Hello Rob, Do you have a stacktrace or error message that you can share?
Cheers, Luis El lun, 15 feb 2021 a las 1:26, Rob Sargent (<rsarg...@xmission.com>) escribió: > Yep, me again. > > Inching along here, unable as yet to re-create ssl traffic when not on > localhost. Moving from my basement (localhost) where ssl worked using > > SGSSRVR_keystoreFile = /home/rob/Downloads/tomcat/localhost-rsa.jks > SGSSRVR_truststoreFile = > /home/rob/Downloads/tomcat/localhost-rsa-cert.pem > SGSSRVR_storeType = JKS > > to my office with three separate machines where I can better impersonate > AWS. > Following Chris's adivce (since I've been given the green light to > self-sign) > > | Most people just want to mint a key+cert and have Tomcat use that > for TLS. You can do that very simply: > | $ keytool -genkey -keyalg RSA -sigalg SHA256withRSA -keysize 4096 > -alias ${HOSTNAME} -keystore ${HOSTNAME}.p12 -storetype PKCS12 -ext > san=dns:${HOSTNAME} > | Fill-out all the stuff. This gives you a new RSA key and a > self-signed certificate. If self-signed is okay with you, you are done. > > I put in my fully qualified hostname("k1"), and added the full path of > the .p12 file to my configuration props > > SGSSRVR_keystoreFile = > /home/u0138544/aws/deploy/server/k1.p12 > SGSSRVR_keystoreAlias = k1 > SGSSRVR_keystorePwd = as-assigned > SGSSRVR_truststoreFile = > /home/u0138544/aws/deploy/server/k1.p12 > SGSSRVR_truststoreAlias = k1 > SGSSRVR_truststorePwd = as-assigned > ##(with and without) > SGSSRVR_storeType = PCKS12 (JKStoo) > > and pick those up as follows (including trying only key and only trust > portions) > > done = done && connector.setProperty("sslProtocol", "TLS"); > done = done && connector.setProperty("keyAlias", > System.getProperty("SGSSRVR_keystoreAlias")); > done = done && connector.setProperty("keystorePass", > System.getProperty("SGSSRVR_keystorePwd")); > done = done && connector.setProperty("keystoreFile", > keyFile.getAbsolutePath()); > done = done && connector.setProperty("keystoreType", > System.getProperty("SGSSRVR_storeType")); > > done = done && connector.setProperty("truststoreType", > System.getProperty("SGSSRVR_storeType")); > done = done && connector.setProperty("truststoreFile", > trustFile.getAbsolutePath()); > done = done && connector.setProperty("truststorePassword", > System.getProperty("SGSSRVR_truststorePwd")); //always false > done = done && connector.setProperty("truststoreAlias", > System.getProperty("SGSSRVR_truststoreAlias")); //always false > > done = done && connector.setProperty("SSLEnabled", "true"); > done = done && connector.setProperty("clientAuth", "false"); > done = done && connector.setProperty("maxThreads", "200"); > done = done && connector.setProperty("SSLEnabled", "true"); > > if (! done) { > System.out.println("Some problem(s) in connector setup"); > } > > If anyone can tell me where I've gone wrong (again) I'm all ears. > > > > > > > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett