Someone may have already posted this, but since I just joined the
mailing list, I figured it might help someone else if it hasn't already
been sent.
I am having trouble getting an HTTPS connection to my tomcat server
using the native APR connector under Tomcat 5.5.12.
I am familiar with how to set up HTTPS connectors in 5.0.28 so I figured
it would be easy to set up in 5.5.12 using the APR connector, but I
think I am just missing something simple.
Under Tomcat 5.0.28 here is what we were using:
<Connector port="443"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="SSL"
keystoreFile="c:\certs\server\server.p12"
keystorePass="serverPassword"
keystoreType="PKCS12"
/>
After reading the docs located at
http://tomcat.apache.org/tomcat-5.5-doc/apr.html
I took a stab at using the existing server.p12 file and exported the
certificate in PEM encoding using Keystore Explorer 2.0 and saved it to
c:\certs\server\server.cer
When opening it in a text editor, I get the following which looks
correct.
-----BEGIN CERTIFICATE-----
MIICqzCCAhSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBgTEZMBcGA1UEAxMQcm9j
a2hvd3NlLmljLm9yZzEYMBYGA1UEChMPSW5maW5pdGUgQ2FtcHVzMRMwEQYDVQQL
EwpIb3N0aW5nIENBMRQwEgYDVQQHEwtBcmRlbiBIaWxsczESMBAGA1UECBMJTWlu
bmVzb3RhMQswCQYDVQQGEwJVUzAeFw0wNTExMjkyMTQ1MTVaFw0wNjExMjQyMTQ1
MTVaMIGDMRkwFwYDVQQDExByb2NraG93c2UuaWMub3JnMRgwFgYDVQQKEw9JbmZp
bml0ZSBDYW1wdXMxFTATBgNVBAsTDFNpdGUgTWFuYWdlcjEUMBIGA1UEBxMLQXJk
ZW4gSGlsbHMxEjAQBgNVBAgTCU1pbm5lc290YTELMAkGA1UEBhMCVVMwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAKhU44dOUQAaHPokbNbcoFvQpleL4zCJ6xKH
C3nP0bQzB9XoXHNp/ec4EKOGhwfITbo8eEhAdXrAZNNEcH0BQYtd7QaT1GMqyJrV
bQbcNBBqJnu9N4l8jAfclKp+6kMy2V4i6PIJB2E1zxTgS9ourhg36NGc1RCbUazz
0ussu8nbAgMBAAGjLzAtMAwGA1UdEwQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUH
AwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBAUAA4GBAIGX1f3uCQgIpqa+rVJgZ2se
FRRTPbZ576jpTqJtPlAARPCqBw2uM5tG36FV+dW9kVeWG3Y1GafLgpFUD5j/nl2p
p47mUjYhQFqEzOkoW3WuNspKuDkd5TACn721vECdaUVTUEmpJ5XBb9Q710chv9ZO
v6h8ZTNOoU2cvqJV3MhC
-----END CERTIFICATE-----
I then added the following connector to my server.xml
<Connector port="443"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
SSLCertificateFile="c:\certs\server\server.cer"
/>
But when I try to connect to the server using https://server/ the
browser times out and I get a page cannot be found error.
Thinking that it needed the private key as well I exported the primary
key in PEM format and saved it to c:\certs\server\server.pem
When I open it in a text editor, I get the following which also looks
correct
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKhU44dOUQAaHPok
bNbcoFvQpleL4zCJ6xKHC3nP0bQzB9XoXHNp/ec4EKOGhwfITbo8eEhAdXrAZNNE
cH0BQYtd7QaT1GMqyJrVbQbcNBBqJnu9N4l8jAfclKp+6kMy2V4i6PIJB2E1zxTg
S9ourhg36NGc1RCbUazz0ussu8nbAgMBAAECgYB5M8YwIn/IJwU+RwPnISyFb5KV
7q9Cv8t2p63no29G5Id7ybbnkyWyWngAhlirjdoJgojI3UC5hdYTGHA2UbUyzRe6
Fm5y26opOBYYfyLwu3hvVjYoIyhTX+QNfCRFcKNrIBKecmGmh+YIZwGGlru/1zHn
fp4YmVodfJqEARRfIQJBANESeiK95X1EBXEwNIah3KuxvdJlMNc4oMLuCdLuGm7I
9ViBYI+3giiFKZjGvtwfeNHWyiU5s4PnnAOd48pJdHcCQQDOHWl+CkQ/OxRTrxI8
P+++Ucn35h/TsnVmTMfGYoiGYwYvx46rSZ3a++0TKwUDVn3KXEBzIMKslw61yiEU
fyK9AkEAwZf3amYms3iiBW5apPQKjx21pLW4pQG1suqSRDPgXAdPUBX04P9O0dCE
dQhLwS6PRNc8NX4ZoSF9EMhKHo0n/wJAcYnII7L6Fy6vKs3kqKW7pcYeEF2GqLHE
c97VqVV7yTNhJA60a2x49TkTRhzLfSQ21LLumbyxICtx4ff/MvA5rQJAYOc1Dqmp
kSl7vTrSeUuO4yRPi/R7ALRs6dqQQTtQ9egC1F+3sgIWb6rdJOBsdtEeFx0AGgfF
+p3VdiyrJl2h5Q==
-----END PRIVATE KEY-----
I then modified the following connector in my server.xml
<Connector port="443"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
SSLCertificateFile="c:\certs\server\server.cer"
SSLCertificateKeyFile="c:\certs\server\serverKey.key"
SSLPassword="serverPassword"
/>
I also tried putting a few of the other attributes in that are SSL
specific but it's still a no-go:
<Connector port="443"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
SSLCertificateFile="c:\certs\server\server.cer"
SSLCertificateKeyFile="c:\certs\server\serverKey.key"
SSLPassword="serverPassword"
/>
And
<Connector port="443"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
secure="true"
SSLCertificateFile="c:\certs\server\server.cer"
SSLCertificateKeyFile="c:\certs\server\serverKey.key"
SSLPassword="serverPassword"
/>
And
<Connector port="443"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
SSLCertificateFile="c:\certs\server\server.cer"
SSLCertificateKeyFile="c:\certs\server\serverKey.key"
SSLPassword="serverPassword"
/>
All to no avail =(
I figure someone has gotten this working =D any assistance would be
muchly appreciated!!!
*Note* the PEM encoding above is valid as is the password for the
private key. This information isn't being used in production and is a
certificate I generated for testing purposes so feel free to use it to
test anything out.
-rOcK
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
