Re: Tomcat 5.5.20 SSL "no errors" not working

Mon, 12 Feb 2007 21:49:46 -0800 

Thank you Mark - that was it.

For others:
Swapping from java keystore to open ssl was a little tricky (I ordered my certs from comodo for "tomcat" ...which is only correct if you don't use APR) .... this information helped me alot: 

Extracting the *private key*
   Download, compile & run ExportPriv
   <http://mark.foster.cc/pub/java/ExportPriv.java> crafted from Andrew
   Morrow's posting @
   http://forum.java.sun.com/thread.jsp?forum=2&thread=154587&message=449486
   <http://forum.java.sun.com/thread.jsp?forum=2&thread=154587&message=449486>.
   The key will be produced to STDOUT. I suggest you redirect > to
   exported.key

   |javac ExportPriv.java
   java ExportPriv <keystore> <alias> <password> > exported-pkcs8.key |

   The private key is being exported as PKCS#8 PEM format. To get it
   into the RSA format that works with Apache (see below) you can issue
   the following command:
   |openssl pkcs8 -inform PEM -nocrypt -in exported-pkcs8.key -out
   exported.key |

javac compiles the java source code in |ExportPriv.java
the second line exports the private key.. into the pkcs8 format.... I then had a friend do the openssl conversion
in tomcat it is also worth noting that the configuration does not "use the implicit" catalina home - but requires full URIs ( c:/bla/bla/cert.crt )
after doing all these changes I had to restart the server twice for some reason before it stopped complaining about "multiple" socked bingings to the same IP/port combinations.... 

// Jan
|



Mark Thomas wrote:

Jan Eldenmalm wrote:

Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-88.208.211.112-443


You are using the APR connector. SSL is configured differently in this
case. See http://tomcat.apache.org/tomcat-5.5-doc/apr.html for details.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to