On Wed, Mar 20, 2013 at 3:38 PM, Mark Eggers <its_toas...@yahoo.com> wrote:
> Comments inline and also I pasted your configuration in from a previous > email. > > > On 3/20/2013 11:39 AM, my business mail wrote: > >> I only added the keystore property not truststore. I was just following >> what i'd done for tomcat4.1 on w2k3. >> > > In general, don't do this. Tomcat 4.1 (rest its weary code) is long dead, > and configuration options may have changed. Please read the relevant > documentation. > > For your version of Tomcat (please at least upgrade to 6.0.36), the > relevant URL is: > > http://tomcat.apache.org/**tomcat-6.0-doc/ssl-howto.html#**Configuration<http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Configuration> > > > Here is the log file. The keystore > >> file is DEF in the path indicated, but i see the error below in the >> catalina file. >> >> Mar 20, 2013 2:35:21 PM org.apache.catalina.startup.** >> SetAllPropertiesRule >> begin >> WARNING: [SetAllPropertiesRule]{Server/**Service/Connector} Setting >> property >> 'clientAuth' to 'false' did not find a matching property. >> Mar 20, 2013 2:35:21 PM org.apache.catalina.startup.** >> SetAllPropertiesRule >> begin >> WARNING: [SetAllPropertiesRule]{Server/**Service/Connector} Setting >> property >> 'keystoreFile' to 'D:/DevCert/dev.keystore' did not find a matching >> property. >> Mar 20, 2013 2:35:21 PM org.apache.catalina.startup.** >> SetAllPropertiesRule >> begin >> WARNING: [SetAllPropertiesRule]{Server/**Service/Connector} Setting >> property >> 'keystorePass' to 'password1' did not find a matching property. >> Mar 20, 2013 2:35:21 PM org.apache.catalina.core.**AprLifecycleListener >> init >> INFO: Loaded APR based Apache Tomcat Native library 1.1.20. >> Mar 20, 2013 2:35:21 PM org.apache.catalina.core.**AprLifecycleListener >> init >> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters >> [false], random [true]. >> > > You are loading the APR libraries. This requires a different connector > configuration. You have the following: > > > <Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile="D:/DevCert/dev.**keystore" > keystorePass="password1" /> > > This appears to be fine for a Java-based SLL connection. You are using > APR, and its SSL connection is based on OpenSSL. Therefore, you need > something like the following: > > <Connector > port="8443" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > SSLCertificateFile="/usr/**local/ssl/server.crt" > SSLCertificateKeyFile="/usr/**local/ssl/server.pem" > clientAuth="optional" SSLProtocol="TLSv1"/> > > This is copied straight from the documentation cited above (so it's UNIX / > Linux specific). You'll also need to generate your cert and key files a bit > differently. Instructions on how to do that are also in the document I > cited above. > > If you don't want to do that (and use Java SSL), then move tcnative-1.dll > out of your path (renaming it is the easiest way). > > If this is a production machine, the native SSL is much faster than > Java-based SSL (been told that, I front all my SSL stuff with Apache HTTPD > so I don't know). > > So either rename tcnative-1.dll or follow the documentation to use the APR > configuration. > > > Mar 20, 2013 2:35:22 PM org.apache.coyote.http11.**Http11AprProtocol init >> INFO: Initializing Coyote HTTP/1.1 on http-8080 >> Mar 20, 2013 2:35:22 PM org.apache.coyote.http11.**Http11AprProtocol init >> SEVERE: Error initializing endpoint >> java.lang.Exception: No Certificate file specified or invalid file format >> at org.apache.tomcat.jni.**SSLContext.setCertificate(**Native >> Method) >> at org.apache.tomcat.util.net.**AprEndpoint.init(AprEndpoint.** >> java:697) >> at >> org.apache.coyote.http11.**Http11AprProtocol.init(** >> Http11AprProtocol.java:107) >> at >> org.apache.catalina.connector.**Connector.initialize(** >> Connector.java:1058) >> at >> org.apache.catalina.core.**StandardService.initialize(** >> StandardService.java:677) >> at >> org.apache.catalina.core.**StandardServer.initialize(** >> StandardServer.java:795) >> at org.apache.catalina.startup.**Catalina.load(Catalina.java:**535) >> at org.apache.catalina.startup.**Catalina.load(Catalina.java:**555) >> at sun.reflect.**NativeMethodAccessorImpl.**invoke0(Native Method) >> at >> sun.reflect.**NativeMethodAccessorImpl.**invoke(** >> NativeMethodAccessorImpl.java:**39) >> at >> sun.reflect.**DelegatingMethodAccessorImpl.**invoke(** >> DelegatingMethodAccessorImpl.**java:25) >> at java.lang.reflect.Method.**invoke(Method.java:597) >> at org.apache.catalina.startup.**Bootstrap.load(Bootstrap.java:** >> 260) >> at org.apache.catalina.startup.**Bootstrap.main(Bootstrap.java:** >> 412) >> Mar 20, 2013 2:35:22 PM org.apache.catalina.startup.**Catalina load >> SEVERE: Catalina.start >> LifecycleException: Protocol handler initialization failed: >> java.lang.Exception: No Certificate file specified or invalid file format >> at >> org.apache.catalina.connector.**Connector.initialize(** >> Connector.java:1060) >> at >> org.apache.catalina.core.**StandardService.initialize(** >> StandardService.java:677) >> at >> org.apache.catalina.core.**StandardServer.initialize(** >> StandardServer.java:795) >> at org.apache.catalina.startup.**Catalina.load(Catalina.java:**535) >> at org.apache.catalina.startup.**Catalina.load(Catalina.java:**555) >> at sun.reflect.**NativeMethodAccessorImpl.**invoke0(Native Method) >> at >> sun.reflect.**NativeMethodAccessorImpl.**invoke(** >> NativeMethodAccessorImpl.java:**39) >> at >> sun.reflect.**DelegatingMethodAccessorImpl.**invoke(** >> DelegatingMethodAccessorImpl.**java:25) >> at java.lang.reflect.Method.**invoke(Method.java:597) >> at org.apache.catalina.startup.**Bootstrap.load(Bootstrap.java:** >> 260) >> at org.apache.catalina.startup.**Bootstrap.main(Bootstrap.java:** >> 412) >> Mar 20, 2013 2:35:22 PM org.apache.catalina.startup.**Catalina load >> INFO: Initialization processed in 2143 ms >> Mar 20, 2013 2:35:22 PM org.apache.catalina.core.**StandardService start >> INFO: Starting service Catalina >> Mar 20, 2013 2:35:22 PM org.apache.catalina.core.**StandardEngine start >> INFO: Starting Servlet Engine: Apache Tomcat/6.0.20 >> Mar 20, 2013 2:35:23 PM org.apache.coyote.http11.**Http11AprProtocol >> start >> INFO: Starting Coyote HTTP/1.1 on http-8080 >> Mar 20, 2013 2:35:24 PM org.apache.coyote.http11.**Http11AprProtocol >> start >> SEVERE: Error starting endpoint >> java.lang.Exception: Socket bind failed: [730048] Only one usage of each >> socket address (protocol/network address/port) is normally permitted. >> at org.apache.tomcat.util.net.**AprEndpoint.init(AprEndpoint.** >> java:623) >> at org.apache.tomcat.util.net.**AprEndpoint.start(AprEndpoint.** >> java:730) >> at >> org.apache.coyote.http11.**Http11AprProtocol.start(** >> Http11AprProtocol.java:137) >> at org.apache.catalina.connector.**Connector.start(Connector.** >> java:1131) >> at >> org.apache.catalina.core.**StandardService.start(** >> StandardService.java:531) >> at >> org.apache.catalina.core.**StandardServer.start(** >> StandardServer.java:710) >> at org.apache.catalina.startup.**Catalina.start(Catalina.java:**583) >> at sun.reflect.**NativeMethodAccessorImpl.**invoke0(Native Method) >> at >> sun.reflect.**NativeMethodAccessorImpl.**invoke(** >> NativeMethodAccessorImpl.java:**39) >> at >> sun.reflect.**DelegatingMethodAccessorImpl.**invoke(** >> DelegatingMethodAccessorImpl.**java:25) >> at java.lang.reflect.Method.**invoke(Method.java:597) >> at org.apache.catalina.startup.**Bootstrap.start(Bootstrap.** >> java:288) >> at org.apache.catalina.startup.**Bootstrap.main(Bootstrap.java:** >> 413) >> Mar 20, 2013 2:35:24 PM org.apache.catalina.startup.**Catalina start >> SEVERE: Catalina.start: >> LifecycleException: service.getName(): "Catalina"; Protocol handler >> start >> failed: java.lang.Exception: Socket bind failed: [730048] Only one usage >> of >> each socket address (protocol/network address/port) is normally permitted. >> at org.apache.catalina.connector.**Connector.start(Connector.** >> java:1138) >> at >> org.apache.catalina.core.**StandardService.start(** >> StandardService.java:531) >> at >> org.apache.catalina.core.**StandardServer.start(** >> StandardServer.java:710) >> at org.apache.catalina.startup.**Catalina.start(Catalina.java:**583) >> at sun.reflect.**NativeMethodAccessorImpl.**invoke0(Native Method) >> at >> sun.reflect.**NativeMethodAccessorImpl.**invoke(** >> NativeMethodAccessorImpl.java:**39) >> at >> sun.reflect.**DelegatingMethodAccessorImpl.**invoke(** >> DelegatingMethodAccessorImpl.**java:25) >> at java.lang.reflect.Method.**invoke(Method.java:597) >> at org.apache.catalina.startup.**Bootstrap.start(Bootstrap.** >> java:288) >> at org.apache.catalina.startup.**Bootstrap.main(Bootstrap.java:** >> 413) >> Mar 20, 2013 2:35:24 PM org.apache.catalina.startup.**Catalina start >> INFO: Server startup in 2023 ms >> >> >> On Wed, Mar 20, 2013 at 2:27 PM, Harris, Jeffrey E. < >> jeffrey.har...@mantech.com> wrote: >> >> >>> >>> -----Original Message----- >>>> From: my business mail [mailto:mv.ma...@gmail.com] >>>> Sent: Wednesday, March 20, 2013 2:18 PM >>>> To: Tomcat Users List >>>> Subject: Re: Tomcat 6.0.20/Windows 2008 R2/SSL Configuration >>>> >>>> So, I know the port numbers can be set to any unused port. I was >>>> toggling between 8442 and 8443. Neither worked. I just set it back to >>>> 8443. >>>> I feel like it's connecting somehow, because if I put in a port number >>>> that isn't configured...I get a connection error message. >>>> Otherwise, the browser icon just keeps spinning...nothing happens.No >>>> errors at all. >>>> >>>> On Wed, Mar 20, 2013 at 2:09 PM, David kerber <dcker...@verizon.net> >>>> wrote: >>>> >>>> On 3/20/2013 2:02 PM, my business mail wrote: >>>>> >>>>> OK, here is the text copied from notepad. >>>>>> >>>>>> >>>>>> <Connector executor="tomcatThreadPool" >>>>>> port="8080" protocol="HTTP/1.1" >>>>>> connectionTimeout="20000" >>>>>> redirectPort="8443" /> >>>>>> >>>>>> >>>>>> <Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true" >>>>>> >>>>>> >>>>> 8442? Shouldn't it be 8443? >>>>> >>>>> >>>>> >>>>> maxThreads="150" scheme="https" secure="true" >>>>> >>>>>> clientAuth="false" sslProtocol="TLS" >>>>>> keystoreFile="D:/DevCert/dev.****keystore" keystorePass="password1" >>>>>> /> >>>>>> >>>>>> >>>>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" >>>>>> /> >>>>>> >>>>>> >>>>>> >>>>> ------------------------------****----------------------------** >>>>> --**----- >>>>> >>>> - >>>> >>>>> --- To unsubscribe, e-mail: >>>>> users-unsubscribe@tomcat.**apa**che.org <http://apache.org><users- >>>>> >>>> unsubscribe@tomcat.apache. >>>> >>>>> org> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>>> >>>>> >>> I do not see a reference to a truststore: >>> >>> truststoreFile=".\conf\myts.**jks" >>> >>> The truststore can be the same file as the keystore. >>> >>> What do the error logs show? >>> >>> Jeffrey Harris >>> >> > . . . . just my two cents. > /mde/ > > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > > __________________________________________________________ *RESOLVED* thank you, I renamed the tcnative-1.dll file from the path just as the comment below indicated. this made it work! "If you don't want to do that (and use Java SSL), then move tcnative-1.dll out of your path (renaming it is the easiest way)."
