I tried adding just the SSLEngine="on" parameter since the SSLCertificate entries are for the types of certificate files that I have been unable to generate from a GeoTrust certificate. I did not see this syntax in the docs, but I was looking at the docs that are installed on my web server with the product. This syntax looks to be incompatible with the .pfx file type of certificate, so I cannot use it. It still does not work.
Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:[EMAIL PROTECTED] On Behalf Of William H. Will Du Chene > Sent: Tuesday, March 04, 2008 8:56 PM > To: [email protected] > Subject: Re: Implementing SSL on Tomcat on Windows servers > > Just out of curiousity, are there any error messages in your > logs that might narrow down what might be happening? :-) > > I am not sure if this will help or not, but I just did some > digging around in the tomcat docs, and it seems that there is > a different syntax for the connector that can be used. > > The alternative syntax - from the documentation - looks like this: > > <Connector port="443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > SSLEngine="on" > SSLCertificateFile="${catalina.base}/conf/localhost.crt" > SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" /> > > Most of the attributes for the connector are the same. There > are some notable additions, however. The port has changed, > and there are now SSLEngine, SSLCertificateFile and > SSLCertificateKeyFile properties. > > > > > GeoTrust finally came up with a kb article just last week > that solves > > the problem where you have a certificate for your IIS > server but want > > to run mid-tier on tomcat/catalina instead of IIS, and need to move > > the certificate over. This may help some of you, too. > > > > > https://knowledge.geotrust.com/support/knowledge-base/index?page=conte > > nt > > &id=S:SO8019&actp=search&searchid=1204671504729 > > > > Now if I could just figure out how to get tomcat 5.5.26 to > recognize > > the code block where you turn on SSL in the config.xml file > - it works > > in > > 5.5.17 and 5.5.20, but not .26. Today support had me > install 5.5.26 > > to solve some problems with the 7.1.00.002 mid-tier, and the only > > thing that didn't get better was the ability to implement > SSL. This > > code block works on 5.5.17 and 5.5.20 but not 5.5.26. Huh?? > > > > <Connector port="8443" maxHttpHeaderSize="8192" > > maxThreads="150" minSpareThreads="25" > > maxSpareThreads="75" > > enableLookups="false" disableUploadTimeout="true" > > acceptCount="100" scheme="https" secure="true" > > clientAuth="false" sslProtocol="TLS" > > keystoreFile="C:\certfile.pfx" > > keystorePass="password" keystoreType="PKCS12" /> > > > > After activating the 8443 port with this (or a faked > certificate like > > Will sent me instructions for), I can access http://localhost:8443/ > > but not https://localhost:8443/ - the browser times out on > the latter. > > One step forward, two steps back! > > > > Any great ideas out there?? > > > > Christopher Strauss, Ph.D. > > Call Tracking Administration Manager > > University of North Texas Computing & IT Center http://itsm.unt.edu/ > > > > > ______________________________________________________________________ > > _________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > > > > -- > ------------------------------------- > Will Du Chene > ------------------------------------- > [EMAIL PROTECTED] > http://www.myspace.com/wduchene > ------------------------------------- > "...you're an anti-Microsoft zealot..." > - Norm Kaiser > ------------------------------------- > > ______________________________________________________________ > _________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" > > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
