Any other thoughts? Are these keys I'm creating persistent in some way--cached somewhere, or anything like that? It doesn't seem like it.
King,Daniel wrote:
I don't know what your time span has been for working with this, but I ran into a problem using WebLogic where my key had expired. My self-signed certificate had not expired, but the key had. I used the OpenSSL software. When I recreated the key with arguments to make it expire in a year, instead of the default of 30 days, I did not have the problem again.
-----Original Message----- From: Matt Morgan [mailto:[EMAIL PROTECTED] Sent: Thu 9/25/2003 3:24 PM To: [EMAIL PROTECTED] Cc: Subject: Configuring server.xml for SSL breaks Tomcat
I'm using 4.1.27 on debian 3.0 with the JDK 1.3 from Blackdown, and the last independent JSSE from Sun, the one intended for jdk1.3. Tomcat runs as user "tomcat4," whose home dir is /usr/share/tomcat4 and whose login shell is /bin/false. Tomcat runs fine when I don't try to get SSL working. Annoyingly enough, it ran for a minute with SSL working, but that was with the default password on the keystore which I thought was a bad idea, long-term. So I created a new key, put it in the same place (with the same name), and restarted tomcat. Only Tomcat wouldn't start at all, not even the non-SSL connector. So, I tried to go back to the old key. No good; same problem. Finally I went back to a /conf/server.xml file with the SSL connector commented out, and I could get Tomcat to restart (non-SSL only). I've tried about ten times to recreate the key with the default password and every time I reconfigure server.xml to start an SSL connector, Tomcat won't start. I am creating the key as root, since I can't login as tomcat4; I use /usr/lib/j2se/1.3/bin/keytool -genkey -alias tomcat -keyalg RSA and then I copy the key to /usr/share/tomcat4 and chown it to tomcat4. This is what worked the one time. I have also tried using -keystore /usr/share/tomcat4/.keystore, which hasn't helped. I've deleted all the old .keystores from the system, so I know it's not trying to open an old one. Basically, all I'm doing to server.xml is removing the comments around the pre-configured SSL connector. So it looks like this: <Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS"/> </Connector> I know certificates can be touchy, but I'm at a loss to understand why this worked once, and is failing to work now. And why would it prevent Tomcat from working in non-SSL? Thanks, Matt Morgan Manager of Information Systems Brooklyn Museum of Art
------------------------------------------------------------------------
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
