Tomcat runs fine when I don't try to get SSL working. Annoyingly enough, it ran for a minute with SSL working, but that was with the default password on the keystore which I thought was a bad idea, long-term. So I created a new key, put it in the same place (with the same name), and restarted tomcat. Only Tomcat wouldn't start at all, not even the non-SSL connector.
So, I tried to go back to the old key. No good; same problem. Finally I went back to a /conf/server.xml file with the SSL connector commented out, and I could get Tomcat to restart (non-SSL only). I've tried about ten times to recreate the key with the default password and every time I reconfigure server.xml to start an SSL connector, Tomcat won't start.
I am creating the key as root, since I can't login as tomcat4; I use
/usr/lib/j2se/1.3/bin/keytool -genkey -alias tomcat -keyalg RSA
and then I copy the key to /usr/share/tomcat4 and chown it to tomcat4. This is what worked the one time. I have also tried using -keystore /usr/share/tomcat4/.keystore, which hasn't helped. I've deleted all the old .keystores from the system, so I know it's not trying to open an old one.
Basically, all I'm doing to server.xml is removing the comments around the pre-configured SSL connector. So it looks like this:
<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS"/> </Connector>
I know certificates can be touchy, but I'm at a loss to understand why this worked once, and is failing to work now. And why would it prevent Tomcat from working in non-SSL?
Thanks, Matt Morgan Manager of Information Systems Brooklyn Museum of Art
