I fought with Tomcat ssl support a couple years ago, and was unable to get it to work. I'm sure the support is there now, but ssl support is transparent if you use mod_jk or mod_webapp with Apache, and it's easier, since you already have all the cerificates in place.
The downside is that the connection between apache and tomcat is NOT encrypted, so if you are running TC and Apache on different servers, this might be an issue.
Ken A.
Justin L. Spies wrote:
One piece of information I forgot to mention:
O/S: Red Hat Linux 7.2
Apache: Custom Compiled 1.3.26
Tomcat: 4.0.4 RPM installation
JSDK: j2sdk1.4.0_01
Thanks again.
Justin L. Spies
-----Original Message-----
From: Justin L. Spies [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 2:43 PM
To: [EMAIL PROTECTED]
Subject: Tomcat SSL Setup
Hello all,
I've been working on getting SSL configured for Tomcat and seem to be
having a small problem. I must be mistyping something because the only
thing I get back from Netscape 7.0 is:
"Netscape 7.0 and www.mydomain.com cannot communicate securely
because they have no common encryption algorithms."
Here is what I have done so far:
1. I changed /etc/tomcat4/server.xml and uncommented the following:
<Connector
className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory
className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false"
keystoreFile="keystores/mydomain.keystore" keystorePass="xxxxxxxx"
protocol="TLS"/>
</Connector>
2. I ran the following commands to import the Verisign key:
/usr/java/j2sdk1.4.0_01/bin/keytool -import -alias root \
-keystore /var/tomcat4/keystores/mydomain.keystore \
-trustcacerts -file /etc/verisign.key
3. I ran the following commands to import a previously created SSL
certificate
/usr/java/j2sdk1.4.0_01/bin/keytool -import -alias tomcat \
-keystore /var/tomcat4/keystores/mydomain.keystore \
-trustcacerts -file /home/httpd/ssl/www.mydomain.com.cer
4. In /etc/tomcat4/server.xml, I noticed the following:
* Download and install JSSE 1.0.2 or later, and put the JAR
files
into "$JAVA_HOME/jre/lib/ext".
I found jsse.jar in $JAVA_HOME/jre/lib so I ran the following:
ln -s $JAVA_HOME/jre/lib/jsse.jar
$JAVA_HOME/jre/lib/ext/jsse.jar
5. I then restarted Tomcat and tried the following URL:
http://www.mydomain.com:8080/examples/servlets/index.hml
This was a test simply to make sure Tomcat started properly. In
this it worked fine.
6. I then restarted Tomcat and tried the following URL:
https://www.mydomain.com:8443/examples/servlets/index.html
This test failed with the above error message.
Does anyone have any ideas? Oh, and BTW, I can visit
https://www.mydomain.com/index.html and the home page for the site comes
up in SSL mode without a problem, so I know that the SSL certificate,
under Apache, is working fine.
Thanks,
Justin L. Spies
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
