Hi guys, new to the forum here.
A few months ago I was tasked with setting up a LAMP server to run Apache
Tomcat, and ODK Aggregate. The installation went fairly smoothly, considering it was my first having to deal with tomcat.
About a week ago our developer decided he wants to use SSL for his tomcat traffic. I have spent several days studying and following various online tutorials on how to accomplish this, but so far, no luck.
My setup so far: Debian Squeeze, apache2, tomcat6 running fine with ODK Aggregate, the only app running in tomcat so far.
I have the following lines in pointing to my certificate files in /etc/apache2/sites-available/default-ssl
SSLCertificateFile /etc/apache2/ssl/test.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/test.com.key
SSLCACertificateFile /etc/apache2/ssl/thawte_Server_CA.pem
Both
http://test.com and
https://test.com display the home page, and I get the green lock icon next to "https" in the browser's address bar, so I think we're good so far.
The problem starts when I try to run my tomcat apps over SSL. After several step-by-step guides that failed at some point or another, the last thing I tried was:
# keytool -import -alias root -keystore tomcat.p12 -trustcacerts -file thawte_Server_CA.pem
# keytool -import -alias tomcat -keystore tomcat.p12 -file test.com.crt
From what I've gathered, at this point I'm supposed to have both Thawte's Root (thawte_Server_CA.pem) and my Thawte-issued certificate (test.com.crt) in tomcat.p12.
My tomcat connectors in server.xml are as follows (the first one is unmodified):
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
<Connector port="8443"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
debug="0"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/etc/apache2/ssl/tomcat.p12"
keystorePass="_mypassword_" />
I can pull up test.com:8080 and test.com:8443 over http, but when I try
https://test.com:8443, I get "Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error."
Any help would be much appreciated. Thanks in advance!