuitive.com>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Tuesday, November 29, 2005 9:37 PM
> Subject: Re: SSL Certificate Beginner Question
> 
> > Scott Purcell wrote:
> >
> > > How do I configure some of my pages to use https? I do not know
> > > where to begin on this?
> >
> > Begin with the Servlet Spec. -- SRV.12 (Security) would be apropos :-)
> >
> > HTH!
> > --
> > Hassan Schroeder ----------------------------- hassan@webtuitive.com
> > Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com
> >
> >                           dream.  code.
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message