Still struggling with this. I'm amazed that implementing SSL in Tomcat is so difficult. It's not in straight Apache, or IIS. Is Tomcat really so different an animal?
I tried changing \\Program files to \\progra~1\ -- no joy. :-( A question I posed last week that got overlooked -- Am I supposed to import the .keystore into my cacerts file? When I open the cacerts file that came with the java install, it contains 30-40 certifs (key-pairs?) that I didn't create. __________________________________________ Gregory Beyer gbey...@gatech.edu -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Saturday, October 24, 2015 8:06 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat answers on port 80, not on 443 André, On 10/23/15 4:16 PM, André Warnier (tomcat) wrote: > On 23.10.2015 16:53, Beyer, Gregory L wrote: > ... > ############################## > # Inbound SSL Settings > ############################## > > org.apache.felix.https.enable=true > org.osgi.service.http.port.secure=443 > org.apache.felix.https.keystore=E:\\Program > Files\\Connector\\.keystore > org.apache.felix.https.keystore.password=REDACTED > org.apache.felix.https.keystore.key.password= REDACTED > org.apache.felix.https.truststore=C:\\Program > Files\\Java\\jre1.8.0_60\\lib\\security\\cacerts > org.apache.felix.https.truststore.password= REDACTED >> >> Question -- Does anyone think " Program Files" (space) above is >> contributing to the problem? >> > > Maybe, maybe not. It would depend on how "Felix" parses its > configuration files. > > <OT_rant> > But in any case, admitting spaces in file names is certainly one of > the stupidest and most costly ideas in the history of computing. > A close second would be making this a standard program installation > directory in some widely-distributed operating systems. > A close third would be using the same thing in the standard > installation path of some popular open-source software. > oh well.. > </OT_rant> > > Getting back on-topic however : I do not know anything about Felix, > and I have not really followed this thread. But assuming that this > Felix is a web application running under Tomcat, the fact that it has > the above in its own configuration file, rather than in some Tomcat > configuration file, would tend to make one suspect that Felix is > opening its own listening socket, of which Tomcat knows nothing. No ? > > And in such a case, there would be some conflict if one simultaneously > to deploying this web application, would try to open a Tomcat > Connector on the same port. > One of them is bound to fail. Felix is an OSGi thingy, which means it can ... do all kinds of things you didn't expect it to do. Like turning a server daemon (Tomcat) into a small component in a larger system in a single JVM where the daemon is no longer completely in charge of the process. So it's plausible that Felix would be configuring the <Connector> even if it had never been configured through server.xml. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
