Hi Keyur,
I've just tried this out and it works. You should add the
SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" in
Connector tag in server.xml file that resides under $CATALINA_HOME/conf
directory. So, it should look like this in server.xml
<Connector keystoreFile="/path/to/keystore" keystorePass="keystorepassword"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation"/>
Change the keystoreFile and keystorePass accordingly.
Hope this help.
Ann
Keyu Sheth wrote:
>
> Hi Bill,
>
> Where should I put the sslimplementation tag in the Connector
> tag. Because in the tomcat documentation for SSL this type of tag is not
> there. So can you please elaborate on this. And also give me the correct
> syntax for ssLImplementation.
>
> Keyur
>
> Bill Barker <[EMAIL PROTECTED]> wrote:
> PureTLS doesn't use the standard Java keystore format. Consult the
> PureTLS
> docs for the correct format. Alternatively, specify
> sSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" on
> the element to use JSSE instead of PureTLS.
>
> "keyur sheth" wrote in message
> news:[EMAIL PROTECTED]
>> Hi everybody,
>>
>> I am trying to make the tomcat container secure by
>> converting it from http to https. I am using the documentation on the
>> following website.
>> http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
>>
>> I had implemented this before by creating the
>> self-signed certificate and it worked. But for converting it to make it
>> trusted I deleted all the files like the .keystore file and created the
>> new .keystore and followed the steps in documentation.
>>
>> I am implementing the part in which you send the CSR
>> to the CA for gettting the trusted certificate. So I sent the CSR and got
>> the three certificates from the trusted authority. The root certificate,
>> chain certificate and the signed certificate. I imported all the
>> certificate files one by one following the sequence root, chain and
>> signed
>> certificate.
>>
>> But now there is some error by which I am not able to
>> see the page when I write the URL with
>> https://xxxx.xxx.xxx:8443/gridsphere. But if I give
>> http://xxxx.xxx.xxx:8080/ tomcat is starting and also also
>> http://xxxx.xxx.xxx:8080/gridsphere the gridsphere application is
>> starting. I shutdown the tomcat and also restarted the tomcat by making
>> all these changes. But still it didn't showed up. The error shown is as
>> follows:-
>>
>> Sep 2, 2006 1:39:14 PM org.apache.coyote.http11.Http11BaseProtocol start
>> SEVERE: Error starting endpoint
>> java.io.IOException: Couldn't find private key in this file
>> at
>> org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.init(PureTLSSocketFactory.java:149)
>> at
>> org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.createSocket(PureTLSSocketFactory.java:69)
>> at
>> org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
>> at
>> org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)
>> at
>> org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:149)
>> at
>> org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:95)
>> at
>> org.apache.catalina.connector.Connector.start(Connector.java:1089)
>> at
>> org.apache.catalina.core.StandardService.start(StandardService.java:459)
>> at
>> org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
>> at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:585)
>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>> Sep 2, 2006 1:39:14 PM org.apache.catalina.startup.Catalina start
>> SEVERE: Catalina.start:
>> LifecycleException: Protocol handler start failed: java.io.IOException:
>> Couldn't find private key in this file
>> at
>> org.apache.catalina.connector.Connector.start(Connector.java:1091)
>> at
>> org.apache.catalina.core.StandardService.start(StandardService.java:459)
>> at
>> org.apache.catalina.core.StandardServer.start(StandardServer.java:680)
>> at org.apache.catalina.startup.Catalina.start(Catalina.java:536)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:585)
>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>>
>>
>> Can somebody tell me what mistake I am doing. Have anybody
>> faced the same problem before.
>>
>> Thanking you,
>> Keyur
>>
>>
>>
>>
>>
>>
>> ---------------------------------
>> All-new Yahoo! Mail - Fire up a more powerful email and get things done
>> faster.
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
> ---------------------------------
> How low will we go? Check out Yahoo! Messengers low PC-to-Phone call
> rates.
>
--
View this message in context:
http://www.nabble.com/Error-while-converting-tomcat-container-from-http-to-https-tf2230735.html#a6244765
Sent from the Tomcat - User forum at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
