tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lunita <hoshi.uts...@gmail.com>
Subject Re: SSL on Tomcat5
Date Wed, 11 May 2011 08:26:50 GMT
Hi!!

I've found the problem, the params SSLCertificateFile and
SSLCertificateKeyFile were changed.
Now I'm not having any error on startup.

Thanx for all =)

2011/5/11 Goo Sam Kong <skgoo88@gmail.com>

> Hi,
>
> If you use APR, the private key & certificate should be in PEM format as
> documented in http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
>
>  *SSLCertificateFile*
>
> Name of the file that contains the server certificate. The format is
> PEM-encoded.
> SSLCertificateKeyFile
>
> Name of the file that contains the server private key. The format is
> PEM-encoded. The default value is the value of "SSLCertificateFile" and in
> this case both certificate and private key have to be in this file (NOT
> RECOMMENDED).
>
>
> On 11 May 2011 15:31, Lunita <hoshi.utsuku@gmail.com> wrote:
>
> > Hi again,
> >
> > I followed many docs, the Tomcat's official web was not clear enough for
> > me.
> > With SSLEngine="on" I'm having this problem:
> >
> > SEVERE: Catalina.start
> > LifecycleException:  Protocol handler initialization failed:
> > java.lang.Exception: Unable to load certificate key
> > /opt/apache-tomcat-5.5.33/conf/xWiki.cer (error:0906D06C:PEM
> > routines:PEM_read_bio:no start line)
> >
> >
> > Does Tomcat support .cer certificates o must be PEM? Strange thing is
> that
> > the cert. file is .cer, but the error complains about PEM.
> >
> > Thanx in advance.
> >
> >
> > 2011/5/10 Konstantin Kolinko <knst.kolinko@gmail.com>
> >
> > > 2011/5/10 Lunita <hoshi.utsuku@gmail.com>:
> > > > Hi all!
> > > >
> > > > I amb trying to configure SSL for Tomcat Manager with APR. I have a
> > weird
> > > > problem, port 8443 is listening, but no HTTPS over there! 8080 and
> 8443
> > > > ports are open with HTTP
> > > >
> > > > I compiled tomcat native with this configure:
> > > >
> > > > "--prefix=/opt/tomcat/" \
> > > > "--with-apr=/opt/apr-1.4.2/" \
> > > > "--with-ssl=/usr" \
> > > > "--with-java-home=/usr/java/jdk1.6.0_23/" \
> > > > "--libdir=/usr/lib" \
> > > >
> > > >
> > > > At startup, Tomcat load OK the library:
> > > >
> > > > INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
> > > > May 10, 2011 6:36:07 PM org.apache.catalina.core.AprLifecycleListener
> > > init
> > > > INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> > > > [false], random [true].
> > > > May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol
> init
> > > > INFO: Initializing Coyote HTTP/1.1 on http-8080
> > > > May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol
> init
> > > > INFO: Initializing Coyote HTTP/1.1 on http-8443
> > > >
> > > > My config at server.xml looks OK ...
> > > >
> > > > <Connector port="8443" maxHttpHeaderSize="8192"
> > > >           maxThreads="200" minSpareThreads="25" maxSpareThreads="75"
> > > >           scheme="https" secure="true" SSLEnabled="true"
> > > >
> > > >
> SSLCertificateFile="/opt/apache-tomcat-5.5.33/conf/tomcat.key.noPasswd"
> > > >
> SSLCertificateKeyFile="/opt/apache-tomcat-5.5.33/conf/XX.cer"
> > > >           clientAuth="false" SSLProtocol="TLSv1"/>
> > > >
> > > >
> > > > Any help? I'm really lost =(
> > >
> > > Configuration of APR/OpenSSL (aka "native") connector with SSL is
> > > documented in
> > > http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
> > >
> > > Apparently you are missing SSLEngine="on"
> > >
> > > Note, that Tomcat 5.5 does not warn about any unknown attributes etc.
> > > (Tomcat 6 and later do give warnings), so you should read the
> > > configuration docs carefully.
> > >
> > > What documentation you have followed? (Maybe something needs
> > > amendments / corrections there?)
> > >
> > > Best regards,
> > > Konstantin Kolinko
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message