Comments inline and also I pasted your configuration in from a previous
email.
On 3/20/2013 11:39 AM, my business mail wrote:
I only added the keystore property not truststore. I was just following
what i'd done for tomcat4.1 on w2k3.
In general, don't do this. Tomcat 4.1 (rest its weary code) is long
dead, and configuration options may have changed. Please read the
relevant documentation.
For your version of Tomcat (please at least upgrade to 6.0.36), the
relevant URL is:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Configuration
Here is the log file. The keystore
file is DEF in the path indicated, but i see the error below in the
catalina file.
Mar 20, 2013 2:35:21 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'clientAuth' to 'false' did not find a matching property.
Mar 20, 2013 2:35:21 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'keystoreFile' to 'D:/DevCert/dev.keystore' did not find a matching
property.
Mar 20, 2013 2:35:21 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'keystorePass' to 'password1' did not find a matching property.
Mar 20, 2013 2:35:21 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Mar 20, 2013 2:35:21 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
You are loading the APR libraries. This requires a different connector
configuration. You have the following:
<Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/DevCert/dev.keystore"
keystorePass="password1" />
This appears to be fine for a Java-based SLL connection. You are using
APR, and its SSL connection is based on OpenSSL. Therefore, you need
something like the following:
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="optional" SSLProtocol="TLSv1"/>
This is copied straight from the documentation cited above (so it's UNIX
/ Linux specific). You'll also need to generate your cert and key files
a bit differently. Instructions on how to do that are also in the
document I cited above.
If you don't want to do that (and use Java SSL), then move
tcnative-1.dll out of your path (renaming it is the easiest way).
If this is a production machine, the native SSL is much faster than
Java-based SSL (been told that, I front all my SSL stuff with Apache
HTTPD so I don't know).
So either rename tcnative-1.dll or follow the documentation to use the
APR configuration.
Mar 20, 2013 2:35:22 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Mar 20, 2013 2:35:22 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: No Certificate file specified or invalid file format
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:697)
at
org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:535)
at org.apache.catalina.startup.Catalina.load(Catalina.java:555)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Mar 20, 2013 2:35:22 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed:
java.lang.Exception: No Certificate file specified or invalid file format
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1060)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:535)
at org.apache.catalina.startup.Catalina.load(Catalina.java:555)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Mar 20, 2013 2:35:22 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2143 ms
Mar 20, 2013 2:35:22 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Mar 20, 2013 2:35:22 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.20
Mar 20, 2013 2:35:23 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Mar 20, 2013 2:35:24 PM org.apache.coyote.http11.Http11AprProtocol start
SEVERE: Error starting endpoint
java.lang.Exception: Socket bind failed: [730048] Only one usage of each
socket address (protocol/network address/port) is normally permitted.
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:623)
at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:730)
at
org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
at org.apache.catalina.connector.Connector.start(Connector.java:1131)
at
org.apache.catalina.core.StandardService.start(StandardService.java:531)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:583)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Mar 20, 2013 2:35:24 PM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start
failed: java.lang.Exception: Socket bind failed: [730048] Only one usage of
each socket address (protocol/network address/port) is normally permitted.
at org.apache.catalina.connector.Connector.start(Connector.java:1138)
at
org.apache.catalina.core.StandardService.start(StandardService.java:531)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:583)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Mar 20, 2013 2:35:24 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2023 ms
On Wed, Mar 20, 2013 at 2:27 PM, Harris, Jeffrey E. <
jeffrey.har...@mantech.com> wrote:
-----Original Message-----
From: my business mail [mailto:mv.ma...@gmail.com]
Sent: Wednesday, March 20, 2013 2:18 PM
To: Tomcat Users List
Subject: Re: Tomcat 6.0.20/Windows 2008 R2/SSL Configuration
So, I know the port numbers can be set to any unused port. I was
toggling between 8442 and 8443. Neither worked. I just set it back to
8443.
I feel like it's connecting somehow, because if I put in a port number
that isn't configured...I get a connection error message.
Otherwise, the browser icon just keeps spinning...nothing happens.No
errors at all.
On Wed, Mar 20, 2013 at 2:09 PM, David kerber <dcker...@verizon.net>
wrote:
On 3/20/2013 2:02 PM, my business mail wrote:
OK, here is the text copied from notepad.
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true"
8442? Shouldn't it be 8443?
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/DevCert/dev.**keystore" keystorePass="password1" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
/>
------------------------------**------------------------------**-----
-
--- To unsubscribe, e-mail:
users-unsubscribe@tomcat.**apache.org<users-
unsubscribe@tomcat.apache.
org> For additional commands, e-mail: users-h...@tomcat.apache.org
I do not see a reference to a truststore:
truststoreFile=".\conf\myts.jks"
The truststore can be the same file as the keystore.
What do the error logs show?
Jeffrey Harris
. . . . just my two cents.
/mde/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
