(Two different mails snipped and referenced below :-)
"Craig R. McClanahan" wrote:
>
> Yes, that should be "conf/server/lib". Alternatively (and the way I run
> it), you can put these three JAR files in $JAVA_HOME/jre/lib/ext.
A few things here. First, it is unnecessary, then, to have the JSSE jars
in the Tomcat hierarchy if they are installed extensions (/jre/lib/ext)?
Second, and just out of curiousity, the "server/lib" directory appears
to have moved up to the $TCHOME rather than underneath the "conf"
subdirectory. Was that a typo on your part, or does the container
actually search that path (in which case one would now have to manually
create it)?
> Just uncommenting the 8443 connector example in the standard
> conf/server.xml works for me.
But I still need to point it to my keystore, right? Basically, I
uncommented the section and added "keystoreFile" and "keystorePass"
attributes to the Connector tag. The second Http connector section now
reads this:
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" acceptCount="10" debug="0"
scheme="https" secure="true"
keystoreFile="/usr/local/tomcat/conf/my.keystore"
keystorePass="mypass">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"/>
</Connector>
Again, all I changed was to add the two keystore attribs.
> You also have to set up your JSSE environment according to the
> instructions immediately above this connector entry.
I think so. I have JSSE 1.0.2, with the 3 jars in jre/lib/ext (and also
in the system classpath, although not that Catalina cares, of course). I
have the "com.sun.net.ssl..." provider in the security file (I assume
the pecking order doesn't matter). My keystore was generated with:
keytool -genkey -alias tomcat -keyalg RSA -keystore my.keystore
-keypasswd thepassword -storepasswd thepassword
Key and store passwords are the same. "my.keystore" is in the tomcat
conf directory and world-readable.
> What do your log files say?
First of all, the silent failure bit I mentioned this morning was simply
my own goofiness. No message was thrown on the command line, and there
were no errors in the catalina_log... file, but I somehow missed the
"catalina.out" file (my only defense is that it was 2:00am at the time
:-) Below is the stack trace from that file.
PATHETIC DISCLAIMER:
I haven't tried to track it down yet, as I just now discovered this log
file. Although nothing jumps out at me from viewing the calling stack,
it may well be something braindead. I suppose this is technically a bit
of dev-list abuse now, but I am still familiarizing myself with the 4.0
codebase and am not yet up to speed on the container startup process. If
nothing appears obvious from my setup and/or stack trace, feel free to
call me a bum and tell me to track it down my own damn self. I simply
couldn't resist an invitation such as "What do your log files say" =)
(Although on the upshot, I can definitely promise you a "Standalone SSL
Configuration and Troubleshooting" doc once this is all said and done.)
- Christopher
P.S. TC4 takes about 2 minutes to start up on my P133 Redhat 7.1 box
with 256M of RAM. Is that normal or excessive? I'll definitely track
that one down myself, I just want to know if that is out of the ordinary
and therefore something I should even check into. I know for a fact that
"javac" compilations are almost surrealistically slow on that machine,
so maybe it has something to do with that. *shrug*
Anyway, thanks a ton for the SSL assistance!
----------------------
Starting service Tomcat-Standalone
Apache Tomcat/4.0-b6
initProxy: java.security.NoSuchAlgorithmException: Class
com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
not a SSLContext
java.security.NoSuchAlgorithmException: Class
com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
not a SSLContext
at com.sun.net.ssl.b.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.SSLContext.getInstance([DashoPro-V1.2-120198])
at
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocketFactory.java:385)
at
org.apache.catalina.net.SSLServerSocketFactory.initialize(SSLServerSocketFactory.java:328)
at
org.apache.catalina.net.SSLServerSocketFactory.createSocket(SSLServerSocketFactory.java:281)
at
org.apache.catalina.connector.http.HttpConnector.open(HttpConnector.java:905)
at
org.apache.catalina.connector.http.HttpConnector.start(HttpConnector.java:1078)
at
org.apache.catalina.core.StandardService.start(StandardService.java:360)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:458)
at org.apache.catalina.startup.Catalina.start(Catalina.java:737)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:657)
at org.apache.catalina.startup.Catalina.process(Catalina.java:178)
at java.lang.reflect.Method.invoke(Native Method)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:202)
Catalina.start: LifecycleException: HttpConnector[8443].open:
java.io.IOException: java.security.NoSuchAlgorithmException: Class
com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
not a SSLContext
LifecycleException: HttpConnector[8443].open: java.io.IOException:
java.security.NoSuchAlgorithmException: Class
com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
not a SSLContext
at
org.apache.catalina.connector.http.HttpConnector.start(HttpConnector.java:1080)
at
org.apache.catalina.core.StandardService.start(StandardService.java:360)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:458)
at org.apache.catalina.startup.Catalina.start(Catalina.java:737)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:657)
at org.apache.catalina.startup.Catalina.process(Catalina.java:178)
at java.lang.reflect.Method.invoke(Native Method)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:202)
----- Root Cause -----
java.io.IOException: java.security.NoSuchAlgorithmException: Class
com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
not a SSLContext
at
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocketFactory.java:409)
at
org.apache.catalina.net.SSLServerSocketFactory.initialize(SSLServerSocketFactory.java:328)
at
org.apache.catalina.net.SSLServerSocketFactory.createSocket(SSLServerSocketFactory.java:281)
at
org.apache.catalina.connector.http.HttpConnector.open(HttpConnector.java:905)
at
org.apache.catalina.connector.http.HttpConnector.start(HttpConnector.java:1078)
at
org.apache.catalina.core.StandardService.start(StandardService.java:360)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:458)
at org.apache.catalina.startup.Catalina.start(Catalina.java:737)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:657)
at org.apache.catalina.startup.Catalina.process(Catalina.java:178)
at java.lang.reflect.Method.invoke(Native Method)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:202)
Stopping service Tomcat-Standalone