tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Gooding <josh.good...@gmail.com>
Subject Re: Need some SSL Config help.
Date Mon, 27 Jul 2009 04:08:08 GMT
Thanks all, I appreciate the input.  I used
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html to attempt to
configure SSL.  I'll read up on APR.

On Sat, Jul 25, 2009 at 6:14 AM, Mark Thomas <markt@apache.org> wrote:

> Josh Gooding wrote:
> > One more thing.  Here is my server.xml information that is relative:
> >
> > <Listener className="org.apache.catalina.core.AprLifecycleListener"
> > SSLEngine="on" SSLRandomSeed="builtin" />
>
> Looks like you are trying to use the APR connector.
>
> > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> >         minSpareThreads="5" maxSpareThreads="75"
> Neither of those two attributes are valid for Tomcat 6. Get rid of them.
>  It looks like you have copied this from a previous Tomcat version. I'd
> strongly suggest checking all of your configuration against the docs.
>
> >         enableLookups="true" disableUploadTimeout="true"
> >         acceptCount="100"  maxThreads="200"
> >         scheme="https" secure="true"
> >         keystoreFile="C:\Documents and Settings\Zeus\.keystore"
> > keystorePass="likeIdpostit"
> These are the JSSE SSL configuration attributes. You are trying to use
> APR. That won't work. The docs could make this clearer. You want
> http://tomcat.apache.org/tomcat-6.0-doc/apr.html
>
> Mark
>
> >         clientAuth="false" sslProtocol="TLS"/>
> >
> > On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding <josh.gooding@gmail.com
> >wrote:
> >
> >> Hello again.
> >>
> >> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1
> db, I
> >> need to clamp the server down tight using SSL.  I've already created my
> >> keystore file and I am able to get the server to serve on port 443 (by
> going
> >> to http://localhost:443).
>
> That means your connector is not configured correctly as it is serving
> http rather than https.
>
>
>  I can get it to Subsequent attempts to serve as
> >> https://localhost are proving not to be fruitful.
> >>
> >> I have a webserver (tomcat) that is in development status that I want to
> >> clamp down.  I am using a realm to login using j_security_check to login
> to
> >> the software.  Right now what I want to do is install the Apache
> webserver
> >> and get it talking to tomcat (not hard).  I created my keystore file and
> I
> >> know it works because I've tested it.  What I need to know are these
> things
> >> (btw, if they are in the docs, please just say so and I'll look harder)
> >>
> >> If I want to use SSL for each person logging into the instance (which is
> >> using Tomcat to serve) do I need to have SSL on both Apache webserver
> and
> >> Tomcat, just the webserver, or just tomcat?
> >>
> >> Right now for example, if I go to http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D>
> <http://server.com/%5Bcompanyid%5D>I get a simple login / pwd (using
> j_sec_chk).  I'm using a realm
> >> configuration in my It's not using SSL.  Following Tomcat's
> instructions, I
> >> have SSL configured on my test server, and it seems to run if I go to
> >> http://test.com:443/index.jsp. I get the default tomcat page.  However
> if
> >> I go to https://test.com/index.jsp, I get "cannot connect or website
> not
> >> responding"  I can't remember which one.  Is this a simple configuration
> >> thing or will this solve itself if I install the webserver and connect
> tc
> >> and apache web?
> >>
> >> Second, since I am using j_security_check for login, are there native
> >> classes in tomcat that will allow me to utilize j_sec_chk and SSL?  Is
> there
> >> another method of logging in that I should use?  I can write my own
> custom
> >> classes, but I am not really clear on if there is something better that
> is
> >> native.  i'm looking at needing a 3 strikes and your locked out
> >> functionality across SSL.  This is a simple yes there is a better way
> and
> >> it's part of tomcat, or write your custom code.  I'm not looking for the
> >> typical "please do it for me" requests that I normally see on dev / user
> >> lists.
> >>
> >> Since each company has exactly ONE html page (which is only a welcome
> >> page), I honestly don't see the need to install the webserver except the
> >> fact that it is the right way of doing things.  Is my thinking off on
> this?
> >>
> >> For some reason, my brain is becoming like a sponge for tomcat
> >> configuration.  So forgive me for asking a ton of questions.  I'm
> reading
> >> both the tomcat documentation and an O'Reilly book on tomcat, and I want
> to
> >> get good enough at this that I can configure it in any environment.  I
> >> really enjoy tomcat and become knowledgeable enough that I don't fel
> like
> >> such a newbie asking questions.  Any insight or direction would be
> greatly
> >> appreciated.
> >>
> >> Warm regards,
> >>
> >> Josh
> >>
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message