Enabling SSL on Tomcat 6

Mon, 17 Jan 2011 22:55:46 -0800 

Hello,
I am trying to enable SSL on Tomcat 6 without any luck. I am using a self signed cert. I have placed my entries in the server.xml file below. 


Any thoughts on what I am doing wrong? I also pasted below the steps 
that I used to generate the cert.


<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
   enableLookups="false" disableUploadTimeout="true"
   acceptCount="100" scheme="https" secure="true"
   clientAuth="false" sslProtocol="TLS"
           SSLEngine="on"
           SSLCertificateFile="/ssl/server.csr"
           SSLCertificateKeyFile="/ssl/server.key"
           SSLPassword="password"
    />



WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
property 'SSLEngine' to 'on' did not find a matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule 
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
property 'SSLCertificateFile' to '/ssl/server.csr' did not find a 
matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule 
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
property 'SSLCertificateKeyFile' to '/ssl/server.key' did not find a 
matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule 
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting 
property 'SSLPassword' to 'password' did not find a matching property.


Steps to create a cert:

#selfsigned cert using openssl

openssl genrsa -des3 -out server.key 1024

openssl req -new -key server.key -out server.csr

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key


openssl x509 -req -days 365 -in server.csr -signkey server.key -out 
server.crt


keytool -genkey -alias tomcat -keyalg RSA -keystore /ssl/tomcatks

keytool -certreq -alias tomcat -file tomcat.csr -keystore /ssl/tomcatks

echo 02 > serial.txt


openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req 
-in tomcat.csr -out tomcat.cer -days 365


keytool -import -alias serverCA -file server.crt -keystore /ssl/tomcatks



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to