tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <>
Subject Re: SSL problem with Tomcat 5.5
Date Tue, 27 Nov 2007 05:29:20 GMT
In my case, apache is in the front as a load balancer (JK module). I read an instruction that
says SSL is only needed between client and Apache, but SSL is not configured between apache
and tomcat. I am using JBOSS 4.2.2.
  In my environment, the security between apache and tomcat is a concern. How to configure
SSL all the way between client --> Apache --> Tomcat?

Schadler Johann <> wrote:
  To ensure you have a valid keystore with the included private key and a 
refer to an alias 'tomcat' I recommend strongly to create a new keystore as 
described in the reference (see links in other answer mails). At least you 
can create a self-signed certificate if you don't need one signed by a 
trusted CA.

To check if SSL is running you can test it from a Linux or Unix box with 
installed OpenSSL with the following command:

echo -e "GET /jsp-examples/index.jsp HTTP/1.0\r\n\r\n"|openssl 
s_client -connect localhost:8443 -ssl3 -debug -quiet

Replace URI-context and welcome file, replace hostname and port if 
neccessary, change SSL mode to ssl2 or tsl as needed


----- Original Message ----- 
From: "Bob Grabbe" 
To: "'Tomcat Users List'" 
Sent: Monday, November 26, 2007 10:48 PM
Subject: RE: SSL problem with Tomcat 5.5

> OK, I've attached a new file with the startup. Unfortunately I'm not 
> seeing
> anything in any logs that indicate any https requests.
> Just in case, what's the command to generate a new empty keystore file ?
> I've seen the notes on the tomcat docs for creating the csr, but I didn't 
> do
> that this time. I might try it though, if I can get godaddy to go through
> the process with me again,
> Thanks
> Bob Grabbe
> University of Michigan
> _________________________________________________________________________
> "Research is the process of going up alleys to see if they are blind." --
> Marston Bates
>> -----Original Message-----
>> From: Hassan Schroeder []
>> Sent: Monday, November 26, 2007 4:09 PM
>> To: Tomcat Users List
>> Subject: Re: SSL problem with Tomcat 5.5
>> What would be best would be catalina.log at startup, showing
>> whether the SSL connector started cleanly.
>> And of course, any log entry relating specifically to an HTTPS
>> request.
>> > I didn't generate a new csr, I figured renewing the cert shouldn't
>> need
>> > that. Do I need to go through that or should I be able to just renew
>> it ?
>> Dunno about GoDaddy, but when I "renew" a Thawte cert for one of
>> my sites, I have to generate a new cert request. So I just create a new
>> keystore file, named something like, and
>> use that for the new cert.
>> HTH!
>> --
>> Hassan Schroeder ------------------------
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail:
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:


> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail: 

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

Get easy, one-click access to your favorites.  Make Yahoo! your homepage.
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message