Return-Path: 
 <users-return-136468-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 84442 invoked from network); 30 Nov 2005 04:25:40 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 30 Nov 2005 04:25:40 -0000
Received: (qmail 9092 invoked by uid 500); 30 Nov 2005 04:25:28 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 8817 invoked by uid 500); 30 Nov 2005 04:25:26 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 8805 invoked by uid 99); 30 Nov 2005 04:25:26 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Nov 2005 20:25:26 -0800
X-ASF-Spam-Status: No, hits=0.5 required=10.0
	tests=DNS_FROM_RFC_ABUSE,SPF_HELO_PASS
X-Spam-Check-By: apache.org
Received-SPF: neutral (asf.osuosl.org: local policy)
Received: from [63.251.168.97] (HELO mail2.yozons.com) (63.251.168.97)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Nov 2005 20:26:55 -0800
Received: from [192.168.1.46] (pool-71-112-94-208.sttlwa.dsl-w.verizon.net
 [71.112.94.208])
	(authenticated bits=0)
	by mail2.yozons.com (8.12.10/8.12.10) with ESMTP id jAU4P2Nv029035
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <users@tomcat.apache.org>; Tue, 29 Nov 2005 20:25:03 -0800
Message-ID: <438D29A6.2020303@computer.org>
Date: Tue, 29 Nov 2005 20:25:10 -0800
From: David Wall <d.wall@computer.org>
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: SSL Certificate Beginner Question
References: <032b01c5f557$914698d0$0501a8c0@office>
 <438D1E5C.8010504@webtuitive.com> <033a01c5f560$9a09db90$0501a8c0@office>
In-Reply-To: <033a01c5f560$9a09db90$0501a8c0@office>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N


>     <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
><!--
><Connector
>           port="8443" minProcessors="5" maxProcessors="75"
>           enableLookups="true" disableUploadTimeout="true"
>           acceptCount="100" debug="0" scheme="https" secure="true";
>           clientAuth="false" sslProtocol="TLS"/>
>-->
>  
>
You probably want to add the following attributes to the Connector above:

keystoreFile="keys/tomcatkeys" keystorePass="123"

Obviously, make the keystoreFile point to the name of the Java keystore 
that you put your certificate inside, along with the password for that 
keystore.  I believe the base is $CATALINA_HOME if you use a relative 
pathname like above.

You'll also need to update your webapp's web.xml file with something 
like (that is, if you want Tomcat to enforce SSL on your webapp):

(after any servlet-mapping XML elements, before the session-config 
and/or welcome-file-list XML elements of web-app element in WEB-INF/web.xml)

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Entire site</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
  </web-resource-collection>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>



Hope that helps...

David

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org