Thanks all, I appreciate the input. I used
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html to attempt to
configure SSL. I'll read up on APR.
On Sat, Jul 25, 2009 at 6:14 AM, Mark Thomas <markt@apache.org> wrote:
> Josh Gooding wrote:
> > One more thing. Here is my server.xml information that is relative:
> >
> > <Listener className="org.apache.catalina.core.AprLifecycleListener"
> > SSLEngine="on" SSLRandomSeed="builtin" />
>
> Looks like you are trying to use the APR connector.
>
> > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> > minSpareThreads="5" maxSpareThreads="75"
> Neither of those two attributes are valid for Tomcat 6. Get rid of them.
> It looks like you have copied this from a previous Tomcat version. I'd
> strongly suggest checking all of your configuration against the docs.
>
> > enableLookups="true" disableUploadTimeout="true"
> > acceptCount="100" maxThreads="200"
> > scheme="https" secure="true"
> > keystoreFile="C:\Documents and Settings\Zeus\.keystore"
> > keystorePass="likeIdpostit"
> These are the JSSE SSL configuration attributes. You are trying to use
> APR. That won't work. The docs could make this clearer. You want
> http://tomcat.apache.org/tomcat-6.0-doc/apr.html
>
> Mark
>
> > clientAuth="false" sslProtocol="TLS"/>
> >
> > On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding <josh.gooding@gmail.com
> >wrote:
> >
> >> Hello again.
> >>
> >> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1
> db, I
> >> need to clamp the server down tight using SSL. I've already created my
> >> keystore file and I am able to get the server to serve on port 443 (by
> going
> >> to http://localhost:443).
>
> That means your connector is not configured correctly as it is serving
> http rather than https.
>
>
> I can get it to Subsequent attempts to serve as
> >> https://localhost are proving not to be fruitful.
> >>
> >> I have a webserver (tomcat) that is in development status that I want to
> >> clamp down. I am using a realm to login using j_security_check to login
> to
> >> the software. Right now what I want to do is install the Apache
> webserver
> >> and get it talking to tomcat (not hard). I created my keystore file and
> I
> >> know it works because I've tested it. What I need to know are these
> things
> >> (btw, if they are in the docs, please just say so and I'll look harder)
> >>
> >> If I want to use SSL for each person logging into the instance (which is
> >> using Tomcat to serve) do I need to have SSL on both Apache webserver
> and
> >> Tomcat, just the webserver, or just tomcat?
> >>
> >> Right now for example, if I go to http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D>
> <http://server.com/%5Bcompanyid%5D>I get a simple login / pwd (using
> j_sec_chk). I'm using a realm
> >> configuration in my It's not using SSL. Following Tomcat's
> instructions, I
> >> have SSL configured on my test server, and it seems to run if I go to
> >> http://test.com:443/index.jsp. I get the default tomcat page. However
> if
> >> I go to https://test.com/index.jsp, I get "cannot connect or website
> not
> >> responding" I can't remember which one. Is this a simple configuration
> >> thing or will this solve itself if I install the webserver and connect
> tc
> >> and apache web?
> >>
> >> Second, since I am using j_security_check for login, are there native
> >> classes in tomcat that will allow me to utilize j_sec_chk and SSL? Is
> there
> >> another method of logging in that I should use? I can write my own
> custom
> >> classes, but I am not really clear on if there is something better that
> is
> >> native. i'm looking at needing a 3 strikes and your locked out
> >> functionality across SSL. This is a simple yes there is a better way
> and
> >> it's part of tomcat, or write your custom code. I'm not looking for the
> >> typical "please do it for me" requests that I normally see on dev / user
> >> lists.
> >>
> >> Since each company has exactly ONE html page (which is only a welcome
> >> page), I honestly don't see the need to install the webserver except the
> >> fact that it is the right way of doing things. Is my thinking off on
> this?
> >>
> >> For some reason, my brain is becoming like a sponge for tomcat
> >> configuration. So forgive me for asking a ton of questions. I'm
> reading
> >> both the tomcat documentation and an O'Reilly book on tomcat, and I want
> to
> >> get good enough at this that I can configure it in any environment. I
> >> really enjoy tomcat and become knowledgeable enough that I don't fel
> like
> >> such a newbie asking questions. Any insight or direction would be
> greatly
> >> appreciated.
> >>
> >> Warm regards,
> >>
> >> Josh
> >>
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
|