Tomcat + ssl problems

[Lloyd Hopper]

Hello,
I am sure somebody has come across something similar before but I have been 
unable to find a resolution as yet. The problem is this; I am trying to 
enable SSL in Tomcat 4.1.29 and several things happen that are not correct, 
even though this should be a rather simple goal to achieve.

Firstly, the keytool will not work properly when generating a new key. You 
get asked all the questions and when you have finished and you confirm the 
information entered with a 'yes' it just hangs. Importing with keytool and 
checking the keystore both work fine (the -list and -import flags) but 
generating doesn't (-genkey). I cannot seem to find any error messages 
either and in top the process appears intermittently.

Secondly, after importing the certificate (made with openssl) I then change 
the server.xml config and ensure that the JSSE_HOME is correct in 
catalina.sh and restart Tomcat using catalina.sh. This is what I get:

 ----- begin excerpt catalina log ------
Exception during startup processing
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
Caused by: java.lang.NoClassDefFoundError: javax/net/ServerSocketFactory
        at java.lang.ClassLoader.findBootstrapClass(Native Method)
        at java.lang.ClassLoader.findBootstrapClass0(ClassLoader.java:709)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:284)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:282)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
        at 
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941)
        at 
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857)
        at 
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941)
        at 
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
        at 
org.apache.tomcat.util.net.jsse.JSSE14Factory.getSocketFactory(JSSE14Factory.java:80)
        at 
org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactory(JSSEImplementation.java:113)
        at 
org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Protocol.java:615)
        at 
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:166)
        at 
org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1173)
        at 
org.apache.catalina.core.StandardService.initialize(StandardService.java:579)
        at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:511)
        at org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
        at org.apache.catalina.startup.Catalina.process(Catalina.java:180)
        ... 5 more

---- end excerpt catalina log -----
Tomcat runs perfectly if I comment the SSL out.
--- begin server.xml excerpt ---
    <!-- Define a non-SSL Coyote HTTP/1.1 Connector -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8180" minProcessors="5" maxProcessors="75"
               enableLookups="true" redirectPort="8443"
               acceptCount="100" debug="0" connectionTimeout="20000"
               useURIValidationHack="false" disableUploadTimeout="true" />
    <!-- Note : To disable connection timeouts, set connectionTimeout value
     to -1 -->
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
             acceptCount="100" debug="0" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true">
      <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               keystoreFile="MYKEYSTORE" keystorePass="MYPASSWD"
               clientAuth="false" />
    </Connector>
---- end server.xml excerpt ---
---- begin excerpt catalina.sh ------
# java home
JAVA_HOME=/usr/local/jdk1.4.2; export JAVA_HOME
# JSSE home
JSSE_HOME=/usr/local/jdk1.4.2/jre; export JSSE_HOME
<snip>
# Add on extra jar files to CLASSPATH
if [ -n "$JSSE_HOME" ]; then
  
CLASSPATH="$CLASSPATH":"$JSSE_HOME"/lib/ext/jcert.jar:"$JSSE_HOME"/lib/ext/jnet.jar:"$JSSE_HOME"/lib/ext/jsse.jar
fi
CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/bootstrap.jar:
---- end catalina.sh excerpt ---
Of course JSSE was already included in JDK 1.4 (we are running jdk 1.4.2) 
so it was not necessary to download that apart.

OS :  FreeBSD 4.9
Any assistance on this issue would be gratefully appreciated as something 
which I feel should only have taken an hour or so has taken up far too much 
time with no option in sight other than to run the Tomcat behind Apache+SSL 
instead of standalone with SSL.

Thanks in advance
Regards,
Lloyd

L. C. Hopper
[EMAIL PROTECTED]
Visit us at http://www.TriMM.nl
TriMM Multimedia BV - POBox 1208 7500 BE Enschede - the Netherlands

----------
Microsoft: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
NT: "Hey, wait a minute while I reboot...."
----------