tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Gooding <josh.good...@gmail.com>
Subject Re: Need some SSL Config help.
Date Mon, 27 Jul 2009 16:02:46 GMT
Just an update.  I decided to change up what I was doing.  Instead of
starting with SSL on tomcat, I ported Apache and Tomcat to work together on
my local test server.  Now I am going to do the APR.  Do I need to configure
SSL on both Apache and Tomcat or just Tomcat?

On Mon, Jul 27, 2009 at 12:08 AM, Josh Gooding <josh.gooding@gmail.com>wrote:

> Thanks all, I appreciate the input.  I used
> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html to attempt to
> configure SSL.  I'll read up on APR.
>
> On Sat, Jul 25, 2009 at 6:14 AM, Mark Thomas <markt@apache.org> wrote:
>
>> Josh Gooding wrote:
>> > One more thing.  Here is my server.xml information that is relative:
>> >
>> > <Listener className="org.apache.catalina.core.AprLifecycleListener"
>> > SSLEngine="on" SSLRandomSeed="builtin" />
>>
>> Looks like you are trying to use the APR connector.
>>
>> > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> >         minSpareThreads="5" maxSpareThreads="75"
>> Neither of those two attributes are valid for Tomcat 6. Get rid of them.
>>  It looks like you have copied this from a previous Tomcat version. I'd
>> strongly suggest checking all of your configuration against the docs.
>>
>> >         enableLookups="true" disableUploadTimeout="true"
>> >         acceptCount="100"  maxThreads="200"
>> >         scheme="https" secure="true"
>> >         keystoreFile="C:\Documents and Settings\Zeus\.keystore"
>> > keystorePass="likeIdpostit"
>> These are the JSSE SSL configuration attributes. You are trying to use
>> APR. That won't work. The docs could make this clearer. You want
>> http://tomcat.apache.org/tomcat-6.0-doc/apr.html
>>
>> Mark
>>
>> >         clientAuth="false" sslProtocol="TLS"/>
>> >
>> > On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding <josh.gooding@gmail.com
>> >wrote:
>> >
>> >> Hello again.
>> >>
>> >> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1
>> db, I
>> >> need to clamp the server down tight using SSL.  I've already created my
>> >> keystore file and I am able to get the server to serve on port 443 (by
>> going
>> >> to http://localhost:443).
>>
>> That means your connector is not configured correctly as it is serving
>> http rather than https.
>>
>>
>>  I can get it to Subsequent attempts to serve as
>> >> https://localhost are proving not to be fruitful.
>> >>
>> >> I have a webserver (tomcat) that is in development status that I want
>> to
>> >> clamp down.  I am using a realm to login using j_security_check to
>> login to
>> >> the software.  Right now what I want to do is install the Apache
>> webserver
>> >> and get it talking to tomcat (not hard).  I created my keystore file
>> and I
>> >> know it works because I've tested it.  What I need to know are these
>> things
>> >> (btw, if they are in the docs, please just say so and I'll look harder)
>> >>
>> >> If I want to use SSL for each person logging into the instance (which
>> is
>> >> using Tomcat to serve) do I need to have SSL on both Apache webserver
>> and
>> >> Tomcat, just the webserver, or just tomcat?
>> >>
>> >> Right now for example, if I go to http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D>
>> <http://server.com/%5Bcompanyid%5D>I get a simple login / pwd (using
>> j_sec_chk).  I'm using a realm
>> >> configuration in my It's not using SSL.  Following Tomcat's
>> instructions, I
>> >> have SSL configured on my test server, and it seems to run if I go to
>> >> http://test.com:443/index.jsp. I get the default tomcat page.  However
>> if
>> >> I go to https://test.com/index.jsp, I get "cannot connect or website
>> not
>> >> responding"  I can't remember which one.  Is this a simple
>> configuration
>> >> thing or will this solve itself if I install the webserver and connect
>> tc
>> >> and apache web?
>> >>
>> >> Second, since I am using j_security_check for login, are there native
>> >> classes in tomcat that will allow me to utilize j_sec_chk and SSL?  Is
>> there
>> >> another method of logging in that I should use?  I can write my own
>> custom
>> >> classes, but I am not really clear on if there is something better that
>> is
>> >> native.  i'm looking at needing a 3 strikes and your locked out
>> >> functionality across SSL.  This is a simple yes there is a better way
>> and
>> >> it's part of tomcat, or write your custom code.  I'm not looking for
>> the
>> >> typical "please do it for me" requests that I normally see on dev /
>> user
>> >> lists.
>> >>
>> >> Since each company has exactly ONE html page (which is only a welcome
>> >> page), I honestly don't see the need to install the webserver except
>> the
>> >> fact that it is the right way of doing things.  Is my thinking off on
>> this?
>> >>
>> >> For some reason, my brain is becoming like a sponge for tomcat
>> >> configuration.  So forgive me for asking a ton of questions.  I'm
>> reading
>> >> both the tomcat documentation and an O'Reilly book on tomcat, and I
>> want to
>> >> get good enough at this that I can configure it in any environment.  I
>> >> really enjoy tomcat and become knowledgeable enough that I don't fel
>> like
>> >> such a newbie asking questions.  Any insight or direction would be
>> greatly
>> >> appreciated.
>> >>
>> >> Warm regards,
>> >>
>> >> Josh
>> >>
>> >
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message