On Tue, Apr 17, 2012 at 8:51 PM, amine20 <amin...@hotmail.com> wrote:
> hi > i'm new in tomcat/apache environement, i've succes to add ssl to apache2 > using openssl, but i've tried to do the same in tomcat but unfortunatly > doesn't WORK. > > this is an explanation of what i have did: > Step 1.Create a keystore file using Java > /usr/lib/jvm/java-6-sun-1.6.0.26/jre/bin# keytool -genkey -alias tomcat > -keyalg RSA > > root@CAS:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/bin# keytool -genkey -alias > tomcat -keyalg RSA > Enter key store password: changeit > Enter key password for <tomcat>: changeit > > You are about to enter information that will be incorporated into > your certificate request. This information is what is called a > Distinguished Name or DN. There are quite a few fields but you > can use supplied default values, displayed between brackets, by just > hitting <Enter>, or blank the field by entering the <.> character > before hitting <Enter>. > > Common Name (hostname, IP, or your name): CAS > Organization Name (company) [The Sample Company]: crdp-nice.cndp.fr > Organizational Unit Name (department, division): IT > Locality Name (city, district) [Sydney]: FRANCE > State or Province Name (full name) [NSW]: TOULON > Country Name (2 letter code) [AU]: FR > ------------------------------------------------->>> now my .keystore file > is in /root folder > root@CAS:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/bin# ls -a /root |grep > .keystore > .keystore > > Step 2.Configure Tomcat to use the keystore > a modify the server.xml file as shown: > > <Connector protocol="org.apache.coyote.http11.Http11Protocol" > port="8443" SSLEnabled="true" > keystoreFile="/root/.keystore" keystorePass="changeit" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" /> > -------------------------------------- > for testing: > service tomcat6 restart > Stopping Tomcat servlet engine: tomcat6. > Starting Tomcat servlet engine: tomcat6. > > we see tomcat can restart but in log file i got this: > > 17 avr. 2012 12:16:30 org.apache.catalina.startup.Catalina start > INFO: Server startup in 6026 ms > 17 avr. 2012 12:19:20 org.apache.coyote.http11.Http11Protocol pause > INFO: Suspension de Coyote HTTP/1.1 sur http-8080 > 17 avr. 2012 12:19:20 org.apache.coyote.http11.Http11Protocol pause > INFO: Suspension de Coyote HTTP/1.1 sur http-8443 > 17 avr. 2012 12:19:21 org.apache.catalina.core.StandardService stop > INFO: Arrêt du service Catalina > 17 avr. 2012 12:19:21 org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads > GRAVE: The web application [/cas] appears to have started a thread named > [Thread-2] but has failed to stop it. This is very likely to create a > memory > leak. > 17 avr. 2012 12:19:21 org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads > GRAVE: The web application [/cas] appears to have started a thread named > [scheduler_Worker-1] but has failed to stop it. This is very likely to > create a memory leak. > 17 avr. 2012 12:19:21 org.apache.catalina.loader.WebappClassLoader > clearReferencesThreads > GRAVE: The web application [/cas] appears to have started a thread named > [scheduler_Worker-2] but has failed to stop it. This is very likely to > create a memory leak. > 17 avr. 2012 12:19:21 org.apache.coyote.http11.Http11Protocol destroy > INFO: Arrêt de Coyote HTTP/1.1 sur http-8080 > 17 avr. 2012 12:19:21 org.apache.coyote.http11.Http11Protocol destroy > INFO: Arrêt de Coyote HTTP/1.1 sur http-8443 > 17 avr. 2012 12:19:23 org.apache.catalina.startup.ClassLoaderFactory > validateFile > ATTENTION: Problem with directory [/usr/share/tomcat6/server/classes], > exists: [false], isDirectory: [false], canRead: [false] > 17 avr. 2012 12:19:23 org.apache.catalina.startup.ClassLoaderFactory > validateFile > ATTENTION: Problem with directory [/usr/share/tomcat6/server], exists: > [false], isDirectory: [false], canRead: [false] > 17 avr. 2012 12:19:23 org.apache.catalina.startup.ClassLoaderFactory > validateFile > ATTENTION: Problem with directory [/usr/share/tomcat6/shared/classes], > exists: [false], isDirectory: [false], canRead: [false] > 17 avr. 2012 12:19:23 org.apache.catalina.startup.ClassLoaderFactory > validateFile > ATTENTION: Problem with directory [/usr/share/tomcat6/shared], exists: > [false], isDirectory: [false], canRead: [false] > 17 avr. 2012 12:19:24 org.apache.coyote.http11.Http11Protocol init > INFO: Initialisation de Coyote HTTP/1.1 sur http-8080 > 17 avr. 2012 12:19:24 org.apache.tomcat.util.net.jsse.JSSESocketFactory > getStore > GRAVE: Failed to load keystore type JKS with path /root/.keystore due to > /root/.keystore (Permission denied) > java.io.FileNotFoundException: /root/.keystore (Permission denied) > at java.io.FileInputStream.open(Native Method) > at java.io.FileInputStream.<init>(FileInputStream.java:120) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:405) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) > at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) > at > org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) > at > org.apache.catalina.connector.Connector.initialize(Connector.java:1049) > at > > org.apache.catalina.core.StandardService.initialize(StandardService.java:703) > at > org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) > at org.apache.catalina.startup.Catalina.load(Catalina.java:538) > at org.apache.catalina.startup.Catalina.load(Catalina.java:562) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) > 17 avr. 2012 12:19:24 org.apache.coyote.http11.Http11Protocol init > GRAVE: Erreur à l'initialisation du point de contact > java.io.FileNotFoundException: /root/.keystore (Permission denied) > at java.io.FileInputStream.open(Native Method) > at java.io.FileInputStream.<init>(FileInputStream.java:120) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:405) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481) > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) > at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) > at > org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) > at > org.apache.catalina.connector.Connector.initialize(Connector.java:1049) > at > > org.apache.catalina.core.StandardService.initialize(StandardService.java:703) > at > org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) > at org.apache.catalina.startup.Catalina.load(Catalina.java:538) > at org.apache.catalina.startup.Catalina.load(Catalina.java:562) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) > 17 avr. 2012 12:19:24 org.apache.catalina.core.StandardService initialize > GRAVE: Failed to initialize connector [Connector[HTTP/1.1-8443]] > LifecycleException: L'initialisation du gestionnaire de protocole a > ÃSymbole C (copyright)chouÃSymbole C (copyright): > java.io.FileNotFoundException: /root/.keystore (Permission denied) > at > org.apache.catalina.connector.Connector.initialize(Connector.java:1051) > at > > org.apache.catalina.core.StandardService.initialize(StandardService.java:703) > at > org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) > at org.apache.catalina.startup.Catalina.load(Catalina.java:538) > at org.apache.catalina.startup.Catalina.load(Catalina.java:562) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) > 17 avr. 2012 12:19:24 org.apache.catalina.startup.Catalina load > INFO: Initialization processed in 1130 ms > 17 avr. 2012 12:19:24 org.apache.catalina.core.StandardService start > INFO: DÃSymbole C (copyright)marrage du service Catalina > 17 avr. 2012 12:19:24 org.apache.catalina.core.StandardEngine start > INFO: Starting Servlet Engine: Apache Tomcat/6.0.35 > 17 avr. 2012 12:19:24 org.apache.catalina.startup.HostConfig > deployDescriptor > INFO: DÃSymbole C (copyright)ploiement du descripteur de configuration > ROOT.xml > 17 avr. 2012 12:19:25 org.apache.catalina.startup.HostConfig deployWAR > INFO: DÃSymbole C (copyright)ploiement de l'archive cas.war de > l'application > web > -------------- > more info: i can load http page in port 8080 for tomcat, > also i have and i can load https & https:443 pages for apache2 > ------------- > it's 3 days that im stucking her, thanks for help. > > -- > View this message in context: > http://tomcat.10.n6.nabble.com/PLZ-help-i-ve-issue-with-SSL-TOMCAT-tp4889811p4889811.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Whats not clear here? GRAVE: Failed to load keystore type JKS with path /root/.keystore due to /root/.keystore (*Permission denied*)