Quantcast

Enabling SSL on Tomcat 6

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Enabling SSL on Tomcat 6

sshah
Hello,

I am trying to enable SSL on Tomcat 6 without any luck. I am using a
self signed cert. I have placed my entries in the server.xml file below.

Any thoughts on what I am doing wrong? I also pasted below the steps
that I used to generate the cert.

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
            SSLEngine="on"
            SSLCertificateFile="/ssl/server.csr"
            SSLCertificateKeyFile="/ssl/server.key"
            SSLPassword="password"
     />


WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'SSLEngine' to 'on' did not find a matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'SSLCertificateFile' to '/ssl/server.csr' did not find a
matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'SSLCertificateKeyFile' to '/ssl/server.key' did not find a
matching property.
Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property 'SSLPassword' to 'password' did not find a matching property.

Steps to create a cert:

#selfsigned cert using openssl

openssl genrsa -des3 -out server.key 1024

openssl req -new -key server.key -out server.csr

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key

openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt

keytool -genkey -alias tomcat -keyalg RSA -keystore /ssl/tomcatks

keytool -certreq -alias tomcat -file tomcat.csr -keystore /ssl/tomcatks

echo 02 > serial.txt

openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req
-in tomcat.csr -out tomcat.cer -days 365

keytool -import -alias serverCA -file server.crt -keystore /ssl/tomcatks



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Enabling SSL on Tomcat 6

amcereijo cereijo
Hi,

I have this configuration for my tomcat 6.0.30

<Connector port="8449" maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
 SSLEnabled="true"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
 enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS"
keystoreFile="conf\tomcatserver.keystore"
 keystorePass="tomcat"/>

Your changes about my configuration:

   - where I have keystoreFile="conf\tomcatserver.keystore" I think you must
   put "tomcatks" (I think this your keystore)
   - where I have keystorePass="tomcat" I think you must put password for
   "tomcatks"


Regards, Ángel.

2011/1/18 Suneet Shah <[hidden email]>

> Hello,
>
> I am trying to enable SSL on Tomcat 6 without any luck. I am using a self
> signed cert. I have placed my entries in the server.xml file below.
>
> Any thoughts on what I am doing wrong? I also pasted below the steps that I
> used to generate the cert.
>
> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
>   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>   enableLookups="false" disableUploadTimeout="true"
>   acceptCount="100" scheme="https" secure="true"
>   clientAuth="false" sslProtocol="TLS"
>           SSLEngine="on"
>           SSLCertificateFile="/ssl/server.csr"
>           SSLCertificateKeyFile="/ssl/server.key"
>           SSLPassword="password"
>    />
>
>
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLEngine' to 'on' did not find a matching property.
> Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLCertificateFile' to '/ssl/server.csr' did not find a matching property.
> Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLCertificateKeyFile' to '/ssl/server.key' did not find a matching
> property.
> Jan 17, 2011 9:50:54 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLPassword' to 'password' did not find a matching property.
>
> Steps to create a cert:
>
> #selfsigned cert using openssl
>
> openssl genrsa -des3 -out server.key 1024
>
> openssl req -new -key server.key -out server.csr
>
> cp server.key server.key.org
>
> openssl rsa -in server.key.org -out server.key
>
> openssl x509 -req -days 365 -in server.csr -signkey server.key -out
> server.crt
>
> keytool -genkey -alias tomcat -keyalg RSA -keystore /ssl/tomcatks
>
> keytool -certreq -alias tomcat -file tomcat.csr -keystore /ssl/tomcatks
>
> echo 02 > serial.txt
>
> openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req -in
> tomcat.csr -out tomcat.cer -days 365
>
> keytool -import -alias serverCA -file server.crt -keystore /ssl/tomcatks
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Enabling SSL on Tomcat 6

Konstantin Kolinko
In reply to this post by sshah
2011/1/18 Suneet Shah <[hidden email]>:
> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLEngine' to 'on' did not find a matching property.

There are two implementations of SSL available in Tomcat.  One is
implemented using Java cryptography API.  Another uses native
libraries.

Your connector is pure java (Nio), but your configuration settings are
for the APR (native) connector. Thus the warning messages in your log.
Read the docs more carefully - it is described there.

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...