Re: Embedded Tomcat & SSL
Hi Aleksandar, When I enabled logging using the BasicConfigurator I now get much more logging information (how exactly the logging is configured and what impact the value of CATALINA_HOME has I havent been able to figure out but Im sure Ill get it eventually). Anyway the exception being displayed is / 179070 [http-443-Processor4] DEBUG org.apache.tomcat.util.net.PoolTcpEndpoint - Handshake failed javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) Im guessing this exception is occurring because the server is trying to authenticate the client and expects the client to send a certificate so I updated my code by adding the line IntrospectionUtils.setProperty(httpConnector, "clientauth", "false"); This hasnt resolved my problem but Im sure Ill figure it out eventually. Thanks for all your help. Tom From: Aleksandar Valchev <[EMAIL PROTECTED]> Reply-To: "Tomcat Users List" To: "Tomcat Users List" Subject: Re: Embedded Tomcat & SSL Date: Tue, 31 May 2005 13:14:14 +0300 On Tuesday 31 May 2005 12:39, tom ONeill wrote: You see tomcat home page on http://localhost:443/ because tomcat redirects connection (I think so :) ). I test this on jakarta-tomcat-5.5.9-embedded: Connector httpConnector = new Connector(); httpConnector.setScheme("https"); httpConnector.setSecure(true); httpConnector.setEnableLookups(false); IntrospectionUtils.setProperty(httpConnector, "sslProtocol", "TLS"); IntrospectionUtils.setProperty(httpConnector, "keypass", "changeit"); IntrospectionUtils.setProperty(httpConnector, "keystore", "C:/Documents and Settings/tom/.keystore"); IntrospectUtils.setProperty(httpConnector, "address", InetAddress.getLocalhost()); IntrospectUtils.setProperty(httpConnector, "port", ""+443); Of course you have to create your keystore according to tomcat-5.5.9 documentation. See in your logs. There has to be errors. To see more tomcat messages while tomcat starts add at the top of your code BasicConfigurator.configure(). This line configures commons-logging to output debug messages. If you see "Cannot find server", I think the problem is in your httpConnector. While tomcat starts it looks for certificate and private key and if it does not find it connector just would not start. I advise you to see your logs ($CATALINA_HOME/logs directory) more carefully. > Hi Aleksandar, > > Thanks for this. When I update my code to do this I still cannot connect > from a browser using HTTPS (https://localhost:443/). I get a "Cannot find > server error" in my browser. > But if I change my URL so that I use HTTP (http://localhost:443/) I can see > the Tomcat homepage. Seems like Tomcat is still only able to handle http > requests even though I think I have enabled it for SSL. > > I have included a extract of my code to illustrate what I am doing. > > > /// >/// > > > Connector httpConnector = embedded.createConnector( > (java.net.InetAddress) null, > 443, > true); > > IntrospectionUtils.setProperty(httpConnector, "sslProtocol", > "TLS"); IntrospectionUtils.setProperty(httpConnector, "keypass", > "changeit"); > IntrospectionUtils.setProperty(httpConnector, "keystore", > "C:/Documents and Settings/tom/.keystore"); > > > embedded.addConnector( httpConnector ); > >embedded.start(); > > > > /// >/// > > > Any ideas what I am doing wrong (I forgot to mention that I am using > embedded Tomcat 5.5.9). > > Cheers, > Tom > > >From: Aleksandar Valchev <[EMAIL PROTECTED]> > >Reply-To: "Tomcat Users List" > >To: "Tomcat Users List" > >Subject: Re: Embedded Tomcat & SSL > >Date: Tue, 31 May 2005 11:55:42 +0300 > > > >You have to tell tomcat where to find keystore file: > > > >IntrospectionUtils.setProperty(connector, "sslProtocol", "TLS"); > >IntrospectionUtils.setProperty(connector, "keyp
Re: Embedded Tomcat & SSL
Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a "Cannot find server error" in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. // Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, "sslProtocol", "TLS"); IntrospectionUtils.setProperty(httpConnector, "keypass", "changeit"); IntrospectionUtils.setProperty(httpConnector, "keystore", "C:/Documents and Settings/tom/.keystore"); embedded.addConnector( httpConnector ); embedded.start(); // Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev <[EMAIL PROTECTED]> Reply-To: "Tomcat Users List" To: "Tomcat Users List" Subject: Re: Embedded Tomcat & SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, "sslProtocol", "TLS"); IntrospectionUtils.setProperty(connector, "keypass", "keystore-password"); IntrospectionUtils.setProperty(connector, "keystore", "path-to-keystore"); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Start dating right now with FREE Match.com membership! http://match.msn.ie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat & SSL
Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a "Cannot find server error" in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. // Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, "sslProtocol", "TLS"); IntrospectionUtils.setProperty(httpConnector, "keypass", "changeit"); IntrospectionUtils.setProperty(httpConnector, "keystore", "C:/Documents and Settings/tom/.keystore"); embedded.addConnector( httpConnector ); embedded.start(); // Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev <[EMAIL PROTECTED]> Reply-To: "Tomcat Users List" To: "Tomcat Users List" Subject: Re: Embedded Tomcat & SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, "sslProtocol", "TLS"); IntrospectionUtils.setProperty(connector, "keypass", "keystore-password"); IntrospectionUtils.setProperty(connector, "keystore", "path-to-keystore"); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ It's finally here! Download Messenger 7.0 - still FREE http://messenger.msn.co.uk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded Tomcat & SSL
Hi all, Can anybody show me how I might get SSL working with embedded Tomcat. When creating a Connector I have set the value of the secure parameter equals to true but after this I am not sure what else I need to do. I have taken a look at the code of Embedded and I notice that there is a comment of "FIX ME" where the HTTPS protocol is handled. Does this mean that the implementation of SSL with embedded Tomcat is not complete? } else if (protocol.equals("https")) { connector = new Connector(); connector.setScheme("https"); connector.setSecure(true); // FIXME SET SSL PROPERTIES } / Cheers, Tom _ Start dating right now with FREE Match.com membership! http://match.msn.ie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]