tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorge Medina <>
Subject Re: Configuring Tomcat 6.0.28 with SSL
Date Tue, 10 Aug 2010 20:27:25 GMT
There are two ways to add SSL support to Tomcat

a) Pure java support
b) Using OpenSSL through the APR library

For (b) you need to compile (or use a distribution with) the Tomcat
Native Library.

Configuring SSL using (a) is different than when using (b).

You may now if your server is running the APR by looking at the logs,
at startup you may find a line similar to:

INFO: The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the

After you have determined if you have the APR, look at how to configure SSL at


On Tue, Aug 10, 2010 at 3:41 PM, Hansel, Jason T CTR
> I am abandoning the IIS/isapi_redirect.dll method of authenticating via SSL
> into our web application due to the "authentication" process taking a while,
> causing the web app to run abnormally slow.
> I am wanting to use our server certificate (PKCS12) as the keystore. I've
> been doing a lot of research and it seems that I need to import the root
> certificates into the keystore using OpenSSL. What I am not too clear on is
> how to edit the server.xml file to accommodate these configurations. Here is
> what I have thus far, however, SSL does not seem to be working.
> Copied from Notepad:
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
>         This connector uses the JSSE configuration, when using APR, the
>         connector should be using the OpenSSL style configuration
>         described in the APR documentation -->
>    <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>               maxThreads="150" scheme="https" secure="true"
>               keystoreFile="C:\Program Files\Apache Software
> Foundation\Tomcat 6.0\con\geo.pfx"
> keystorePass="password" keystoreType="pkcs12"
>               clientAuth="false" sslProtocol="TLS" />

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message