Hello, Thanks for that ... I installed APR but also needed a certificate which included the Netscape cert type set to SSL Server. Incidentally, I tried the other 2 methods with the new certificate but they failed - I have to set this up in Windows also - I probably need a none SSL based HTTPS enabled connector for windows?
Thanks, Julie. On Thursday 16 March 2006 12:13, Markus Schönhaber wrote: > Julie McCabe wrote: > > Thanks for the advise - ive tried various permutations of trying to use > > an exisiting CA signed X509 certificate to enable SSL with tomcat. From > > reading various mailing lists it appears this is a frequent problem but > > one that many people have solved using the solutions I have tried - > > perhaps Im missing something? My environment is Java 1.5.0_06, Tomcat > > 5.5.12, Fedora Core 4, my certificate is signed my the eScience CA in the > > UK. > > > > Here are my findings ... > > > > Splitting the p12 file into a crt and key: > > In the conf/server.xml > > <Connector port="8443" maxHttpHeaderSize="8192" > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > enableLookups="false" disableUploadTimeout="true" > > acceptCount="100" scheme="https" secure="true" > > SSLEngine="on" > > SSLCertificateFile="certificate.crt" > > SSLCertificateKeyFile="certificate.key" > > SSLPassword="pass" /> > > > > Error message splitting the p12 file into crt and key: > > java.io.FileNotFoundException: /home/jm/.keystore (No such file or > > directory) at java.io.FileInputStream.open(Native Method) > > at java.io.FileInputStream.<init>(FileInputStream.java:106) > > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFact > >or y.java:279) ....... > > It appears that Tomcat 5.5.12 is ignorning my configuration of the https > > connector and looking for the default JKS keystore - which I hadnt > > created - therefore I created the keystore adding a self-signed > > certificate and yes it enabled https connection but not using the > > intended certificates so effectively this does not work either. > > If you want your HTTPS Connector use this configuration above, you need to > use APR (i. e. copy libtcnative-1.so to some directory where Tomcat can > find it). http://tomcat.apache.org/tomcat-5.5-doc/apr.html > > Regards > mks > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
