tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Configure SSL under Tomcat 7
Date Tue, 20 Mar 2012 14:36:49 GMT
ayouB __ wrote:
> Hi,
> the logs doesn't say any thing, tomcat still working normally, the problem is when i
put the link : https://localhost:8443/ProjectTest/ , the browser display : impossible to display
this page ..., like the project doesn't even exit in my workspace (the browser doesn't recognize
my web project using https, which is not the case with http cause it works normally).
> What should i do now ?!
> Thanks. 		 	   		  

Guys,
I know that ayoub has a tendency to ask for ready-made answers rather than trying to 
figure it out by himself, but maybe he has a point nevertheless.

According to a previous post, ayoub's current HTTPS Connector configuration is :

     <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" 
SSLEnabled="true"
                maxThreads="150" scheme="https" secure="true"
                clientAuth="false" sslProtocol="TLS"
       SSLCertificateFile="localhost.crt"
                SSLCertificateKeyFile="localhost.key"/>

I personally have no idea if there are attributes missing above, or if something is wrong

in the files, but

If I go to this page :http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
and look up the APR Connector attributes, it says this :

----------

SSLCACertificateFile	
See the mod_ssl documentation.

SSLCACertificatePath	
See the mod_ssl documentation.

SSLCARevocationFile	
See the mod_ssl documentation.

SSLCARevocationPath	
See the mod_ssl documentation.

SSLCertificateChainFile	
See the mod_ssl documentation.

SSLCACertificateFile	
Name of the file that contains the concatenated certificates for the trusted certificate 
authorities. The format is PEM-encoded.

SSLCACertificatePath	
Name of the directory that contains the certificates for the trusted certificate 
authorities. The format is PEM-encoded.

SSLCARevocationFile	
Name of the file that contains the concatenated certificate revocation lists for the 
certificate authorities. The format is PEM-encoded.

SSLCARevocationPath	
Name of the directory that contains the certificate revocation lists for the certificate 
authorities. The format is PEM-encoded.

SSLCertificateChainFile	
Name of the file that contains concatenated certifcates for the certificate authorities 
which form the certifcate chain for the server certificate. The format is PEM-encoded.

SSLCertificateFile	
Name of the file that contains the server certificate. The format is PEM-encoded.

SSLCertificateKeyFile	
Name of the file that contains the server private key. The format is PEM-encoded. The 
default value is the value of "SSLCertificateFile" and in this case both certificate and 
private key have to be in this file (NOT RECOMMENDED).

etc...

----

Note that for the attributes for which it does not say "see the mod_ssl documentation", it

talks about "name of the file" or "name of the directory".  Not "path", but "name".

And when following the link to the Apache httpd mod_ssl documentation, there it says "path".

So, whether name or path, where should these files best be placed, and if these attributes

do not require a full path, then relative to what is this interpreted ?



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message