Self signed certificate not working for tomcat 6
| down votefavorite | I am trying to configure self signed certificate for our tomcat server. For that initially I created the keystore certificate file using keytool .The command I tried for this iskeytool -genkey -alias example -keyalg RSA -keystore /home/zaman/certs/keystorefile.key chmod 600 /home/zaman/certs/keystorefile.key $ ls -l /home/zaman/certs/keystorefile.key -rw-r--r-- 1 zaman zaman 1329 Nov 27 15:51 /home/ssdg/certs/keystorefile.key Then uncommneted the SSL connector tag in server.xml to add reference to keystore file Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true keystoreFile=/home/zaman/certs/keystorefile.key keystorePass=test123 clientAuth=false sslProtocol=TLS / After this I restarted tomcat server , but cannot access tomcat link (https://localhost:8443) using https. Nothing is seen in log file .$ netstat -apn | grep 8443 tcp0 0 :::8443 :::* LISTEN 25759/java What I am missing to make https work for tomcat using self signed certificate?Please suggest ThanksZaman |
Documentation on Connectors needs updating
Ref http://tomcat.apache.org/tomcat-8.0-doc/connectors.html Those new to Tomcat will not know what a connector is. I presume it's the network protocol used to listen and respond to external requests... For HTTP it is suggested to use AJP clustering as performance is higher than that of mod_proxy. For AJP it talks of use in a single-server environment and how it's worse than that of HTTP, then for clustering to use AJP. It then says to use JK or mod_proxy with AJP. As the reader, I have no idea where to sit. First mod_proxy can be used but AJP ought to be for performance, yet you can use mod_proxy with AJP. I'm... Puzzled. Since I've not dealt with this beyond getting Apache to mod_proxy to the default Tomcat port 8080 before I'm in no position to clean this up I'm afraid but it looks like clarity is needed. Just my opinion. James
tomcat-jdbc vs. tomcat-dbcp
Hi, reading tomcat 8.x documentation, I don't find anything about tomcat-dbcp. The use of tomcat-jdbc is described at [1]. Some of the disadvantages just apply for DBCP 1.x. Is the use of tomcat-jdbc still recommended compared to the repackaged DBCP 2.x in tomcat-dbcp package? Regards, Christian [1] https://tomcat.apache.org/tomcat-8.0-doc/jdbc-pool.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat-jdbc vs. tomcat-dbcp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Christian, On 11/28/14 7:57 AM, Christian wrote: reading tomcat 8.x documentation, I don't find anything about tomcat-dbcp. The use of tomcat-jdbc is described at [1]. Some of the disadvantages just apply for DBCP 1.x. Is the use of tomcat-jdbc still recommended compared to the repackaged DBCP 2.x in tomcat-dbcp package? Regards, Christian [1] https://tomcat.apache.org/tomcat-8.0-doc/jdbc-pool.html Tomcat 8 comes with DBCP 2.x which is an improvement over DBCP 1.x and the differences between DBCP 2.x and tomcat-pool are somewhat less important. tomcat-pool supports some additional nice-to-have features and has a bit less overhead in terms of API size (class count) and so from a virtual-method standpoint ought to be a tiny bit faster, but not so much that you'd notice given that SQL queries take hundreds, thousands, or millions of times more time to execute than method invocations. So, my recommendation is to choose whichever pool has the features that you require and doesn't take too much fussing to configure properly. Since Tomcat's default pool is based upon DBCP, it's likely to be slightly easier to configure that one over tomcat-pool. You can always benchmark in your environment to determine if performance is a factor for you. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUeId/AAoJEBzwKT+lPKRYr9oQAMWWkXoOMrrYRhHyGGneON7Q dqDO2KjyNohoq+1ECzTtBmfkLtKuln9ilzt10H0MBbS0IXp+Ng/QibNoocF/W2yV dKkh1QcfzH2jDE00ClSLFpoD7KxQ8mTh2XZWK+E22Iyixb0PehQASV+nVkrTyIqD hF2jOCzmfn4G41W+P194q3lO7n3SqQIKcWvhcWYhxSyQMODksQsJMYDm6fU6thuO PprCIq2UdDAQTqOSatbHslGg0zqj4qVt7avffbM+NCJn9zRzjgjnkGdHjAbP1NPG BXmaGuNc22vV4pDbjS2ljgn/jtWu0K6IgxFIdLL/eguCUvtmn0OlIPyF3omPm70o +DKDf22ME+aOcAZvCFanSAkTe95XktGBx6KPPrwRLjSJbM/OL3wt6Sktih9ULxfU nMfMQ0eAUqRK4P9DN85E2zmZ76e+pTEpmgkuIYdrk4L66oudaBesLODfZYUy9Jon 0AsZEjVPouY5w+V51FWu8P29MWS33af+O4kNCK31SdEHx5FziLuNY43L1vIYDIIA N1729D4b+J3fUsmPvF0JDn0VBPTnz4Hj1Vb5uYvbLm3rE3Bz+UDpuGdcw2z2FLkF vNzVhWCVN8XNnz3VZd/mtZ8OUVPE2tcAbBX5P9bjxn8BUtE2mLyCx14E6yJOgz6p 061pxnx6KRu4LfswR+BM =lq6D -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Documentation on Connectors needs updating
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 11/28/14 5:50 AM, James Green wrote: Ref http://tomcat.apache.org/tomcat-8.0-doc/connectors.html Those new to Tomcat will not know what a connector is. I presume it's the network protocol used to listen and respond to external requests... For HTTP it is suggested to use AJP clustering as performance is higher than that of mod_proxy. For AJP it talks of use in a single-server environment and how it's worse than that of HTTP, then for clustering to use AJP. It then says to use JK or mod_proxy with AJP. As the reader, I have no idea where to sit. First mod_proxy can be used but AJP ought to be for performance, yet you can use mod_proxy with AJP. I'm... Puzzled. Since I've not dealt with this beyond getting Apache to mod_proxy to the default Tomcat port 8080 before I'm in no position to clean this up I'm afraid but it looks like clarity is needed. Just my opinion. Agreed, there are improvements to be made. Do you have any specific suggestions (other than please clarify all this)? A quick response: 1. mod_proxy supports both HTTP and AJP protocols 2. mod_jk has more features than mod_proxy_ajp 3. Adding a reverse proxy in front of Tomcat will always add overhead regardless of protocol. If you don't need a reverse proxy for anything else, don't add one (i.e. remove httpd from the setup). 4. Tomcat can server static content just as quickly as httpd. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUeIYNAAoJEBzwKT+lPKRYEi0QALSfaXKhgPUnrZ+XLjUCH7Vo y0ZWxs1UjOsq1C+2nA24yHbWO4JZiw2PvKgV3XyfN1AB1Iu/tm6df0ad5ZTksx5t SK11s6xk8LFH5mNW2pXJVLpHrMA8wOdm6rzcF4i7IPfe5f8YiHA7Cz7w1Zpk/Bd+ 7qLvNokJ6Z8/VDxYb6t/IPfKGtsAhWBUOLuTfkmT195Iw8TQ8LVVvancuy8pXcuX PHnoCiDDVGEun8x8lqCGgPwdL/TE/AzBjQzPKNK2At59gp+DfLy8Yh8/PIXFSCgj 96zyjDa3CZILwuz920FQfT3a2tsRMnrMwJ7SN1xq0uOaihuw9KTX1csLr4c5RSvE xJkaRQWwD3Pk3+Xa/3xKVBsTxpSbP4kixxA8Dm1Qmd6kGQwNRzHONvSWmf/Z+wNt TDbZtM11LHH+Z4wd0vsbck0tpSsKZSFLzqGbHnAEz5NOwQKreDwX8xHJek+afBi4 JLTriYmwOwRP6/qphhI5HgneupEYk8/Pcrkk5h+fGek9YNmGc+sj7OBhH+ey+oCQ ElVcpJ7p6sL6O+6Dq0+adeDQeUN+XK40npzqIF18ayGwHJGXXhku0CYtmZATtbcA IT1lwnV2x73Im83tCR+5nApICzoV9N+vGm69TGRwqW6cDo92kFaCXE7v/DEbRKFr dqvsnR8YhDvDcbvevg2M =VYck -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org