Preface: I know nothing about web servers as you will soon understand but still I am the one that has to get this done. I am walking into this blind.
I am trying to update our Server.xml as per these instructions. But our Server.xml file doesn't have this section to uncomment. I will post or Server.xml below.
___________________________________________ Open the server.xml file. After uncommenting the SSL/TLS connector from server.xml, locate the following text section: <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" /> Add the "keystoreFile" and "keystorePass directives: <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="/full/path/to/tomcat.keystore" keystorePass="changeit" /> Restart Tomcat. ________________________________________________
Any help really appreciated. I am totally lost. I have been reading at apache.tomcat.org and have tried to paste some examples in but then Tomcat Service won't start.
[ August 27, 2007: Message edited by: Marty Finn ] [ August 27, 2007: Message edited by: Marty Finn ]
How can I tell if I have the .java components running that are needed to facilitate this?
If you have a valid certificate, all you need to do is tell Tomcat where it is and it should work. You don't need any .java components.
Joined: Aug 24, 2007
Thanks again. I feel like I am getting closer. This is what I have in my server.xml.
I have tried to put the tomcat.keystore in different locations. Can it be copied from where it was created by the keytool commands? The certificate we got from GoDaddy.com had 2 options for creating the .keystore file.
Use the following OpenSSL command to combine the ca bundle (gd_bundle.crt) and your SSL certificate:
openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <name of your certificate> -inkey <name of your certificate private key file> -out keystore.tomcat -name tomcat -passout pass:changeit
Congrats with the keystore file. TIP: Document what you did. You won't remember this stuff a year from now when you need to do it again.
If Tomcat is serving up your pages under SSL from within your network or on the local machine, it's working. Check your firewall settings and/or your port forwarding to make sure that 8443 is both open to the outside world and pointing to the correct machine.