Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 12204 invoked from network); 13 Feb 2007 05:49:58 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 Feb 2007 05:49:58 -0000 Received: (qmail 54021 invoked by uid 500); 13 Feb 2007 05:49:53 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 53998 invoked by uid 500); 13 Feb 2007 05:49:53 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 53987 invoked by uid 99); 13 Feb 2007 05:49:52 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Feb 2007 21:49:52 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [88.208.211.117] (HELO eldenmalm.com) (88.208.211.117) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Feb 2007 21:49:42 -0800 Received: from [83.146.14.88] (HELO [172.23.13.192]) by eldenmalm.com (CommuniGate Pro SMTP 5.1.5) with ESMTPS id 562895; Tue, 13 Feb 2007 05:49:08 +0000 Message-ID: <45D1515D.5070702@eldenmalm.com> Date: Tue, 13 Feb 2007 05:49:17 +0000 From: Jan Eldenmalm User-Agent: Thunderbird 2.0b2 (Windows/20070116) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Tomcat 5.5.20 SSL "no errors" not working References: <45D12CB4.9030301@eldenmalm.com> <45D13848.5010307@apache.org> In-Reply-To: <45D13848.5010307@apache.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Thank you Mark - that was it. For others: Swapping from java keystore to open ssl was a little tricky (I ordered my certs from comodo for "tomcat" ...which is only correct if you don't use APR) .... this information helped me alot: Extracting the *private key* Download, compile & run ExportPriv crafted from Andrew Morrow's posting @ http://forum.java.sun.com/thread.jsp?forum=2&thread=154587&message=449486 . The key will be produced to STDOUT. I suggest you redirect > to exported.key |javac ExportPriv.java java ExportPriv > exported-pkcs8.key | The private key is being exported as PKCS#8 PEM format. To get it into the RSA format that works with Apache (see below) you can issue the following command: |openssl pkcs8 -inform PEM -nocrypt -in exported-pkcs8.key -out exported.key | javac compiles the java source code in |ExportPriv.java the second line exports the private key.. into the pkcs8 format.... I then had a friend do the openssl conversion in tomcat it is also worth noting that the configuration does not "use the implicit" catalina home - but requires full URIs ( c:/bla/bla/cert.crt ) after doing all these changes I had to restart the server twice for some reason before it stopped complaining about "multiple" socked bingings to the same IP/port combinations.... // Jan | Mark Thomas wrote: > Jan Eldenmalm wrote: > >> Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start >> INFO: Starting Coyote HTTP/1.1 on http-88.208.211.112-443 >> > > You are using the APR connector. SSL is configured differently in this > case. See http://tomcat.apache.org/tomcat-5.5-doc/apr.html for details. > > Mark > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org