"You need to specify that it's an HTTP connector, rather than say an
AJP connector.
Check your configuration against the docs."
Sorry, I don't understand what you said. Specify this where, exactly?
And, which docs should I check? I've been over everything, and have found
nothing remotely addressing my problem.
Richard da Silva
--- On Fri, 10/22/10, Pid * <p...@pidster.com> wrote:
From: Pid * <p...@pidster.com>
Subject: Re: SSL Certificate : Unable to configure Tomcat "server.xml"
To: "Tomcat Users List" <users@tomcat.apache.org>
Date: Friday, October 22, 2010, 4:04 PM
On 22 Oct 2010, at 13:54, Richard da Silva <roman_s...@yahoo.com> wrote:
> Hi all,
>
> I've been fighting with a very silly problem all day.
>
> I have an instance of Sun Identity Manager (IDM) running on a Tomcat server.
>
> To be able to use some of its Resources features, we have had to create and
> install SSL Certificates.
>
> Using some of the online documentation on the installation of SSL
> Certificates, I was able to successfully copy the Certificate to the
> keystore. (I did not create a new keystore. Instead, I used the
default keystore which comes with the JAVA kit : "cacerts" )
>
> Everything seemed to work fine, and I got the confirmation message saying :
> "Certificate installed in keystore"
>
> The final stage involves configuring the Tomcat "server.xml" file, to be able
> to allow SSL connection, and also to pinpoint the location of the Keystore.
>
> First, I commented out the "Connector Port 8080" details. And then, I
> modified the "Connector port 8443" as follows :
>
>
> <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150"
> minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
> disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
> SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="tomcat"
> keystoreFile="C:\Program Files\Java\jdk1.6.0_21\jre\lib\security\cacerts"
> keypass="my_password"/>
You need to specify that it's an HTTP
connector, rather than say an
AJP connector.
Check your configuration against the docs.
p
> And, this is where my problems began.
>
> For some reason, I cannot get this to work.
>
> At first, I was using Tomcat version 6.0.21
>
> I began to get several errors in my Tomcat window
>
> (a) only one usage allowed for each of the following : port / protocol /
> maxThreads,
>
> etc, etc
>
> (b) System parameter "maxThreads"........no match found for parameter;
> System parameter "scheme"........no match found for parameter;
> System parameter "clientAuth"........no match found for parameter;
>
> etc, etc
>
>
>
> I began to wonder if, maybe, there was something wrong with the Tomcat
> version (6.0.21)
>
> Last year, I had successfully performed a
similar procedure (installed Certificate, modified Tomcat server.xml file,
etc). But, that version I used was : 6.0.18
>
> So, I decided to try it. I downloaded an older version of Tomcat (6.0.18),
> and repeated the process all over again.
>
> This time, there were none of the above-mentioned errors. But, I got another
> error :
>
> Alias "tomcat" not found.
>
> So, I removed that line ----- keyAlias="tomcat" ---- and re-started the
> server.
>
> This time, something else happened : when I start-up the server, the Tomcat
> window goes haywire. I see phrases and lines of data (output) flashing on the
> screen at the speed of light. And, then, my computer hangs. I have to
> re-boot it, to get it working again.
>
> I'm at a total loss.
>
> I have racked my brain for any and all possible causes. At first, I thought
> that, maybe, I ought to have created a whole
NEW keystore (as it mentions in the online manual). But, since I was able to
successfully import my certificate into the default "cacerts", I figured that
was not the reason.
>
> And, besides, there is obviously something wrong with the newer version of
> Tomcat, because the older version (which I am now using), did not give me
> those earlier errors.
>
> But, I still do not know what I am doing wrong.
>
> Any help will be greatly appreciated.
>
>
> Thanks.
>
>
> Richard da Silva
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
