tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: SSL Configuration Errors
Date Fri, 06 Jan 2012 09:30:30 GMT
On 05/01/2012 18:22, Justin Larose wrote:
> Sorry. Comments removed.
> 
> ___________________

<snip> No APR, nothing to see here, move along, move along...

You can use an executor to provide a common thread pool for all linked
connectors - to reduce the overhead of unused threads.

>      <Connector port="18080" protocol="HTTP/1.1"
>                 connectionTimeout="20000"
>                 redirectPort="8443" />
> 
>   <Connector

Are you actually using Client auth?

>     clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
>     enableLookups="true" disableUploadTimeout="true"
>     acceptCount="100" maxThreads="200"
>     scheme="https" secure="true" SSLEnabled="true"

>     keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
> 7.0\conf\wcmdev-ssl.jks"
>     keystoreType="JKS" keystorePass="******"

keystoreType has the default, you can remove it.
I don't like the look of those paths, this is neater:

 keystoreFile="${catalina.base}\conf\wcmdev-ssl.jks"


>     truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
> 7.0\conf\wcmdev-ssl.jks"

 truststoreType has the default, you can remove it.

>     truststoreType="JKS" truststorePass="******"
>     SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" 
> sslProtocol="TLS" />

sslProtocol is also the default, you can remove it.


>     <Connector port="8409" protocol="AJP/1.3" redirectPort="8443" />

Are you actually using the AJP connector?

Can you remove all of the client auth config and just configure the
keystore alone, first to try to get the SSL working?

Did you follow the steps here?

 http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html


p

>     <Engine name="Catalina" defaultHost="localhost">
> 
>     <Realm className="org.apache.catalina.realm.LockOutRealm">
>          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>                 resourceName="UserDatabase"/>
>        </Realm>
> 
>        <Host name="localhost"  appBase="webapps"
>              unpackWARs="true" autoDeploy="true">
> 
>          <Valve className="org.apache.catalina.valves.AccessLogValve" 
> directory="logs"
>                 prefix="localhost_access_log." suffix=".txt"
>                 pattern="%h %l %u %t &quot;%r&quot; %s %b" 
> resolveHosts="false"/>
> 
>        </Host>
>      </Engine>
>    </Service>
>  </Server>
> 
> 
> Thanks,
> Justin LaRose
> 
> 

-- 

[key:62590808]


Mime
View raw message