Yes Thanks David, I did add the "keystoreFile=XXX" and "keystorePass="xxx". But it still hangs. Since I was on Windows I used a full path to the file. I forgot about the <security constraint element. Thanks I will give that a try and post back.
Do I need the <security element if I just try https://localhost:8443? Just curious. I know when I asked for the cert, Verisign asked me for my dns name, so maybe the simple localhost will not work and only the dns entry will work. ... Thanks much for your time. Scott ----- Original Message ----- From: "David Wall" <[EMAIL PROTECTED]> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Tuesday, November 29, 2005 10:25 PM Subject: Re: SSL Certificate Beginner Question > > > <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> > ><!-- > ><Connector > > port="8443" minProcessors="5" maxProcessors="75" > > enableLookups="true" disableUploadTimeout="true" > > acceptCount="100" debug="0" scheme="https" secure="true"; > > clientAuth="false" sslProtocol="TLS"/> > >--> > > > > > You probably want to add the following attributes to the Connector above: > > keystoreFile="keys/tomcatkeys" keystorePass="123" > > Obviously, make the keystoreFile point to the name of the Java keystore > that you put your certificate inside, along with the password for that > keystore. I believe the base is $CATALINA_HOME if you use a relative > pathname like above. > > You'll also need to update your webapp's web.xml file with something > like (that is, if you want Tomcat to enforce SSL on your webapp): > > (after any servlet-mapping XML elements, before the session-config > and/or welcome-file-list XML elements of web-app element in WEB-INF/web.xml) > > <security-constraint> > <web-resource-collection> > <web-resource-name>Entire site</web-resource-name> > <url-pattern>/*</url-pattern> > <http-method>GET</http-method> > <http-method>POST</http-method> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > > > Hope that helps... > > David > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
