tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Need some SSL Config help.
Date Sat, 25 Jul 2009 10:14:46 GMT
Josh Gooding wrote:
> One more thing.  Here is my server.xml information that is relative:
> 
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" SSLRandomSeed="builtin" />

Looks like you are trying to use the APR connector.

> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>         minSpareThreads="5" maxSpareThreads="75"
Neither of those two attributes are valid for Tomcat 6. Get rid of them.
 It looks like you have copied this from a previous Tomcat version. I'd
strongly suggest checking all of your configuration against the docs.

>         enableLookups="true" disableUploadTimeout="true"
>         acceptCount="100"  maxThreads="200"
>         scheme="https" secure="true"
>         keystoreFile="C:\Documents and Settings\Zeus\.keystore"
> keystorePass="likeIdpostit"
These are the JSSE SSL configuration attributes. You are trying to use
APR. That won't work. The docs could make this clearer. You want
http://tomcat.apache.org/tomcat-6.0-doc/apr.html

Mark

>         clientAuth="false" sslProtocol="TLS"/>
> 
> On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding <josh.gooding@gmail.com>wrote:
> 
>> Hello again.
>>
>> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1 db, I
>> need to clamp the server down tight using SSL.  I've already created my
>> keystore file and I am able to get the server to serve on port 443 (by going
>> to http://localhost:443).

That means your connector is not configured correctly as it is serving
http rather than https.


  I can get it to Subsequent attempts to serve as
>> https://localhost are proving not to be fruitful.
>>
>> I have a webserver (tomcat) that is in development status that I want to
>> clamp down.  I am using a realm to login using j_security_check to login to
>> the software.  Right now what I want to do is install the Apache webserver
>> and get it talking to tomcat (not hard).  I created my keystore file and I
>> know it works because I've tested it.  What I need to know are these things
>> (btw, if they are in the docs, please just say so and I'll look harder)
>>
>> If I want to use SSL for each person logging into the instance (which is
>> using Tomcat to serve) do I need to have SSL on both Apache webserver and
>> Tomcat, just the webserver, or just tomcat?
>>
>> Right now for example, if I go to http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D>I
get a simple login / pwd (using j_sec_chk).  I'm using a realm
>> configuration in my It's not using SSL.  Following Tomcat's instructions, I
>> have SSL configured on my test server, and it seems to run if I go to
>> http://test.com:443/index.jsp. I get the default tomcat page.  However if
>> I go to https://test.com/index.jsp, I get "cannot connect or website not
>> responding"  I can't remember which one.  Is this a simple configuration
>> thing or will this solve itself if I install the webserver and connect tc
>> and apache web?
>>
>> Second, since I am using j_security_check for login, are there native
>> classes in tomcat that will allow me to utilize j_sec_chk and SSL?  Is there
>> another method of logging in that I should use?  I can write my own custom
>> classes, but I am not really clear on if there is something better that is
>> native.  i'm looking at needing a 3 strikes and your locked out
>> functionality across SSL.  This is a simple yes there is a better way and
>> it's part of tomcat, or write your custom code.  I'm not looking for the
>> typical "please do it for me" requests that I normally see on dev / user
>> lists.
>>
>> Since each company has exactly ONE html page (which is only a welcome
>> page), I honestly don't see the need to install the webserver except the
>> fact that it is the right way of doing things.  Is my thinking off on this?
>>
>> For some reason, my brain is becoming like a sponge for tomcat
>> configuration.  So forgive me for asking a ton of questions.  I'm reading
>> both the tomcat documentation and an O'Reilly book on tomcat, and I want to
>> get good enough at this that I can configure it in any environment.  I
>> really enjoy tomcat and become knowledgeable enough that I don't fel like
>> such a newbie asking questions.  Any insight or direction would be greatly
>> appreciated.
>>
>> Warm regards,
>>
>> Josh
>>
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message