Embedded Tomcat SSL
Hi all, Can anybody show me how I might get SSL working with embedded Tomcat. When creating a Connector I have set the value of the secure parameter equals to true but after this I am not sure what else I need to do. I have taken a look at the code of Embedded and I notice that there is a comment of FIX ME where the HTTPS protocol is handled. Does this mean that the implementation of SSL with embedded Tomcat is not complete? } else if (protocol.equals(https)) { connector = new Connector(); connector.setScheme(https); connector.setSecure(true); // FIXME SET SSL PROPERTIES } / Cheers, Tom _ Start dating right now with FREE Match.com membership! http://match.msn.ie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a Cannot find server error in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. // Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); embedded.addConnector( httpConnector ); embedded.start(); // Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Embedded Tomcat SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, sslProtocol, TLS); IntrospectionUtils.setProperty(connector, keypass, keystore-password); IntrospectionUtils.setProperty(connector, keystore, path-to-keystore); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ It's finally here! Download Messenger 7.0 - still FREE http://messenger.msn.co.uk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a Cannot find server error in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. // Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); embedded.addConnector( httpConnector ); embedded.start(); // Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Embedded Tomcat SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, sslProtocol, TLS); IntrospectionUtils.setProperty(connector, keypass, keystore-password); IntrospectionUtils.setProperty(connector, keystore, path-to-keystore); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Start dating right now with FREE Match.com membership! http://match.msn.ie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
Hi Aleksandar, When I enabled logging using the BasicConfigurator I now get much more logging information (how exactly the logging is configured and what impact the value of CATALINA_HOME has I havent been able to figure out but Im sure Ill get it eventually). Anyway the exception being displayed is / 179070 [http-443-Processor4] DEBUG org.apache.tomcat.util.net.PoolTcpEndpoint - Handshake failed javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) Im guessing this exception is occurring because the server is trying to authenticate the client and expects the client to send a certificate so I updated my code by adding the line IntrospectionUtils.setProperty(httpConnector, clientauth, false); This hasnt resolved my problem but Im sure Ill figure it out eventually. Thanks for all your help. Tom From: Aleksandar Valchev [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Embedded Tomcat SSL Date: Tue, 31 May 2005 13:14:14 +0300 On Tuesday 31 May 2005 12:39, tom ONeill wrote: You see tomcat home page on http://localhost:443/ because tomcat redirects connection (I think so :) ). I test this on jakarta-tomcat-5.5.9-embedded: Connector httpConnector = new Connector(); httpConnector.setScheme(https); httpConnector.setSecure(true); httpConnector.setEnableLookups(false); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); IntrospectUtils.setProperty(httpConnector, address, InetAddress.getLocalhost()); IntrospectUtils.setProperty(httpConnector, port, +443); Of course you have to create your keystore according to tomcat-5.5.9 documentation. See in your logs. There has to be errors. To see more tomcat messages while tomcat starts add at the top of your code BasicConfigurator.configure(). This line configures commons-logging to output debug messages. If you see Cannot find server, I think the problem is in your httpConnector. While tomcat starts it looks for certificate and private key and if it does not find it connector just would not start. I advise you to see your logs ($CATALINA_HOME/logs directory) more carefully. Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a Cannot find server error in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. /// /// Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); embedded.addConnector( httpConnector ); embedded.start(); /// /// Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Embedded Tomcat SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, sslProtocol, TLS); IntrospectionUtils.setProperty(connector, keypass, keystore-password); IntrospectionUtils.setProperty(connector, keystore, path-to-keystore); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ It's finally here! Download Messenger 7.0 - still FREE http://messenger.msn.co.uk - To unsubscribe, e-mail