tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Eldenmalm <...@eldenmalm.com>
Subject Re: Tomcat 5.5.20 SSL "no errors" not working
Date Tue, 13 Feb 2007 05:49:17 GMT
Thank you Mark - that was it.

For others:

Swapping from java keystore to open ssl was a little tricky  (I ordered 
my certs from comodo for "tomcat" ...which is only correct if you don't 
use APR)  .... this information helped me alot:

Extracting the *private key*
    Download, compile & run ExportPriv
    <http://mark.foster.cc/pub/java/ExportPriv.java> crafted from Andrew
    Morrow's posting @
    http://forum.java.sun.com/thread.jsp?forum=2&thread=154587&message=449486
    <http://forum.java.sun.com/thread.jsp?forum=2&thread=154587&message=449486>.
    The key will be produced to STDOUT. I suggest you redirect > to
    exported.key

    |javac ExportPriv.java
    java ExportPriv <keystore> <alias> <password> > exported-pkcs8.key
|

    The private key is being exported as PKCS#8 PEM format. To get it
    into the RSA format that works with Apache (see below) you can issue
    the following command:
    |openssl pkcs8 -inform PEM -nocrypt -in exported-pkcs8.key -out
    exported.key |

javac compiles the java source code in |ExportPriv.java
the second line exports the private key.. into the pkcs8 format.... I 
then had a friend do the openssl conversion

in tomcat it is also worth noting that the configuration does not "use 
the implicit" catalina home - but requires full URIs ( c:/bla/bla/cert.crt )

after doing all these changes I had to restart the server twice for some 
reason before it stopped complaining about "multiple" socked bingings to 
the same IP/port combinations....

// Jan
|



Mark Thomas wrote:
> Jan Eldenmalm wrote:
>   
>> Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
>> INFO: Starting Coyote HTTP/1.1 on http-88.208.211.112-443
>>     
>
> You are using the APR connector. SSL is configured differently in this
> case. See http://tomcat.apache.org/tomcat-5.5-doc/apr.html for details.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>   

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message