This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat with SSL

 
krish_rsk
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I'm trying to SSL enable my tomcat 5.0.28. I follow the steps as per the document..
(1) Install JSSE component
(2) Create .keystore file
(3) Modify server.xml file

When I try to restart tomcat after all this, tomcat starts without any errors but after few seconds shuts down by itself.. without the SSL part enabled in the server.xml file, tomcat starts properly.

What could be problem?! I'm stuck!!! Any help is much appreciated!

Thanks..

Rgds,
Krish
 
krish_rsk
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Missed to mention.. I'm running these on Linux OS.

Thx..
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13058
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Surely it is writing error messages to some log file.
I have also been trying to get SSL running on Sun's Java Desktop (SuSE Linux) - the main problem seems to be telling the JVM where to look for the keystore. However, the only thing that breaks is the SSL Connector - Tomcat continues to run with the regular connector.
Bill
 
Ajith Anand
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

You can specify the key store in the server.xml file as part of the connector properties.
Its when you want to do mutual authentication that it becomes a bit tricky. I had to add my self-signed certificate in the JDK_HOME/jre/lib/security/cacerts keystore , in order for my browser client to produce an appropriate certificate for client side authentication....
 
krish_rsk
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I used this "connector" values & it works now. I guess the problem was with the classname I used before!

<Connector
className="org.apache.coyote.tomcat5.CoyoteConnector"
port="8444" minProcessors="5" maxProcessors="75"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" keystoreFile="/root/.keystore" keystorePass="changeit">
<Factory
className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" debug="0" />
</Connector>

Yes, as you mentioned, it was writing to "catalina.out" under "logs".

Hope it doesn't break!!

Rgds,
Krish
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic