aspose file tools*
The moose likes Tomcat and the fly likes Configure SSL on Tomcat 6.0.24 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Configure SSL on Tomcat 6.0.24" Watch "Configure SSL on Tomcat 6.0.24" New topic
Author

Configure SSL on Tomcat 6.0.24

prakash govind
Greenhorn

Joined: Oct 22, 2012
Posts: 4
Hi

I have followed below steps to setup SSL

C:\Program Files\Java\jdk1.6.0_30\bin>keytool -genkey -alias tomcat -keyalg RSA


copied the generated keystore file to C:\ location

Provided below details

Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
Enter key password for <tomcat>
(RETURN if same as keystore password):


uncommented the below statement and appended to include keystore password and keystore file

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystorePass="changeit" keystoreFile="C:\.keystore"/>



I have got the below error message when I restart the Tomcat server

Could anyone help me on this ?


22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.19.
22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra
ndom [true].
22-Oct-2012 11:21:43 org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'clie
ntAuth' to 'false' did not find a matching property.
22-Oct-2012 11:21:43 org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'keys
torePass' to 'changeit' did not find a matching property.
22-Oct-2012 11:21:43 org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'keys
toreFile' to 'C:\.keystore' did not find a matching property.
22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: No Certificate file specified or invalid file format
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:720)
at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.jav
a:107)
at org.apache.catalina.connector.Connector.initialize(Connector.java:100
7)
at org.apache.catalina.core.StandardService.initialize(StandardService.j
ava:677)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav
a:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:540)
at org.apache.catalina.startup.Catalina.load(Catalina.java:560)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
22-Oct-2012 11:21:44 org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed: java.lang.Exception
: No Certificate file specified or invalid file format
at org.apache.catalina.connector.Connector.initialize(Connector.java:100
9)
at org.apache.catalina.core.StandardService.initialize(StandardService.j
ava:677)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav
a:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:540)
at org.apache.catalina.startup.Catalina.load(Catalina.java:560)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
22-Oct-2012 11:21:44 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1836 ms
22-Oct-2012 11:21:44 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
22-Oct-2012 11:21:44 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.24
22-Oct-2012 11:21:44 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
22-Oct-2012 11:21:44 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
22-Oct-2012 11:21:44 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
22-Oct-2012 11:21:45 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
22-Oct-2012 11:21:45 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
22-Oct-2012 11:21:45 org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
22-Oct-2012 11:21:45 org.apache.coyote.http11.Http11AprProtocol start
SEVERE: Error starting endpoint
java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket
address (protocol/network address/port) is normally permitted.
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646)
at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753)
at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.ja
va:137)
at org.apache.catalina.connector.Connector.start(Connector.java:1080)
at org.apache.catalina.core.StandardService.start(StandardService.java:5
31)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710
)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
22-Oct-2012 11:21:45 org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start fail
ed: java.lang.Exception: Socket bind failed: [730048] Only one usage of each soc
ket address (protocol/network address/port) is normally permitted.
at org.apache.catalina.connector.Connector.start(Connector.java:1087)
at org.apache.catalina.core.StandardService.start(StandardService.java:5
31)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710
)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
22-Oct-2012 11:21:45 org.apache.catalina.startup.Catalina start
INFO: Server startup in 1656 ms
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16250
    
  21

I really wouldn't recommend placing the keystore file in the root of the C: drive. It's too exposed. Make a directory to hold it. I'm also wary of creating it and copying it, since that suggests a way for an intruder to exploit, so there may be some signature data in the keystore to keep that from working. Use the genkey keystore path parameter, instead. Also, the Java filepath notation ("C:/.keystore") is more likely to work properly.

I can't really tell without further study (and a reread of the manual), but you can also have problems if you aren't using a key format that Tomcat will accept.

Finally, you have an error that seems to be saying that there's already a Tomcat running on that machine and listening on port 8080. Only one application can listen on a given port at a time.


Customer surveys are for companies who didn't pay proper attention to begin with.
prakash govind
Greenhorn

Joined: Oct 22, 2012
Posts: 4
Hi
I did not see any other tomcat in my pc.

Could you please let me know how to find and stop ?

Thank you
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16250
    
  21

prakash gp wrote:Hi
I did not see any other tomcat in my pc.

Could you please let me know how to find and stop ?

Thank you


You can use the "netstat" command to see if a port is in use. Windows does not come with any good tools that I know of that will tell you what program owns the port, so you would have to download and install an external application that could tell you.

I forgot you welcome you to the JavaRanch! We hope that you will find us a useful place to go for in-depth information on Java and Java-based technologies.

One minor detail, however. Our naming policy states that your display name has to have a "real" last name, not just an abbreviation. If your preferred display name is already in use by someone else, please let us know and we'll help you.
prakash govind
Greenhorn

Joined: Oct 22, 2012
Posts: 4
Hi Tim
Thank you for your reply.

I tried Netstat.This Port is not used in any place

I have removed the Tomcat and restarted the machine but Still I could see the Home page from this url http://localhost:8080/

Could you please let me know how to remove completely and reinstall ?



Regards
Prakash
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16250
    
  21

If netstat says that port 8080 is in use, but you can still get a page from http://localhost:8080, then something must be wrong with the network configuration on your computer.

Open a command window and type "ping localhost". I think that the "ping" command will display the IP address for localhost as part of the response. It should be 127.0.0.1.
prakash govind
Greenhorn

Joined: Oct 22, 2012
Posts: 4
HI Tim
Below are the ping details. This PC is configured to use in DMZ (demilitarized zone).

C:\>ping localhost

Pinging <machinename> [::1] with 32 bytes of data:
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms

Ping statistics for ::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Thank you



Regards
Prakash
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16250
    
  21

That's the IPV6 localhost address. Check the "ping" options to see if you can do an IPV4 ping.
 
 
subject: Configure SSL on Tomcat 6.0.24