tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: SSL Certificate Beginner Question
Date Wed, 30 Nov 2005 05:42:53 GMT

"Scott Purcell" <purcell5@charter.net> wrote in message 
news:033a01c5f560$9a09db90$0501a8c0@office...
> Real helpful ... I searched on SRV.12 and it brought up a bunch of links
> that have nothing to do with Tomcat  config of SSL.
>
> I probably posted a lame request. Let me try again.
>
> I have purchased a certificate via Verisign, and I have installed the
> certificate into a keystore. I am running Windows XP and Tomcat 5.5.12.
> I put the keystore and Cert.cer in the Tomcat/bin directory for 
> organiation.
> I read that the default is usually in the home directory where tomcat is
> installed on Unix. But that is another OS.
>
> I followed the docs here under Tomcat 5 SSL and ran across this:
> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
>

There are two likely problems, but I don't know which one applies to you.

1) Since you are using 5.5.12, if you installed the libtcnative.dll with 
Tomcat, then you need to configure SSL via 
http://tomcat.apache.org/tomcat-5.5-doc/apr.html.  In particular, you need 
to extract the private-key into an OpenSSL format.  Alternatively, you can 
rename the dll for now, and work on just getting the Java Connector working.

2) You imported your cert into a different keystore file than the one that 
use used to generate the CSR.  Import the cert into the original one and you 
will be fine.  If you used OpenSSL to generate the CSR, than the easiest is 
to convert to a pkcs12 keystore as described above.  Alternatively, you can 
try using http://www.comu.de/docs/tomcat_ssl.htm.

>
> The final step is to configure your secure socket in the
> $CATALINA_HOME/conf/server.xml file, where $CATALINA_HOME represents the
> directory into which you installed Tomcat 5. An example <Connector> 
> element
> for an SSL connector is included in the default server.xml file installed
> with Tomcat. It will look something like this:
>
>
>     <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <!--
> <Connector
>           port="8443" minProcessors="5" maxProcessors="75"
>           enableLookups="true" disableUploadTimeout="true"
>           acceptCount="100" debug="0" scheme="https" secure="true";
>           clientAuth="false" sslProtocol="TLS"/>
> -->
>
>
>
>
>
> Anyway I uncommented this snippet from my Tomcat server.xml file and
> restarted. But I cannot hit https://localhost:8443 like the read-me 
> states.
>
> I have checked all $TOMCAT_HOME/logs and see nothing. It just hangs when
> trying to call it. I can hit http://localhost and all is happy. But the
> certificate states it is coming from a certain URL. So I am not sure how
> that all works.
>
>
> I hope this may help someone feed me back some relevant information.
>
> Scott
>
>
> ----- Original Message -----
> From: "Hassan Schroeder" <hassan@webtuitive.com>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Tuesday, November 29, 2005 9:37 PM
> Subject: Re: SSL Certificate Beginner Question
>
>
>> Scott Purcell wrote:
>>
>> > How do I configure some of my pages to use https? I do not know
>> > where to begin on this?
>>
>> Begin with the Servlet Spec. -- SRV.12 (Security) would be apropos :-)
>>
>> HTH!
>> --
>> Hassan Schroeder ----------------------------- hassan@webtuitive.com
>> Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com
>>
>>                           dream.  code.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message