> >
> >
> > Disclaimer,
> > As I a previous e-mail, I'm not a Linux/Unix/Web admin.
> > I'm a developer w/ a good bit of unix/linux experience who was
> > asked to get SSL working on a current system.
> >
> > A few people here have a bit of experience with Apache/Tomcat/SSL,
> > but, mostly as a user/developer not as an admin.
> >
> > Anyways, I started installing open-ssl & apache-ssl (to be replaced
> > w/mod-ssl)
> > on Friday, when someone (a co-worker) told me that wasn't necessary
> > for our
> > needs since we have little to no static content to worry about and
> > therefore don't
> > even need Apache. I was also told then that Tomcat was also a
> > web-server, news to me.
> >
> > Today...
> > I've disabled Apache (httpd stop) - no httpd processes running.
> > Review the changes to server.xml - basically just uncommenting
> > the SSL connector.
> > Re-started Tomcat (as a non-root user) using for 8443. (I'll try
> > to find out today why
> > this isn't running as root)
> >
> > However https://myHost/~myUser (test page) fails with "The page
> > cannot be displayed"
> > as does http://myHost/~myUser, http://myHost:8443/~myUser and
> > https://myHost:8443/~myUser
> >
>
> I think "SSL Config HOW-TO" is just for you. :))
Got it; read it; re-read it. What am I missing here.
> Did you do all it says about?
1) Downloaded & installed 3 jar files from JSSE.
2) Created a keystore - re-created it also - with specified
password.
3) Updated server.xml as instructed.
4) restarted tomcat
The HOW-TO looks pretty straight forward.
> At least you need to generate a keystore with
> aproprite sertificate.
>
> >
> > Question:
> > If I disable apache what (if anything else) do I need to do to
> > Tomcat?
> > Any server.xml mods?
> > Update /etc/services? https is on port 443, change to 8443?
> >
>
> The connector with SSL support is defined to listen on 8443 by default.
> It's done by port attribute. Default port for https is 443.
> So, if you want just https://yourHost/~yourUser you need to change port
> attribute to 443 in server.xml Don't forget to change redirectPort in
> plain http connector.
>
The redirectPort still points to 8443, also.
To my understanding only processes started by root may connect/bind
to ports below 1024. I'm still starting tomcat as a non-root user,
hence,
I'm using port 8443.
As soon as someone get in here today (quits playing in the snow ;) I
find
out why were not running Tomcat as root.
>
> >
> > This can really drive ya nuts.
> >
> > I think I'll go play in the snow for a while & cool off :)
> >
>
> This is a nice idea too :))
>
> >
> > ThankX again,
> >
> > Ron
> >
>
> Anton.
>
>
Ron
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
