Re: SSL on Tomcat5
Hi again, I followed many docs, the Tomcat's official web was not clear enough for me. With SSLEngine=on I'm having this problem: SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception: Unable to load certificate key /opt/apache-tomcat-5.5.33/conf/xWiki.cer (error:0906D06C:PEM routines:PEM_read_bio:no start line) Does Tomcat support .cer certificates o must be PEM? Strange thing is that the cert. file is .cer, but the error complains about PEM. Thanx in advance. 2011/5/10 Konstantin Kolinko knst.koli...@gmail.com 2011/5/10 Lunita hoshi.uts...@gmail.com: Hi all! I amb trying to configure SSL for Tomcat Manager with APR. I have a weird problem, port 8443 is listening, but no HTTPS over there! 8080 and 8443 ports are open with HTTP I compiled tomcat native with this configure: --prefix=/opt/tomcat/ \ --with-apr=/opt/apr-1.4.2/ \ --with-ssl=/usr \ --with-java-home=/usr/java/jdk1.6.0_23/ \ --libdir=/usr/lib \ At startup, Tomcat load OK the library: INFO: Loaded APR based Apache Tomcat Native library 1.1.20. May 10, 2011 6:36:07 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 My config at server.xml looks OK ... Connector port=8443 maxHttpHeaderSize=8192 maxThreads=200 minSpareThreads=25 maxSpareThreads=75 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/opt/apache-tomcat-5.5.33/conf/tomcat.key.noPasswd SSLCertificateKeyFile=/opt/apache-tomcat-5.5.33/conf/XX.cer clientAuth=false SSLProtocol=TLSv1/ Any help? I'm really lost =( Configuration of APR/OpenSSL (aka native) connector with SSL is documented in http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS Apparently you are missing SSLEngine=on Note, that Tomcat 5.5 does not warn about any unknown attributes etc. (Tomcat 6 and later do give warnings), so you should read the configuration docs carefully. What documentation you have followed? (Maybe something needs amendments / corrections there?) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL on Tomcat5
Hi, If you use APR, the private key certificate should be in PEM format as documented in http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS *SSLCertificateFile* Name of the file that contains the server certificate. The format is PEM-encoded. SSLCertificateKeyFile Name of the file that contains the server private key. The format is PEM-encoded. The default value is the value of SSLCertificateFile and in this case both certificate and private key have to be in this file (NOT RECOMMENDED). On 11 May 2011 15:31, Lunita hoshi.uts...@gmail.com wrote: Hi again, I followed many docs, the Tomcat's official web was not clear enough for me. With SSLEngine=on I'm having this problem: SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception: Unable to load certificate key /opt/apache-tomcat-5.5.33/conf/xWiki.cer (error:0906D06C:PEM routines:PEM_read_bio:no start line) Does Tomcat support .cer certificates o must be PEM? Strange thing is that the cert. file is .cer, but the error complains about PEM. Thanx in advance. 2011/5/10 Konstantin Kolinko knst.koli...@gmail.com 2011/5/10 Lunita hoshi.uts...@gmail.com: Hi all! I amb trying to configure SSL for Tomcat Manager with APR. I have a weird problem, port 8443 is listening, but no HTTPS over there! 8080 and 8443 ports are open with HTTP I compiled tomcat native with this configure: --prefix=/opt/tomcat/ \ --with-apr=/opt/apr-1.4.2/ \ --with-ssl=/usr \ --with-java-home=/usr/java/jdk1.6.0_23/ \ --libdir=/usr/lib \ At startup, Tomcat load OK the library: INFO: Loaded APR based Apache Tomcat Native library 1.1.20. May 10, 2011 6:36:07 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 My config at server.xml looks OK ... Connector port=8443 maxHttpHeaderSize=8192 maxThreads=200 minSpareThreads=25 maxSpareThreads=75 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/opt/apache-tomcat-5.5.33/conf/tomcat.key.noPasswd SSLCertificateKeyFile=/opt/apache-tomcat-5.5.33/conf/XX.cer clientAuth=false SSLProtocol=TLSv1/ Any help? I'm really lost =( Configuration of APR/OpenSSL (aka native) connector with SSL is documented in http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS Apparently you are missing SSLEngine=on Note, that Tomcat 5.5 does not warn about any unknown attributes etc. (Tomcat 6 and later do give warnings), so you should read the configuration docs carefully. What documentation you have followed? (Maybe something needs amendments / corrections there?) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL on Tomcat5
Hi!! I've found the problem, the params SSLCertificateFile and SSLCertificateKeyFile were changed. Now I'm not having any error on startup. Thanx for all =) 2011/5/11 Goo Sam Kong skgo...@gmail.com Hi, If you use APR, the private key certificate should be in PEM format as documented in http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS *SSLCertificateFile* Name of the file that contains the server certificate. The format is PEM-encoded. SSLCertificateKeyFile Name of the file that contains the server private key. The format is PEM-encoded. The default value is the value of SSLCertificateFile and in this case both certificate and private key have to be in this file (NOT RECOMMENDED). On 11 May 2011 15:31, Lunita hoshi.uts...@gmail.com wrote: Hi again, I followed many docs, the Tomcat's official web was not clear enough for me. With SSLEngine=on I'm having this problem: SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception: Unable to load certificate key /opt/apache-tomcat-5.5.33/conf/xWiki.cer (error:0906D06C:PEM routines:PEM_read_bio:no start line) Does Tomcat support .cer certificates o must be PEM? Strange thing is that the cert. file is .cer, but the error complains about PEM. Thanx in advance. 2011/5/10 Konstantin Kolinko knst.koli...@gmail.com 2011/5/10 Lunita hoshi.uts...@gmail.com: Hi all! I amb trying to configure SSL for Tomcat Manager with APR. I have a weird problem, port 8443 is listening, but no HTTPS over there! 8080 and 8443 ports are open with HTTP I compiled tomcat native with this configure: --prefix=/opt/tomcat/ \ --with-apr=/opt/apr-1.4.2/ \ --with-ssl=/usr \ --with-java-home=/usr/java/jdk1.6.0_23/ \ --libdir=/usr/lib \ At startup, Tomcat load OK the library: INFO: Loaded APR based Apache Tomcat Native library 1.1.20. May 10, 2011 6:36:07 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 My config at server.xml looks OK ... Connector port=8443 maxHttpHeaderSize=8192 maxThreads=200 minSpareThreads=25 maxSpareThreads=75 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/opt/apache-tomcat-5.5.33/conf/tomcat.key.noPasswd SSLCertificateKeyFile=/opt/apache-tomcat-5.5.33/conf/XX.cer clientAuth=false SSLProtocol=TLSv1/ Any help? I'm really lost =( Configuration of APR/OpenSSL (aka native) connector with SSL is documented in http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS Apparently you are missing SSLEngine=on Note, that Tomcat 5.5 does not warn about any unknown attributes etc. (Tomcat 6 and later do give warnings), so you should read the configuration docs carefully. What documentation you have followed? (Maybe something needs amendments / corrections there?) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SSL on Tomcat5
Hi all! I amb trying to configure SSL for Tomcat Manager with APR. I have a weird problem, port 8443 is listening, but no HTTPS over there! 8080 and 8443 ports are open with HTTP I compiled tomcat native with this configure: --prefix=/opt/tomcat/ \ --with-apr=/opt/apr-1.4.2/ \ --with-ssl=/usr \ --with-java-home=/usr/java/jdk1.6.0_23/ \ --libdir=/usr/lib \ At startup, Tomcat load OK the library: INFO: Loaded APR based Apache Tomcat Native library 1.1.20. May 10, 2011 6:36:07 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 My config at server.xml looks OK ... Connector port=8443 maxHttpHeaderSize=8192 maxThreads=200 minSpareThreads=25 maxSpareThreads=75 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/opt/apache-tomcat-5.5.33/conf/tomcat.key.noPasswd SSLCertificateKeyFile=/opt/apache-tomcat-5.5.33/conf/XX.cer clientAuth=false SSLProtocol=TLSv1/ Any help? I'm really lost =( Thanx!
Re: SSL on Tomcat5
2011/5/10 Lunita hoshi.uts...@gmail.com: Hi all! I amb trying to configure SSL for Tomcat Manager with APR. I have a weird problem, port 8443 is listening, but no HTTPS over there! 8080 and 8443 ports are open with HTTP I compiled tomcat native with this configure: --prefix=/opt/tomcat/ \ --with-apr=/opt/apr-1.4.2/ \ --with-ssl=/usr \ --with-java-home=/usr/java/jdk1.6.0_23/ \ --libdir=/usr/lib \ At startup, Tomcat load OK the library: INFO: Loaded APR based Apache Tomcat Native library 1.1.20. May 10, 2011 6:36:07 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 My config at server.xml looks OK ... Connector port=8443 maxHttpHeaderSize=8192 maxThreads=200 minSpareThreads=25 maxSpareThreads=75 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/opt/apache-tomcat-5.5.33/conf/tomcat.key.noPasswd SSLCertificateKeyFile=/opt/apache-tomcat-5.5.33/conf/XX.cer clientAuth=false SSLProtocol=TLSv1/ Any help? I'm really lost =( Configuration of APR/OpenSSL (aka native) connector with SSL is documented in http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS Apparently you are missing SSLEngine=on Note, that Tomcat 5.5 does not warn about any unknown attributes etc. (Tomcat 6 and later do give warnings), so you should read the configuration docs carefully. What documentation you have followed? (Maybe something needs amendments / corrections there?) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org