Hello Rob,
Do you have a stacktrace or error message that you can share?
Cheers,
Luis
El lun, 15 feb 2021 a las 1:26, Rob Sargent (<rsarg...@xmission.com>)
escribió:
> Yep, me again.
>
> Inching along here, unable as yet to re-create ssl traffic when not on
> localhost. Moving from my basement (localhost) where ssl worked using
>
> SGSSRVR_keystoreFile = /home/rob/Downloads/tomcat/localhost-rsa.jks
> SGSSRVR_truststoreFile =
> /home/rob/Downloads/tomcat/localhost-rsa-cert.pem
> SGSSRVR_storeType = JKS
>
> to my office with three separate machines where I can better impersonate
> AWS.
> Following Chris's adivce (since I've been given the green light to
> self-sign)
>
> | Most people just want to mint a key+cert and have Tomcat use that
> for TLS. You can do that very simply:
> | $ keytool -genkey -keyalg RSA -sigalg SHA256withRSA -keysize 4096
> -alias ${HOSTNAME} -keystore ${HOSTNAME}.p12 -storetype PKCS12 -ext
> san=dns:${HOSTNAME}
> | Fill-out all the stuff. This gives you a new RSA key and a
> self-signed certificate. If self-signed is okay with you, you are done.
>
> I put in my fully qualified hostname("k1"), and added the full path of
> the .p12 file to my configuration props
>
> SGSSRVR_keystoreFile =
> /home/u0138544/aws/deploy/server/k1.p12
> SGSSRVR_keystoreAlias = k1
> SGSSRVR_keystorePwd = as-assigned
> SGSSRVR_truststoreFile =
> /home/u0138544/aws/deploy/server/k1.p12
> SGSSRVR_truststoreAlias = k1
> SGSSRVR_truststorePwd = as-assigned
> ##(with and without)
> SGSSRVR_storeType = PCKS12 (JKStoo)
>
> and pick those up as follows (including trying only key and only trust
> portions)
>
> done = done && connector.setProperty("sslProtocol", "TLS");
> done = done && connector.setProperty("keyAlias",
> System.getProperty("SGSSRVR_keystoreAlias"));
> done = done && connector.setProperty("keystorePass",
> System.getProperty("SGSSRVR_keystorePwd"));
> done = done && connector.setProperty("keystoreFile",
> keyFile.getAbsolutePath());
> done = done && connector.setProperty("keystoreType",
> System.getProperty("SGSSRVR_storeType"));
>
> done = done && connector.setProperty("truststoreType",
> System.getProperty("SGSSRVR_storeType"));
> done = done && connector.setProperty("truststoreFile",
> trustFile.getAbsolutePath());
> done = done && connector.setProperty("truststorePassword",
> System.getProperty("SGSSRVR_truststorePwd")); //always false
> done = done && connector.setProperty("truststoreAlias",
> System.getProperty("SGSSRVR_truststoreAlias")); //always false
>
> done = done && connector.setProperty("SSLEnabled", "true");
> done = done && connector.setProperty("clientAuth", "false");
> done = done && connector.setProperty("maxThreads", "200");
> done = done && connector.setProperty("SSLEnabled", "true");
>
> if (! done) {
> System.out.println("Some problem(s) in connector setup");
> }
>
> If anyone can tell me where I've gone wrong (again) I'm all ears.
>
>
>
>
>
>
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
