tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Mikusa <>
Subject Re: Configuring SSL on TOMCAT6 Using APR connector - Oracle EL 5
Date Fri, 02 Dec 2011 14:24:03 GMT
On Fri, 2011-12-02 at 00:56 -0800, moshood oladapo wrote:
> Dear Sir/Ma,
> I have already deployed an application running perfectly on tomcat 6.0.20 on port 8080
on my Oracle EL 5 server. But now I want all request to go through SSL. 

If you want to force all traffic to go through SSL, you need to do two

1.) Configure an Connector with SSL.

Example using BIO connector:

           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>

Example using APR connector:

           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           clientAuth="optional" SSLProtocol="TLSv1"/>

For details, see

2.) Define user-data-constraint in web.xml to indicate that the
application's traffic must be secured.


See this link for details.

> See below my configurations on server.xml:
>   <!--APR library loader. Documentation at /docs/apr.html -->
>   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"
SSLRandomSeed="builtin" />
>     <Connector executor="tomcatThreadPool"
>                port="8080" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="443" />
>     -->
>     <!-- Define a SSL HTTP/1.1 Connector on port 8443
>          This connector uses the JSSE configuration, when using APR, the
>          connector should be using the OpenSSL style configuration
>          described in the APR documentation -->
>     <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>                maxThreads="150" scheme="https" secure="true"
>                clientAuth="false" sslProtocol="TLS"
>                SSLEngine="on"
>                SSLCerticateFile="/home/oracle/apache-tomcat-6.0.20/conf/ssl/optixserver.crt"
>                SSLCertificateKeyFile="/home/oracle/apache-tomcat-6.0.20/conf/ssl/optixserver.p12"
>                SSLPassword="optix10$"
>      />
> After doing all this, I still couldn't access it "https://localhost:443/". It display
error message " internet explorer cannot display the webpage". But when i try http://localhost:8080/,
it works fine.
> There is a clause I don't understand in the HowTo configure SSL with APR - (the
> APR library must be available). How do I know if the APR is available or not?

If you don't know if APR is installed, then it's likely that it is not
installed.  The APR library is a native library that you must compile
and install manually.

Did you or another system admin compile and install it on your server?

View raw message