-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chuck,
On 1/22/14, 8:26 PM, Caldarale, Charles R wrote: >> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] >> Subject: Weird issue setting up SSL on a WinDoze box > >> Caused by: java.lang.Exception: Connector attribute >> SSLCertificateFile must be defined when using SSL with APR > >> The relevant connector tag in server.xml is, on this >> installation, <Connector port="443" protocol="HTTP/1.1" >> SSLEnabled="true" maxThreads="150" scheme="https" secure="true" >> keystoreFile="C:/Program Files/Apache Software Foundation/Tomcat >> 7.0/wttomcat.ks" keyAlias = "wintouch" clientAuth="false" >> sslProtocol="TLS" /> > > You have installed and enabled the APR connector, but are trying to > use the Java keystore. To be a bit more clear: when you don't specify the exact class name of your Connector, there are two defaults: APR connector if APR is available, and BIO connector otherwise. So you are a victim of a silent default that you didn't know about. > APR uses OpenSSL, so its configuration is quite different, as is > the certificate file: > > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native > > If you want to use the Java SSL mechanism (it's slower), comment > out the APR listener in server.xml: > http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#APR_Lifecycle_Listener_-_org.apache.catalina.core.AprLifecycleListener Or > set SSLEngine="off" in the Listener's configuration. I guess you might still want to use the native random-number generator for session ids, though APR without SSL is kind of ... silly. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4VOeAAoJEBzwKT+lPKRYBQkQAMGK2TmpSbtWlWovxikE7Sjx 2qrJmO3U1Bte4gsgmh6TH7Vw8/8cqg3e4geeOyCf49phhZ/8Q6OmLoDGtinthNzE +afgv2v/9oKE/FrVUNOTVQIOl0nocb7W09JMjJ1xFuwm3d2l8+pJGy2zXHBW9cyy DB0HQUGa+AaNXqhCEjQ8dSf15E4Amrlc9HlP6P76Reu1Kbo++T+0Ex7ierYf3MfM 1tpT8xSX26wQP/15EZEuA3p59xZdBBH72bFHcLE34UrH/j2SnLMJROG+VeNrX7Z7 j+9C4fkfMX5Wxv8kIz9u9N//Gr/pnaRWGacGp5GdS5taoYTa5/kVBO5z1bbG8YeA yT95/kWt4053IOg1Iv00eZhMSjuNJb8X/TexKvgaMI06IicjrP9koMfNh4XxDSRv SMqhmrQhOhhJ2caZJDdVt5shBGPNLa0e12hBMxszwA6EOx31KZByYpwaQZOZ34g5 vvfvT12SYPq02i+tdzwBagzrQgL1ANwCiwVY5sNNq4VJXXnDJkYtuPEptiGxO0vv JhCwonwROsLxo3Hnc4yOnE3Vpk8cdnPhv/gnciFb5/2WI7MNTfAxcSLW3Q+g+0zo ILIvxheJ0pxL8pJgLFKlUE6nrkc8qW+LsWF0/HPKj81a90AuggevLK+EbZ2wsROE Alx/EdPraWvXVlz8WrWy =NGls -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
