Re: Embedded Tomcat & SSL
Hi Aleksandar,
When I enabled logging using the BasicConfigurator I now get much more
logging information (how exactly the logging is configured and what impact
the value of CATALINA_HOME has I havent been able to figure out but Im sure
Ill get it eventually).
Anyway the exception being displayed is
/
179070 [http-443-Processor4] DEBUG
org.apache.tomcat.util.net.PoolTcpEndpoint - Handshake
failed
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
Im guessing this exception is occurring because the server is trying to
authenticate the client and expects the client to send a certificate so I
updated my code by adding the line
IntrospectionUtils.setProperty(httpConnector, "clientauth", "false");
This hasnt resolved my problem but Im sure Ill figure it out eventually.
Thanks for all your help.
Tom
From: Aleksandar Valchev <[EMAIL PROTECTED]>
Reply-To: "Tomcat Users List"
To: "Tomcat Users List"
Subject: Re: Embedded Tomcat & SSL
Date: Tue, 31 May 2005 13:14:14 +0300
On Tuesday 31 May 2005 12:39, tom ONeill wrote:
You see tomcat home page on http://localhost:443/ because tomcat redirects
connection (I think so :) ).
I test this on jakarta-tomcat-5.5.9-embedded:
Connector httpConnector = new Connector();
httpConnector.setScheme("https");
httpConnector.setSecure(true);
httpConnector.setEnableLookups(false);
IntrospectionUtils.setProperty(httpConnector, "sslProtocol", "TLS");
IntrospectionUtils.setProperty(httpConnector, "keypass", "changeit");
IntrospectionUtils.setProperty(httpConnector, "keystore", "C:/Documents and
Settings/tom/.keystore");
IntrospectUtils.setProperty(httpConnector, "address",
InetAddress.getLocalhost());
IntrospectUtils.setProperty(httpConnector, "port", ""+443);
Of course you have to create your keystore according to tomcat-5.5.9
documentation.
See in your logs. There has to be errors. To see more tomcat messages while
tomcat starts add at the top of your code BasicConfigurator.configure().
This
line configures commons-logging to output debug messages.
If you see "Cannot find server", I think the problem is in your
httpConnector.
While tomcat starts it looks for certificate and private key and if it does
not find it connector just would not start.
I advise you to see your logs ($CATALINA_HOME/logs directory) more
carefully.
> Hi Aleksandar,
>
> Thanks for this. When I update my code to do this I still cannot connect
> from a browser using HTTPS (https://localhost:443/). I get a "Cannot
find
> server error" in my browser.
> But if I change my URL so that I use HTTP (http://localhost:443/) I can
see
> the Tomcat homepage. Seems like Tomcat is still only able to handle http
> requests even though I think I have enabled it for SSL.
>
> I have included a extract of my code to illustrate what I am doing.
>
>
>
///
>///
>
>
> Connector httpConnector = embedded.createConnector(
> (java.net.InetAddress) null,
> 443,
> true);
>
> IntrospectionUtils.setProperty(httpConnector, "sslProtocol",
> "TLS"); IntrospectionUtils.setProperty(httpConnector, "keypass",
> "changeit");
> IntrospectionUtils.setProperty(httpConnector, "keystore",
> "C:/Documents and Settings/tom/.keystore");
>
>
> embedded.addConnector( httpConnector );
>
>embedded.start();
>
>
>
>
///
>///
>
>
> Any ideas what I am doing wrong (I forgot to mention that I am using
> embedded Tomcat 5.5.9).
>
> Cheers,
> Tom
>
> >From: Aleksandar Valchev <[EMAIL PROTECTED]>
> >Reply-To: "Tomcat Users List"
> >To: "Tomcat Users List"
> >Subject: Re: Embedded Tomcat & SSL
> >Date: Tue, 31 May 2005 11:55:42 +0300
> >
> >You have to tell tomcat where to find keystore file:
> >
> >IntrospectionUtils.setProperty(connector, "sslProtocol", "TLS");
> >IntrospectionUtils.setProperty(connector, "keyp
Re: Embedded Tomcat & SSL
Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a "Cannot find server error" in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. // Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, "sslProtocol", "TLS"); IntrospectionUtils.setProperty(httpConnector, "keypass", "changeit"); IntrospectionUtils.setProperty(httpConnector, "keystore", "C:/Documents and Settings/tom/.keystore"); embedded.addConnector( httpConnector ); embedded.start(); // Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev <[EMAIL PROTECTED]> Reply-To: "Tomcat Users List" To: "Tomcat Users List" Subject: Re: Embedded Tomcat & SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, "sslProtocol", "TLS"); IntrospectionUtils.setProperty(connector, "keypass", "keystore-password"); IntrospectionUtils.setProperty(connector, "keystore", "path-to-keystore"); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Start dating right now with FREE Match.com membership! http://match.msn.ie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat & SSL
Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a "Cannot find server error" in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. // Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, "sslProtocol", "TLS"); IntrospectionUtils.setProperty(httpConnector, "keypass", "changeit"); IntrospectionUtils.setProperty(httpConnector, "keystore", "C:/Documents and Settings/tom/.keystore"); embedded.addConnector( httpConnector ); embedded.start(); // Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev <[EMAIL PROTECTED]> Reply-To: "Tomcat Users List" To: "Tomcat Users List" Subject: Re: Embedded Tomcat & SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, "sslProtocol", "TLS"); IntrospectionUtils.setProperty(connector, "keypass", "keystore-password"); IntrospectionUtils.setProperty(connector, "keystore", "path-to-keystore"); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ It's finally here! Download Messenger 7.0 - still FREE http://messenger.msn.co.uk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded Tomcat & SSL
Hi all,
Can anybody show me how I might get SSL working with embedded Tomcat. When
creating a Connector I have set the value of the secure parameter equals to
true but after this I am not sure what else I need to do.
I have taken a look at the code of Embedded and I notice that there is a
comment of "FIX ME" where the HTTPS protocol is handled. Does this mean that
the implementation of SSL with embedded Tomcat is not complete?
} else if (protocol.equals("https")) {
connector = new Connector();
connector.setScheme("https");
connector.setSecure(true);
// FIXME SET SSL PROPERTIES
}
/
Cheers,
Tom
_
Start dating right now with FREE Match.com membership! http://match.msn.ie
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
