tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Installing SSL connector for Tomcat on Linux/Debian
Date Fri, 04 Dec 2009 21:48:02 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniele,

On 8/18/2009 2:01 PM, Daniele Development-ML wrote:
> 18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init
> INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
> 18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> [false], random [true].

So you are successfully using APR.

> 18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'clientAuth' to 'false' did not find a matching property.

"clientAuth" is not a valid attribute for the APR SSL connector (though
it /is/ valid for the non-APR connector).

See
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
versus
http://tomcat.apache.org/tomcat-6.0-doc/apr.html

You want to use "SSLVerifyClient" instead of "clientAuth", though the
default ("none") is what it looks like you want.

> 18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLEngine' to 'on' did not find a matching property.

"SSLEngine" is not a valid attribute for the APR SSL connector (nor is
it valid for the non-APR connector; that should be "SSLEnabled").

Instead, the "SSLEngine" attribute should appear in your APR lifecycle
listener, like this:

<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />

> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true" clientAuth="false"
> sslProtocol="TLS" enableLookups="false" disableUploadTimeout="true"
> SSLEngine="on"
> SSLCertificateFile="${catalina.base}/config/certs/self-signed-cert.pem"
> SSLCertificateKeyFile="${catalina.base}/config/certs/rsa-private-key.pem"/>

Your value for sslProtocol does not match the list of acceptable values
in http://tomcat.apache.org/tomcat-6.0-doc/apr.html. You might want to
check again.

> In addition, I included the following lines at the beginning of setclass
> file
> 
> CATALINA_OPTS="$CATALINA_OPTS
> -Djava.library.path=/home/daniele/tomcat-6.0.20/bin/tomcat-native-1.1.16-src/jni/native/.libs"

It appears that this has correctly enabled tcnative. Congratulations,
although you probably should go ahead and upgrade to 1.1.18.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksZg5IACgkQ9CaO5/Lv0PDDgQCdFsVwmgo3oPsMx6RiH46kowVr
nqoAniosyxODmp2y+8PNGSrTryDUyoqH
=U6du
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message