-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Zama,
On 11/28/14 3:46 AM, Zama Ques wrote: > I am trying to configure self signed certificate for our tomcat > server. For that initially I created the keystore certificate file > using keytool .The command I tried for this is: > keytool -genkey -alias example -keyalg RSA \ -keystore > /home/zaman/certs/keystorefile.key > > chmod 600 /home/zaman/certs/keystorefile.key Set the execute bit for a keystore? Odd. If it were me, I'd have the mode set to 0440, depending upon the user/group overlap of the Tomcat server process. > $ ls -l /home/zaman/certs/keystorefile.key -rw-r--r-- 1 zaman zaman > 1329 Nov 27 15:51 /home/ssdg/certs/keystorefile.key That's not mode 600. That's also not /home/zaman/certs/keystorefile.key. Is the keystore really 4 months old? Something is not right, here. > Then un-commented the SSL connector tag in server.xml to add > reference to keystore file: > > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > keystoreFile="/home/zaman/certs/keystorefile.key" > keystorePass="test123" clientAuth="false" sslProtocol="TLS" /> > > After this I restarted tomcat server , but cannot access tomcat > link (https://localhost:8443) using https. Nothing is seen in log > file. > > $ > netstat -apn | grep 8443 tcp 0 0 :::8443 > :::* LISTEN 25759/java > > What I am missing to make https work for tomcat using self signed > certificate? How do you try to connect? What message do you get? Is there *nothing at all* in the Tomcat log? There should be messages about starting connectors, etc. What is in your keystore? $ keytool -list -keystore /home/zaman/certs/keystorefile.key - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUvSTVAAoJEBzwKT+lPKRYd68P/01Hz4kS5zlfsuRXgazMYmo1 rxDV6C+LZDQJJ+p5jcmmzcoOSexmKiRA4EkQHWacfSNKg3oizTtQ9Y1wliBvlGxg sDeAgXjxyyQpqmkzuiHXVsQFjn9VoTOkq+g9Yd0iJERMQ0abmkdrAblXXGLPVxxh 85lnSpDmz8a34S1QayW4JpvjJMvA+dUoUCKTTIquE/ruAS/MnusjcXNeec1zyE4o eOAYj3qyw2E2UHL6/Iaprp1BckgMxiXUHHB+hbCwHe9NGjr9ybD96Ov0jYkC6lmh 6RjNR9ZHXfghEOZgNcSB3JNldYqiatA9kmqcHoRXf3RMUsSR+hV2n2wLYp9GjNCH CTF1R9bRcBTZNauU6xhAF7QkVqhqqhBJ0HgBJuGl6xsuKUHEe1QNx4gJgrMN6HE6 uAIRwk7J32IWGqiSGgdVA4PgtwTbasvm33WGAE7HTzED0FaiyscEr50gjocXNQ3W hKmLaUr/nITrDhrqoooT/6DVjZ3dvt7KXWI9RT+ueEUTQ/0AfFmrUyNj2gz3bIKH bG+F4Su2g7imjqwG/PIh3GLchLv0OkPs6RVT5dCeI/KH4AUBnf61OKOp8yZbousD J/KdQwf2tHNUrc+By1r8886p8X2QQZ2QwFRLT1MOzhRGlfYNMxA4QldsVITY2e5l 6IcfvbK1SRpCIUZWDsZ+ =im07 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
