Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 19955 invoked from network); 30 Nov 2005 05:50:07 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 30 Nov 2005 05:50:07 -0000 Received: (qmail 1033 invoked by uid 500); 30 Nov 2005 05:49:53 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 1014 invoked by uid 500); 30 Nov 2005 05:49:53 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 1001 invoked by uid 99); 30 Nov 2005 05:49:53 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Nov 2005 21:49:53 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of jak-tomcat-user@m.gmane.org designates 80.91.229.2 as permitted sender) Received: from [80.91.229.2] (HELO ciao.gmane.org) (80.91.229.2) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Nov 2005 21:51:22 -0800 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1EhKmg-0000Yj-9v for users@tomcat.apache.org; Wed, 30 Nov 2005 06:45:38 +0100 Received: from pool-71-107-255-202.lsanca.dsl-w.verizon.net ([71.107.255.202]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 30 Nov 2005 06:45:37 +0100 Received: from wbarker by pool-71-107-255-202.lsanca.dsl-w.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 30 Nov 2005 06:45:37 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: users@tomcat.apache.org From: "Bill Barker" Subject: Re: SSL Certificate Beginner Question Date: Tue, 29 Nov 2005 21:42:53 -0800 Lines: 100 Message-ID: References: <032b01c5f557$914698d0$0501a8c0@office> <438D1E5C.8010504@webtuitive.com> <033a01c5f560$9a09db90$0501a8c0@office> X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: pool-71-107-255-202.lsanca.dsl-w.verizon.net X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Sender: news X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N "Scott Purcell" wrote in message news:033a01c5f560$9a09db90$0501a8c0@office... > Real helpful ... I searched on SRV.12 and it brought up a bunch of links > that have nothing to do with Tomcat config of SSL. > > I probably posted a lame request. Let me try again. > > I have purchased a certificate via Verisign, and I have installed the > certificate into a keystore. I am running Windows XP and Tomcat 5.5.12. > I put the keystore and Cert.cer in the Tomcat/bin directory for > organiation. > I read that the default is usually in the home directory where tomcat is > installed on Unix. But that is another OS. > > I followed the docs here under Tomcat 5 SSL and ran across this: > http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html > There are two likely problems, but I don't know which one applies to you. 1) Since you are using 5.5.12, if you installed the libtcnative.dll with Tomcat, then you need to configure SSL via http://tomcat.apache.org/tomcat-5.5-doc/apr.html. In particular, you need to extract the private-key into an OpenSSL format. Alternatively, you can rename the dll for now, and work on just getting the Java Connector working. 2) You imported your cert into a different keystore file than the one that use used to generate the CSR. Import the cert into the original one and you will be fine. If you used OpenSSL to generate the CSR, than the easiest is to convert to a pkcs12 keystore as described above. Alternatively, you can try using http://www.comu.de/docs/tomcat_ssl.htm. > > The final step is to configure your secure socket in the > $CATALINA_HOME/conf/server.xml file, where $CATALINA_HOME represents the > directory into which you installed Tomcat 5. An example > element > for an SSL connector is included in the default server.xml file installed > with Tomcat. It will look something like this: > > > <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> > > > > > > > Anyway I uncommented this snippet from my Tomcat server.xml file and > restarted. But I cannot hit https://localhost:8443 like the read-me > states. > > I have checked all $TOMCAT_HOME/logs and see nothing. It just hangs when > trying to call it. I can hit http://localhost and all is happy. But the > certificate states it is coming from a certain URL. So I am not sure how > that all works. > > > I hope this may help someone feed me back some relevant information. > > Scott > > > ----- Original Message ----- > From: "Hassan Schroeder" > To: "Tomcat Users List" > Sent: Tuesday, November 29, 2005 9:37 PM > Subject: Re: SSL Certificate Beginner Question > > >> Scott Purcell wrote: >> >> > How do I configure some of my pages to use https? I do not know >> > where to begin on this? >> >> Begin with the Servlet Spec. -- SRV.12 (Security) would be apropos :-) >> >> HTH! >> -- >> Hassan Schroeder ----------------------------- hassan@webtuitive.com >> Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com >> >> dream. code. >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org