• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SSL Help please

 
Dmitry Fedorovich
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello guys.

I installed tomcat 5 and trying to config https.

I got .crt file and .key file (with private key).
I found out that it tomcat there are 2 ways of enabling ssl (JSSP (default), and ARP)
I created .keystore from .crt file and i think somehow i must add .key to that store (i generated file named .keystore)
If i use JSSP i post in server.xml setting like this

I got an error like


Please help me fix it or advice any different way to configurate ssl in tomcat.

Thank you.
 
Avneet Kaur
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The steps you have performed seems correct:
1) generating a keystore file
2) enabling port 8443 at server.xml file

Try giving absolute path of your keystore file in server.xml
something like:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
enableLookups="true"
keystoreFile="c:/tomcat.keystore" keystorePass="xyz"/>
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18098
50
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Dmitri!

You say you "created the keystore from the .crt file". I'm not sure I know what you did. What you needed to do was create the keystore file using the keytool application ("keytool -genkey") and then add the certificate to the keystore.
 
Dmitry Fedorovich
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Holloway wrote:Welcome to the JavaRanch, Dmitri!

You say you "created the keystore from the .crt file". I'm not sure I know what you did. What you needed to do was create the keystore file using the keytool application ("keytool -genkey") and then add the certificate to the keystore.


It`s just what i did...

After long painful trying i found a better solution. I just installed NGINX and use it as SSL proxy. The only thing i did is setup some config arguments and pathes to .key file and pem file (pem file is just a result of concatenation of .crt and .key files). Thank you very much anyway.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic