I use this in my configuration and it works, i think you miss the
protocol and scheme attribute.
Ciao.
Stefano.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/local/tomcat/conf/.keystore"
keypass="tomcat" />
Il giorno ven, 22/10/2010 alle 07.45 -0700, Richard da Silva ha scritto:
> "You need to specify that it's an HTTP connector, rather than say an
> AJP connector.
>
> Check your configuration against the docs."
>
>
> Sorry, I don't understand what you said. Specify this where, exactly?
>
> And, which docs should I check? I've been over everything, and have found
> nothing remotely addressing my problem.
>
>
> Richard da Silva
>
> --- On Fri, 10/22/10, Pid * <[email protected]> wrote:
>
> From: Pid * <[email protected]>
> Subject: Re: SSL Certificate : Unable to configure Tomcat "server.xml"
> To: "Tomcat Users List" <[email protected]>
> Date: Friday, October 22, 2010, 4:04 PM
>
> On 22 Oct 2010, at 13:54, Richard da Silva <[email protected]> wrote:
>
> > Hi all,
> >
> > I've been fighting with a very silly problem all day.
> >
> > I have an instance of Sun Identity Manager (IDM) running on a Tomcat server.
> >
> > To be able to use some of its Resources features, we have had to create and
> > install SSL Certificates.
> >
> > Using some of the online documentation on the installation of SSL
> > Certificates, I was able to successfully copy the Certificate to the
> > keystore. (I did not create a new keystore. Instead, I used the
> default keystore which comes with the JAVA kit : "cacerts" )
> >
> > Everything seemed to work fine, and I got the confirmation message saying :
> > "Certificate installed in keystore"
> >
> > The final stage involves configuring the Tomcat "server.xml" file, to be
> > able to allow SSL connection, and also to pinpoint the location of the
> > Keystore.
> >
> > First, I commented out the "Connector Port 8080" details. And then, I
> > modified the "Connector port 8443" as follows :
> >
> >
> > <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150"
> > minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
> > disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
> > SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="tomcat"
> > keystoreFile="C:\Program Files\Java\jdk1.6.0_21\jre\lib\security\cacerts"
> > keypass="my_password"/>
>
> You need to specify that it's an HTTP
> connector, rather than say an
> AJP connector.
>
> Check your configuration against the docs.
>
>
> p
>
>
> > And, this is where my problems began.
> >
> > For some reason, I cannot get this to work.
> >
> > At first, I was using Tomcat version 6.0.21
> >
> > I began to get several errors in my Tomcat window
> >
> > (a) only one usage allowed for each of the following : port / protocol /
> > maxThreads,
> >
> > etc, etc
> >
> > (b) System parameter "maxThreads"........no match found for parameter;
> > System parameter "scheme"........no match found for parameter;
> > System parameter "clientAuth"........no match found for parameter;
> >
> > etc, etc
> >
> >
> >
> > I began to wonder if, maybe, there was something wrong with the Tomcat
> > version (6.0.21)
> >
> > Last year, I had successfully performed a
> similar procedure (installed Certificate, modified Tomcat server.xml file,
> etc). But, that version I used was : 6.0.18
> >
> > So, I decided to try it. I downloaded an older version of Tomcat (6.0.18),
> > and repeated the process all over again.
> >
> > This time, there were none of the above-mentioned errors. But, I got
> > another error :
> >
> > Alias "tomcat" not found.
> >
> > So, I removed that line ----- keyAlias="tomcat" ---- and re-started the
> > server.
> >
> > This time, something else happened : when I start-up the server, the Tomcat
> > window goes haywire. I see phrases and lines of data (output) flashing on
> > the screen at the speed of light. And, then, my computer hangs. I have to
> > re-boot it, to get it working again.
> >
> > I'm at a total loss.
> >
> > I have racked my brain for any and all possible causes. At first, I thought
> > that, maybe, I ought to have created a whole
> NEW keystore (as it mentions in the online manual). But, since I was able to
> successfully import my certificate into the default "cacerts", I figured that
> was not the reason.
> >
> > And, besides, there is obviously something wrong with the newer version of
> > Tomcat, because the older version (which I am now using), did not give me
> > those earlier errors.
> >
> > But, I still do not know what I am doing wrong.
> >
> > Any help will be greatly appreciated.
> >
> >
> > Thanks.
> >
> >
> > Richard da Silva
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
>
>
>
