configuring SSL in tomcat

Hi,

I followed this link (http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html) to configure SSL in my tomcat. Here is the summary of what I did:

1.Download JSSE from http://java.sun.com/products/jsse/.

2.Make JSSE an installed extension by copying all three JAR files (jcert.jar, jnet.jar, and jsse.jar) into your $JAVA_HOME/jre/lib/ext directory.

3.To create new keystore from scratch, execute the following command from command line:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

4.Give all the information those are asked.

5.If everything was successful, you now have a keystore file at following location: C:/Documents and Settings/<username>

6.Uncomment the connector tag for SSL in server.xml. It will look something like this:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->


7.Start the tomcat and try: https://localhost:8443

But when I access https://localhost:8443 I get 'page can't be displayed' error. What went wrong?

I do have .keystore file at mentioned location. :roll:

Thanks.

[ May 09, 2007: Message edited by: ankur rathi ]

What exception / message are you getting ?
Check the catalina.out log file or console.

Are you sure that your keystore file is picked up during startup.
Why do not you specify the location of keystore file explictly using the attribute keystoreFile in connector tag.Even you can specify the keystore password.

Originally posted by Rahul Bhattacharjee:
What exception / message are you getting ?
Check the catalina.out log file or console.

Are you sure that your keystore file is picked up during startup.
Why do not you specify the location of keystore file explictly using the attribute keystoreFile in connector tag.Even you can specify the keystore password.

Thanks Rahul Sir,

I changed password (from changeit) but didn't specify that in server.xml. Now I am seeing that Security Alert window that I see when I access my demate account. I can see my certificate details also.

Thanks.

Steps to Configure SSL into Tomcat

1.Download JSSE from http://java.sun.com/products/jsse/.

2.Make JSSE an installed extension by copying all three JAR files (jcert.jar, jnet.jar, and jsse.jar) into your $JAVA_HOME/jre/lib/ext directory.

3.To create new keystore from scratch, execute the following command from command line:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

4.Give all the information those are asked.

5.If everything was successful, you now have a keystore file at following location: / C:/Documents and Settings/<username>

6.Uncomment the connector tag for SSL in server.xml. It will look something like this:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->


7.Add �keystorePass� attribute in Connector tag if you changed password to something else from �changeit�

For example:

<Connector
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS" keystorePass="ankurrathi"/>

8.Start the tomcat and try: https://localhost:8443

Originally posted by ankur rathi:

I changed password (from changeit) but didn't specify that in server.xml. Now I am seeing that Security Alert window that I see when I access my demate account. I can see my certificate details also.

Thats exactly what you want.

Note that JSSE only needs to be installed on very old JREs (up to 1.3). Starting with Java 1.4 it's part of the standard JRE.