Return-Path: 
 <users-return-224516-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 8CE925C34
	for <apmail-tomcat-users-archive@www.apache.org>;
 Tue, 10 May 2011 17:48:33 +0000 (UTC)
Received: (qmail 16606 invoked by uid 500); 10 May 2011 17:48:30 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 16529 invoked by uid 500); 10 May 2011 17:48:30 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 16520 invoked by uid 99); 10 May 2011 17:48:30 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 May 2011 17:48:30 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of knst.kolinko@gmail.com
 designates 209.85.220.173 as permitted sender)
Received: from [209.85.220.173] (HELO mail-vx0-f173.google.com)
 (209.85.220.173)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 May 2011 17:48:23 +0000
Received: by vxb37 with SMTP id 37so9938550vxb.18
        for <users@tomcat.apache.org>; Tue, 10 May 2011 10:48:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type:content-transfer-encoding;
        bh=yBS1ctcoIpNCkRFDxvxDVLkQJaotl0SUfuvAACoZM9M=;
        b=A8Nzk1pbz7AZhYvIPJ+Zdg6Jr3jk1sygygY7YDAwEbX/IbCi5zek3pchjM3BcYDTT+
         xXNIh8vHQlwzjFBcvmupdmk+aBOE70P5vyFMvxR6JpIA/FqhluZ5z+hCGW60TnGjEOFg
         rNfum7d7LoNFH7C9PILrhHmVY+SSmuFZRKBgk=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=V0S1kpvX/pbRh8KHGG/hi3QKe61NTANxvYrK2Dp1bvNe9ABQmLayy8YgcNfMcuy47d
         dlVvQx7qCXmKcgP9UWPgLMEMMnFwKmYvBK0FlCROdf4cKt1nRZBvmYLj+G5VMh/EjMEB
         GTPltPVuq3iEJqzIZUdQ6KMTCNIktQr2k6fHg=
MIME-Version: 1.0
Received: by 10.52.100.163 with SMTP id ez3mr1502417vdb.150.1305049682677;
 Tue, 10 May 2011 10:48:02 -0700 (PDT)
Received: by 10.52.159.228 with HTTP; Tue, 10 May 2011 10:48:02 -0700 (PDT)
In-Reply-To: <BANLkTi=Cc9seWRrKwtrez6u+gNJZC9EM5g@mail.gmail.com>
References: <BANLkTi=Cc9seWRrKwtrez6u+gNJZC9EM5g@mail.gmail.com>
Date: Tue, 10 May 2011 21:48:02 +0400
Message-ID: <BANLkTinMZgwhCRM4JOC=kDopH1eduiAiVQ@mail.gmail.com>
Subject: Re: SSL on Tomcat5
From: Konstantin Kolinko <knst.kolinko@gmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

2011/5/10 Lunita <hoshi.utsuku@gmail.com>:
> Hi all!
>
> I amb trying to configure SSL for Tomcat Manager with APR. I have a weird
> problem, port 8443 is listening, but no HTTPS over there! 8080 and 8443
> ports are open with HTTP
>
> I compiled tomcat native with this configure:
>
> "--prefix=3D/opt/tomcat/" \
> "--with-apr=3D/opt/apr-1.4.2/" \
> "--with-ssl=3D/usr" \
> "--with-java-home=3D/usr/java/jdk1.6.0_23/" \
> "--libdir=3D/usr/lib" \
>
>
> At startup, Tomcat load OK the library:
>
> INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
> May 10, 2011 6:36:07 PM org.apache.catalina.core.AprLifecycleListener ini=
t
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> [false], random [true].
> May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init
> INFO: Initializing Coyote HTTP/1.1 on http-8080
> May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init
> INFO: Initializing Coyote HTTP/1.1 on http-8443
>
> My config at server.xml looks OK ...
>
> <Connector port=3D"8443" maxHttpHeaderSize=3D"8192"
> =A0 =A0 =A0 =A0 =A0 maxThreads=3D"200" minSpareThreads=3D"25" maxSpareThr=
eads=3D"75"
> =A0 =A0 =A0 =A0 =A0 scheme=3D"https" secure=3D"true" SSLEnabled=3D"true"
>
> SSLCertificateFile=3D"/opt/apache-tomcat-5.5.33/conf/tomcat.key.noPasswd"
> =A0 =A0 =A0 =A0 =A0 SSLCertificateKeyFile=3D"/opt/apache-tomcat-5.5.33/co=
nf/XX.cer"
> =A0 =A0 =A0 =A0 =A0 clientAuth=3D"false" SSLProtocol=3D"TLSv1"/>
>
>
> Any help? I'm really lost =3D(

Configuration of APR/OpenSSL (aka "native") connector with SSL is documente=
d in
http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS

Apparently you are missing SSLEngine=3D"on"

Note, that Tomcat 5.5 does not warn about any unknown attributes etc.
(Tomcat 6 and later do give warnings), so you should read the
configuration docs carefully.

What documentation you have followed? (Maybe something needs
amendments / corrections there?)

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org