Re: Please help me in enabling SSL certificate

Venkataraman Srinivasan Thu, 02 Aug 2018 11:24:52 -0700


Hi ,


I am using tomcat version 8.5.32


I made the below entry  in Server.xml

 <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more 
named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->


    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector port="8443" protocol="HTTP/1.1"
               connectionTimeout="20000"
                />




   <Connector port="8443"  protocol="org.apache.coyote.http11.Http11NioProtocol"
            
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
            maxThreads="200" secure="true"  scheme="https" >
               <Certificate certificateFile="/home/apexadmin/.keystore"
                            keystorePass="xxxxx" type="RSA"
                            clientAuth="false" SSLEnabled="true" 
sslProtocol="TLS"
                             >
               </Certificate>
    </Connector>   

'
When I tried to login, https://webapxt03.rta:8443, the log file 
catalina.2018-08-02.log recorded as below 


CATALINA.OUT has got entries as below


02-Aug-2018 14:04:24.926 SEVERE [main] 
org.apache.catalina.core.StandardService.initInternal Failed to initialize 
connector [Connector[HTTP/1.1-8443]]
 org.apache.catalina.LifecycleException: Failed to initialize component 
[Connector[HTTP/1.1-8443]]
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
        at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
        at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        ... 12 more
Caused by: java.net.BindException: Address already in use
        at sun.nio.ch.Net.bind0(Native Method)
        at sun.nio.ch.Net.bind(Net.java:444)
        at sun.nio.ch.Net.bind(Net.java:436)
        at 
sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
        at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:210)
        at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086)
        at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
        at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
        at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
        ... 13 more


I used SSL/TLS Configuration HOW-TO of Apache Tomcat 7 document



>>> Christopher Schultz <ch...@christopherschultz.net> 8/2/2018 12:44 PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Venkataraman,

On 8/2/18 12:14 PM, Venkataraman Srinivasan wrote:
> Chris,
> 
> Thanks for your reply.  I will implement your recommendations in my
> next iterations.
> 
> Currently I did as below.
> 
> I copied the keystore file as /home/apexadmin/.keystore
> 
> and made below entry in server.xml

What version of Tomcat are you using? Which part of the user guide are
you reading? I just want to make sure you are following the right
guide for the right version.

> <Connector port="8080"
> protocol="org.apache.coyote.http11.Http11NioProtocol" 
> maxThreads="200" redirectPort="8443" scheme="https" > <Certificate
> certificateFile="/home/apexadmin/.keystore" keystorePass="xxxxx"
> type="RSA" clientAuth="false" SSLEnabled="true" sslProtocol="TLS"
>> 
> </Certificate> </Connector>

You will need to set a few more attributes on the <Connector>:

   SSLEnabled="true"
   secure="true"

The next part depends upon your Tomcat version.

> Opened the port 8443 and recycled tomcat.

The <Connector> defined above is listening on port 8080. That is
unusual; most people would expect port 8080 to be a plaintext HTTP
port, while port 8443 would be the non-privileged HTTPS port.

Especially for testing, consider leaving the <Connector> for port 8080
as it was originally defined (without HTTPS) and configure a second
<Connector> for HTTPS on port 8443.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org 
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ 

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjNNYACgkQHPApP6U8
pFi2UQ//SPU5itX1zh/lV/ICZYTOwiSSeF8EQfxWK1bZ9jCx3Pk44AMBRMRQqjl2
HMKRH/LsSMQp5iwtVBFKbjZyjG8btNMnmREUjFkMJHoFUh1IK0WVqybpeUSnl2BH
+TdS6Z9twZd5q9/UybsJZScdgfV9IFECAM9xmG21ty92+xBqkbeSPUc62gf/A783
4P6yAYLIM3ctMHIzjwTJQ78vxTxLjsfrXvQaIC/dGefrKM6dcpxklQ/me4JNp6Lu
GajNkuEhm20u8P172rVFdqr4NgdGlLd6UP3XXeRl1BNnCvvAI9B/HsYQ1ZOZ1pDe
Zh3Jjamdx8neCBoZBCB7Pg/BmyuJ3RQRkA2w4APIMxoY7Bw0aYT2JpZdQqUaLFN+
Omzqf4pjpyFfRYlyhsTmbFviqbaIT4+XJ+SZPt4TYUuqawGp7vRJOTaQwfyJfJq+
he0XNEJWNGOzPjcdyuoJevjLONM0h7fenTAfZUUTkzmLxkMoRMSO9sIkQy46f4Z7
vG7x3MdSvrJKgWEbUSKjsCvtuYfCATf7bPk+1KJQUTMiSmk/E8OVq6q9BrcOVl1Z
NXWPHOT3rN0JBtBbZNzmBPz3yYywy5zKD6FTeBwbQDn2Z+KInfMOT7+40954PUXI
j4b4vEL1H0hunoV9hRKUHpeQbLOumITocQ6Wzd9vmo6qA1tys2U=
=lTPy
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
For additional commands, e-mail: users-h...@tomcat.apache.org 


----------

This email has been scanned for spam and viruses. Visit the following link to 
report this email as spam:
https://attseg.cloud-protect.net/index01.php?mod_id=11&mod_option=logitem&mail_id=1533228251-jk51pyRbptjj&r_address=venkataraman.srinivasan%40gcrta.org&report=1

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help me in enabling SSL certificate

Reply via email to