Sander Smith wrote:
I have a problem that I'm unfortunately finding little documentation to help. I'm writing a servlet and embedding it in a larger Java program by using the org.apache.catalina.startup.Embedded class. Things have been working fine up until now. I'm currently trying to add SSL support so that the servlet can operate securely. The only information that I can find about configuring Tomcat to do this is in the config files. This won't work for me - I need to do it programmatically like I'm doing everything else.
From what I can understand, I need to create a connector for port 443, and then attach a special socket factory that deals in SSL to this connector. I thought I've done this, as well as configuring this socket factory to read the keystore where I have the necessary certificates.
What I see when I run this code is I can connect to port 80 correctly (as was working before), and I can even connect to 443 if I specify http and this works (not sure why). If I try https with 443 then my browser just hangs and I can't seem to see anything going on at the server side.
I've created my keystore properly. I acted as my own CA and dummied it all up - even installed the root certificate into Windows so that the browser could find it correctly. For some reason, I don't even think that the keystore file is being accessed.
Any ideas on what I need to do? I'm attaching the important parts of the code that worked before and what I did to change it.
You don't need to set the SSLServerSocketFactory. All you need to do is to call:
connector.setKeyAlias(...)
directly. Tomcat will take care of creating the factory.
Thanks.
-- Jeanfrancois
Thanks for any help,
Sander Smith
// standard stuff to embed Tomcat
Engine engine = null; // Set the home directory System.setProperty("catalina.home", getPath().externalForm());
// Create an embedded server embedded = new Embedded(); // print all log statements to standard error embedded.setDebug(0);
// Create an engine engine = embedded.createEngine(); engine.setDefaultHost("localhost");
// Create a default virtual host host = embedded.createHost("localhost", "webapps");
engine.addChild(host);
Context context = embedded.createContext("/xxx", "xxx.war");
context.addParameter(INSTALL_DIR, getPath().externalForm());
host.addChild(context);
// Install the assembled container hierarchy embedded.addEngine(engine);
/*************************************************************** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^ Start SSL Code ^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ***************************************************************/
SSLServerSocketFactoryssf = new SSLServerSocketFactory(); ssf.setKeystoreFile("c:\\KS.Keystore"); ssf.setKeystorePass("KSPASSWORD");
// Assemble and install a default HTTP connector Connector connector = embedded.createConnector(null, 80, false);
embedded.addConnector(connector);
connector = embedded.createConnector(null, 443, true);
connector.setFactory(ssf);
embedded.addConnector(connector);
/*************************************************************** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^ END SSL Code ^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ***************************************************************/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
