--- Begin Message ---
Sonny:
Just as port 80 is the standard HTTP port, port 443 is the standard
HTTPS port. Similarly, just as the default Tomcat installation is
configured to run on HTTP port 8080, it is also set to accept HTTPS
requests on port 8443. By default, I also believe that Tomcat is
configured so that the JK2 connector forwards HTTPS requests to Tomcat
on port 8443. So, unless you change the SSL port from 8443 to 443, you
must specify port 8443 in the URL when you access your SSL application:
https://localhost:8443/ssl-application
If you change port 8443 to 443, you no longer need to specify any port
in the URL:
https://localhost/ssl-application
Derek
-------------------------------------
Derek Mahar
Software Developer
Penson Financial Services Canada
360 St-Jacques St West, 12th Floor
Montreal QC H2Y 1P5
514.841.9665 x212 Phone
514.841.9700 Fax
-------------------------------------
-----Original Message-----
From: Sonny Sukumar [mailto:[EMAIL PROTECTED]
Sent: October 11, 2003 9:22 PM
To: [EMAIL PROTECTED]
Subject: Re: [HELP!] Which key alias names to use for SSL?
3rd update:
For the 2nd issue below, I had some "http" references in my static html
file--that's why I was getting the message about the page having
unencrypted
elements on it. :-)
I still haven't figured out the 1st issue regarding ports 443/8443, but
443
is the one I want anyhow, so it's not critical that I figure that out
(although I'm curious!)
Sonny
>From: "Sonny Sukumar" <[EMAIL PROTECTED]>
>
>
>2nd Update:
>
>--I reconfigured the SSL port from 8443 to 443 on our server (as well
>as
>the redirect port), and all of a sudden I can connect using SSL. I
don't
>understand why 8443 didn't work. Any ideas??
>
>--Now when I request static HTML pages, I get a browser alert saying
>that
>some of the info on the requested page is NOT encrypted, so it displays
a
>lock broken in half instead of the golden lock I so desire. :-( I
can't
>understand how a page would get partially encrypted--especially a
static
>HTML page.
>
>I'm not sure if it's relevant, but I use Cocoon for the backend (2.1.2)
>in
>conjunction with Tomcat (4.1.27) on Linux (RedHat 7.3).
>
>Sonny
>
>>From: "Sonny Sukumar" <[EMAIL PROTECTED]>
>>
>>
>>Update: I did a "keytool -list" with the "-rfc" options and discovered
>>that all the certs *are* in fact there, but just that public/private
key
>>were bundled together under the same alias. The way it lists the
certs by
>>default is what confused me.
>>
>>HOWEVER, I uploaded the keystore to our server, set up server.xml, and
>>restarted Tomcat, but every single secure connection I attempt just
times
>>out. I don't understand why this happens.
>>
>>Here's my server.xml SSL connector:
>>
>> <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
>> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>> port="8443" minProcessors="5" maxProcessors="75"
>> enableLookups="true"
>> acceptCount="100" debug="0" scheme="https" secure="true"
>> useURIValidationHack="false"
disableUploadTimeout="true"
>> compression="on">
>> <Factory
>>className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
>> clientAuth="false" protocol="TLS"
keystorePass="changeit"
>> keystoreFile="conf/.keystore"/>
>> </Connector>
>>
>>Btw, does anybody know how to secure the server.xml file? It contains
>>some clear text passwords, so this really concerns me! (Yes, I know
>>"changeit" is the default password even without specifying it here).
>>
>>Also, I don't currently have any <security-contraint>s set in my
>>web.xml.
>>
>>Thanks for any insights!
>>
>>Sonny
>>
>>>From: "Sonny Sukumar" <[EMAIL PROTECTED]>
>>>Reply-To: [EMAIL PROTECTED]
>>>To: [EMAIL PROTECTED]
>>>Subject: Re: [HELP!] Which key alias names to use for SSL?
>>>Date: Sat, 11 Oct 2003 14:12:17 -0700
>>>
>>>
>>>Hi Adam,
>>>
>>>Your first step was:
>>>># keytool -genkey -alias tomcat -keyalg RSA
>>>
>>>and your last step was:
>>>># keytool -import trustcacerts -file public.crt -alias tomcat
>>>
>>>So you used the same alias ("tomcat") for both the private key and
>>>the
>>>signed public key. This is what doesn't work for me, because when I
>>>import the signed public key using the same ("tomcat") alias, my
private
>>>key gets overwritten. I've verified this using "keytool list
-keystore
>>>./.keystore"
>>>
>>>I also have the root cert from GeoTrust in there with alias "root".
>>>The
>>>root cert is actually an Equifax cert valid from 1998 to 2018, but
the
>>>GeoTrust tech support rep told me to use that one. Could this be the
>>>problem?
>>>
>>>Other ideas?
>>>
>>>Thanks,
>>>
>>>Sonny
>>>
>>>>From: Adam Hardy <[EMAIL PROTECTED]>
>>>
>>>>On 10/11/2003 09:08 PM Sonny Sukumar wrote:
>>>>>
>>>>>[I sent this once before, but got no response, and I'm not sure
>>>>>what to
>>>>>do. Thanks in advance.]
>>>>>
>>>>>Hi guys,
>>>>>
>>>>>I'm trying to setup my Tomcat (4.1.27) server to work with SSL. I
>>>>>got
>>>>>a CA-signed cert to go with my private key and CA root cert, but
I'm
>>>>>confused as to how to name the alias for the CA-signed-cert and my
>>>>>private key.
>>>>>
>>>>>The Tomcat SSL How-To is confusing me, becuase it says to give the
>>>>>"tomcat" alias to both the private key and the CA-signed key. I
tried
>>>>>it and it overwrote my private key (luckily I made a backup of my
>>>>>keystore).
>>>>>
>>>>>I'm looking at this documentation:
>>>>>http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
>>>>>
>>>>>It also doesn't seem possible to configure the alias names in
>>>>>server.xml. So what alias names should I use? :-)
>>>
>>>_________________________________________________________________
>>>Instant message with integrated webcam using MSN Messenger 6.0. Try
>>>it
>>>now FREE! http://msnmessenger-download.com
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>
>>_________________________________________________________________
>>Share your photos without swamping your Inbox. Get Hotmail Extra
>>Storage
>>today! http://join.msn.com/?PAGE=features/es
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
>_________________________________________________________________
>Frustrated with dial-up? Get high-speed for as low as $29.95/month
>(depending on the local service providers in your area).
>https://broadband.msn.com
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
_________________________________________________________________
Instant message during games with MSN Messenger 6.0. Download it now
FREE!
http://msnmessenger-download.com
--- End Message ---
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
