*
The moose likes Tomcat and the fly likes SSL Help please Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "SSL Help please" Watch "SSL Help please" New topic
Author

SSL Help please

Dmitry Fedorovich
Greenhorn

Joined: Sep 06, 2010
Posts: 8
Hello guys.

I installed tomcat 5 and trying to config https.

I got .crt file and .key file (with private key).
I found out that it tomcat there are 2 ways of enabling ssl (JSSP (default), and ARP)
I created .keystore from .crt file and i think somehow i must add .key to that store (i generated file named .keystore)
If i use JSSP i post in server.xml setting like this

I got an error like


Please help me fix it or advice any different way to configurate ssl in tomcat.

Thank you.
Avneet Kaur
Greenhorn

Joined: Sep 08, 2010
Posts: 1
The steps you have performed seems correct:
1) generating a keystore file
2) enabling port 8443 at server.xml file

Try giving absolute path of your keystore file in server.xml
something like:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
enableLookups="true"
keystoreFile="c:/tomcat.keystore" keystorePass="xyz"/>
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16022
    
  20

Welcome to the JavaRanch, Dmitri!

You say you "created the keystore from the .crt file". I'm not sure I know what you did. What you needed to do was create the keystore file using the keytool application ("keytool -genkey") and then add the certificate to the keystore.

Customer surveys are for companies who didn't pay proper attention to begin with.
Dmitry Fedorovich
Greenhorn

Joined: Sep 06, 2010
Posts: 8
Tim Holloway wrote:Welcome to the JavaRanch, Dmitri!

You say you "created the keystore from the .crt file". I'm not sure I know what you did. What you needed to do was create the keystore file using the keytool application ("keytool -genkey") and then add the certificate to the keystore.


It`s just what i did...

After long painful trying i found a better solution. I just installed NGINX and use it as SSL proxy. The only thing i did is setup some config arguments and pathes to .key file and pem file (pem file is just a result of concatenation of .crt and .key files). Thank you very much anyway.
 
 
subject: SSL Help please