File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Problems with Tomcat + ssl Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Problems with Tomcat + ssl" Watch "Problems with Tomcat + ssl" New topic

Problems with Tomcat + ssl

Ole Wendland

Joined: Feb 09, 2010
Posts: 1
Hi Guys,
I'm trying to get an encryption for my Tomcat 6 running, but up till now I fail miserably. I tried to follow this two Tutorials ( and ( but I always get the ssl_error_rx_record_too_long error in the end. Numberous forum post suggest to edit the <VirtualHost *:443> tag, but gues what, Tomcat has none, only Apache has.

The interessting parts of the server.xml look like this:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

<Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystorePass="****" />

The commad which I used for generating the certificate was:
keytool -genkey -alias tomcat -keyalg RSA (I tried it with and without the option -selfcert)

Has someone an idea what could be wrong?

Greetings Ole

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

Welcome to the JavaRanch, Ole.

That message comes from Apache, not Tomcat. So yes, you need to fix Apache.

When you front Tomcat with Apache, you instruct Apache to forward requests over a connector. Instead of using the direct-in default Tomcat ports of 8080 (http) and 8443 (https), you'd normally use the more common ports 80 (http) and 443 (https) in Apache. Apache would then forward to the Tomcat ports when it detects a Tomcat URL (as defined in Apache's config files).

An IDE is no substitute for an Intelligent Developer.
quang diep

Joined: Jan 26, 2011
Posts: 1
it's easy to fix, you only delete tc-native.dll in document bin of tomcat. With tomcat6, it has tc-native.dll, therefor it uses apr, if you want to apr, you should read apr documents
I agree. Here's the link:
subject: Problems with Tomcat + ssl
It's not a secret anymore!