-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Zama,
Whoops, just realized this was a 4-month old thread. It looked new to me :) Anyhow, I hope me response helps... 4 months late. - -chris On 1/19/15 10:37 AM, Christopher Schultz wrote: > Zama, > > On 11/28/14 3:46 AM, Zama Ques wrote: >> I am trying to configure self signed certificate for our tomcat >> server. For that initially I created the keystore certificate >> file using keytool .The command I tried for this is: > >> keytool -genkey -alias example -keyalg RSA \ -keystore >> /home/zaman/certs/keystorefile.key > >> chmod 600 /home/zaman/certs/keystorefile.key > > Set the execute bit for a keystore? Odd. If it were me, I'd have > the mode set to 0440, depending upon the user/group overlap of the > Tomcat server process. > >> $ ls -l /home/zaman/certs/keystorefile.key -rw-r--r-- 1 zaman >> zaman 1329 Nov 27 15:51 /home/ssdg/certs/keystorefile.key > > That's not mode 600. That's also not > /home/zaman/certs/keystorefile.key. Is the keystore really 4 months > old? Something is not right, here. > >> Then un-commented the SSL connector tag in server.xml to add >> reference to keystore file: > >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" >> maxThreads="150" scheme="https" secure="true" >> keystoreFile="/home/zaman/certs/keystorefile.key" >> keystorePass="test123" clientAuth="false" sslProtocol="TLS" /> > >> After this I restarted tomcat server , but cannot access tomcat >> link (https://localhost:8443) using https. Nothing is seen in >> log file. > >> $ > netstat -apn | grep 8443 tcp 0 0 :::8443 :::* >> LISTEN 25759/java > >> What I am missing to make https work for tomcat using self >> signed certificate? > > How do you try to connect? What message do you get? Is there > *nothing at all* in the Tomcat log? There should be messages about > starting connectors, etc. > > What is in your keystore? > > $ keytool -list -keystore /home/zaman/certs/keystorefile.key > > -chris > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUvSVOAAoJEBzwKT+lPKRYa2kP/0a+anuUMshzh6L3oKB3VH50 X5pScU3LdsYSrlEBF+onwEAp677d5HlrRHi7Ek0tMHYwUgGduZKixkfB/a7iTFF1 WaJyvp1m7KQw0Rpk1oTSFRz875y8fF3en3Wet4AAHSxhEXKEwDXwkiaA45bcN8b5 vbZU7KfskrNdCcUWr3JDhN8VHOe7egBrpkB+CsVuitkV/VzcbGjfAN30MmtJ4PAM yL6+GdBK6yoVRV8bC+/DpSKaaNNdNnyUm3HY1fJXKJRMKmpubKoB/birmeVqkYlE Sim7kmwoQwAqF3tfFNQGwzQ0pTVcu+xdgxxQf2dEs2rPuPJTiGXMIWho/yU5dCR4 A2t4+1jXc6u00qTKebbnJu3PMmTowIhOjI9CkxofOgyeifeH/hnG79V6Z5qQZp7s 4/if6POp3bemrZRrbDO5qUrjC7t1m9RuLWAMIqvy6KXKaOewIjfZ8leev/dgSkmC 9HkJiaTQMrqOUsP5w7JCqhP6+m5q2mBadmvDdQCIN0D3V7/2cFOxJ3OYzNXrDX2b eYRQJGIYsiyfCKyDeofKrwOW8sLrrxK6OKM7RAji/whJI5bosrtbA3nOUOlKP3Rf dF8ED8xS2cpaMIpa/QfJa4Gc26KrwXhoJQ9hAUEw1LIZVDYuK7IsoIE7z7/b9j7t hDy0ev7PK7G08oGtYRkA =Lyzq -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
