Re: SSL Configuration Errors

Pid Fri, 06 Jan 2012 01:31:20 -0800

On 05/01/2012 18:22, Justin Larose wrote:
> Sorry. Comments removed.
> 
> ___________________


<snip> No APR, nothing to see here, move along, move along...

You can use an executor to provide a common thread pool for all linked
connectors - to reduce the overhead of unused threads.

>      <Connector port="18080" protocol="HTTP/1.1"
>                 connectionTimeout="20000"
>                 redirectPort="8443" />
> 
>   <Connector

Are you actually using Client auth?

>     clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
>     enableLookups="true" disableUploadTimeout="true"
>     acceptCount="100" maxThreads="200"
>     scheme="https" secure="true" SSLEnabled="true"

>     keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
> 7.0\conf\wcmdev-ssl.jks"
>     keystoreType="JKS" keystorePass="******"

keystoreType has the default, you can remove it.
I don't like the look of those paths, this is neater:

 keystoreFile="${catalina.base}\conf\wcmdev-ssl.jks"


>     truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
> 7.0\conf\wcmdev-ssl.jks"

 truststoreType has the default, you can remove it.

>     truststoreType="JKS" truststorePass="******"
>     SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" 
> sslProtocol="TLS" />

sslProtocol is also the default, you can remove it.


>     <Connector port="8409" protocol="AJP/1.3" redirectPort="8443" />

Are you actually using the AJP connector?

Can you remove all of the client auth config and just configure the
keystore alone, first to try to get the SSL working?

Did you follow the steps here?

 http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html


p

>     <Engine name="Catalina" defaultHost="localhost">
> 
>     <Realm className="org.apache.catalina.realm.LockOutRealm">
>          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>                 resourceName="UserDatabase"/>
>        </Realm>
> 
>        <Host name="localhost"  appBase="webapps"
>              unpackWARs="true" autoDeploy="true">
> 
>          <Valve className="org.apache.catalina.valves.AccessLogValve" 
> directory="logs"
>                 prefix="localhost_access_log." suffix=".txt"
>                 pattern="%h %l %u %t &quot;%r&quot; %s %b" 
> resolveHosts="false"/>
> 
>        </Host>
>      </Engine>
>    </Service>
>  </Server>
> 
> 
> Thanks,
> Justin LaRose
> 
> 

-- 

[key:62590808]

signature.asc
Description: OpenPGP digital signature

Re: SSL Configuration Errors

Reply via email to