Wylie,
We use SSL with 8.1 and it is quite easy for the users - we re-direct
the URL to use https. The only client issue we've had was with cached
certificates when upgrading from IE6->IE7, after clearing the cache it
was resolved. Clients must use FQDN to not get an error.
Installing the certificates has never been as easy as it should be for
me, but once it works, then it works fine. In the server.xml file the
syntax for a windows path uses "\" instead of the normal windows "/"
when specifying "c:/PATH/.keystore". Otherwise, the documentation
describes it fairly well (it looks like there is a bit of a change in
the syntax for 9.x) and the Tomcat documentation even better.
We are using a connector as follows.
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="443" minProcessors="5" maxProcessors="75" enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="F:\SPECTRUM\path\to.
kdb" />
</Connector>
Something that might help that I found from the Tomcat docs was to
re-direct port 80 traffic to force SSL.
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="80" minProcessors="5" maxProcessors="150" enableLookups="true"
redirectPort="443" acceptCount="10" debug="0" connectionTimeout="60000"
useURIValidationHack="false" disableUploadTimeout="true"
maxKeepAliveRequests="-1" />
When installing and starting for the first time, some of the error
messages are tough in Tomcat to figure out where you're going wrong -
today I am working on some issue with updating some certificates that we
have, again it seems like it is either an error with with how I imported
the keys, or with how the certificate was created. (If anyone has any
ideas, I'm all ears...)
Aug 31, 2009 12:23:54 PM (http-443-Processor4) - Endpoint [SSL:
ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=443]] ignored
exception: java.net.SocketExcep
tion: SSL handshake errorjavax.net.ssl.SSLException: No available
certificate or key corresponds to the SSL cipher suites which are
enabled.
...rod
________________________________ From: Wylie Bowens [mailto:[email protected]] Sent: 2009, August, 31 4:45 PM To: spectrum Subject: [spectrum] One Click Server SSL List, Does anyone out there utilize the secure communication feature SSL between One Click client and the One Click server? Interested in: the ease of install any problems with One Click clients afterward any changes in One Click client experience afterward. Does the documentation of "One Click Administration Guide" accurately describe the process ************************************************************************ ****** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! ************************************************************************ ****** * --To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected] _______________________________________________________________________ This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Ce courrier électronique est confidentiel et protégé. L'expéditeur ne renonce pas aux droits et obligations qui s'y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le (les) destinataire(s) désigné(s) est interdite. Si vous recevez ce courrier électronique par erreur, veuillez m'en aviser immédiatement, par retour de courrier électronique ou par un autre moyen. --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected]
<<ATT1798703.gif>>
