I'm trying to enable TLS (or SSL) in a Tomcat 5.5.29 server, on a
Windows XP machine.
Whatever I do, I always end up with a server that just delivers plain
HTML on port 443, and it doesn't even try to use TLS. That is, I can
connect to http://localhost:443/ and get the same as http://localhost/
and https://localhost/ just displays an "invalid response" error which
makes perfect sense because the webserver isn't attempting TLS
negotiation at all.
So far, I've followed various recipes for creating a selfsigned key that
Tomcat might want to use, but I am suspecting now that the key is not
the problem at all, because there is no error whatsoever in the log
files.
All my attempts have by now been accompagnied by completely removing
Tomcat, removing all left-over directories and installing it again
before attempting anything else.
The only change to the configuration is in conf/server.xml, I changed
the connectors:
<!-- Define a non-SSL HTTP/1.1 Connector on port 80 -->
<Connector port="80" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="2" maxSpareThreads="75"
enableLookups="false" redirectPort="443" acceptCount="10"
connectionTimeout="20000" disableUploadTimeout="true" />
<!-- Define a SSL HTTP/1.1 Connector on port 443 -->
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="2" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="10" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/server.ks"
keystorePass="tomcat"
/>
All the rest is default, and yes, I removed the comment <!-- --> markers
around this directive. In the catalina.2010-05-04.log file, I see the
following output if I start the tomcat service:
May 4, 2010 3:13:52 PM org.apache.catalina.core.AprLifecycleListener
init
INFO: Cannot find message associated with key aprListener.tcnValid
May 4, 2010 3:13:52 PM org.apache.catalina.core.AprLifecycleListener
init
INFO: Cannot find message associated with key aprListener.flags
May 4, 2010 3:13:52 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-80
May 4, 2010 3:13:52 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-443
May 4, 2010 3:13:52 PM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
May 4, 2010 3:13:52 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 672 ms
May 4, 2010 3:13:52 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
May 4, 2010 3:13:52 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.29
May 4, 2010 3:13:52 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
May 4, 2010 3:13:53 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-80
May 4, 2010 3:13:53 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-443
May 4, 2010 3:13:53 PM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
May 4, 2010 3:13:53 PM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
May 4, 2010 3:13:53 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 453 ms
Changing the keystoreFile to "bogus" does not seem to provoke any error
either.
No other webserver or anything is listening on port 80 or 443.
What am I missing?
--
Mike
This message and attachment(s) are intended solely for use by the addressee and
may contain information that is privileged, confidential or otherwise exempt
from disclosure under applicable law.
If you are not the intended recipient or agent thereof responsible for
delivering this message to the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is strictly
prohibited.
If you have received this communication in error, please notify the sender
immediately by telephone and with a 'reply' message.
Thank you for your co-operation.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
