Julie McCabe wrote: > Thanks for the advise - ive tried various permutations of trying to use an > exisiting CA signed X509 certificate to enable SSL with tomcat. From > reading various mailing lists it appears this is a frequent problem but one > that many people have solved using the solutions I have tried - perhaps Im > missing something? My environment is Java 1.5.0_06, Tomcat 5.5.12, Fedora > Core 4, my certificate is signed my the eScience CA in the UK. > > Here are my findings ... > > Splitting the p12 file into a crt and key: > In the conf/server.xml > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > SSLEngine="on" > SSLCertificateFile="certificate.crt" > SSLCertificateKeyFile="certificate.key" > SSLPassword="pass" /> > > Error message splitting the p12 file into crt and key: > java.io.FileNotFoundException: /home/jm/.keystore (No such file or > directory) at java.io.FileInputStream.open(Native Method) > at java.io.FileInputStream.<init>(FileInputStream.java:106) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactor >y.java:279) ....... > It appears that Tomcat 5.5.12 is ignorning my configuration of the https > connector and looking for the default JKS keystore - which I hadnt created > - therefore I created the keystore adding a self-signed certificate and yes > it enabled https connection but not using the intended certificates so > effectively this does not work either.
If you want your HTTPS Connector use this configuration above, you need to use APR (i. e. copy libtcnative-1.so to some directory where Tomcat can find it). http://tomcat.apache.org/tomcat-5.5-doc/apr.html Regards mks --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
