Hi Anthony, I'm not sure what's your meaning of "Turning the SSLEngine on or off". But, after you change the server.xml, you need restart tomcat. I use tomcat5.5.17, there is a log file under logs of tomcat home dir, named as catalina.yyyy-mm-yy.log, before restart tomcat, remove this log file if there is one there. Then restart your tomcat, after restart tomcat, look at that log file. The first few of lines should be like:
Feb 10, 2007 9:06:46 AM org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Feb 10, 2007 9:06:47 AM org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 Feb 10, 2007 9:06:47 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1750 ms And the last few of lines should be like : Feb 10, 2007 9:06:55 AM org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Feb 10, 2007 9:06:55 AM org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8443 Feb 10, 2007 9:06:56 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Feb 10, 2007 9:06:56 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/32 config=null Feb 10, 2007 9:06:56 AM org.apache.catalina.storeconfig.StoreLoader load INFO: Find registry server-registry.xml at classpath resource Feb 10, 2007 9:06:56 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 9047 ms Otherwise, you can find exceptions, most should be one of following: SEVERE: Error initializing endpoint java.io.IOException: Cannot recover key SEVERE: Error initializing endpoint java.io.IOException: Keystore was tampered with, or password was incorrect SEVERE: Error initializing endpoint java.io.FileNotFoundException: C:\Tomcat5\public\.keystore (The system cannot find the file specified) Hope this will help you, Good luck! By the way, I have the problem, to turn on the clientAuth, hope you can help me out there. Here is my problem posted 5 days ago. On 2/15/07, Zhan, Jimmy <[EMAIL PROTECTED]> wrote: > > Hi, > I have set up HTTPS for tomcat without client certificate, and it is > running good. Now I want to turn on the client certificate. > How can to config the tomcat, let pop a "Choose a digital > certificate" window, allow clients pick Choose a digital certificate, > If failed , pop a new window to allow user input "User Name" and > "Password". > In file servrer.xml , if change clientAuth="true", then when client > is not in the "truststoreFile", > > "The page cannot be display" comes out. > If change clientAuth="want", then, tomcat ignores the result of > checking client certificate. > Thanks in advance!! > Jimmy ZHAN > Cash America International Thanks Jimmy Zhan -----Original Message----- From: Anthony Liu [mailto:[EMAIL PROTECTED] Sent: Monday, February 19, 2007 7:01 PM To: users@tomcat.apache.org Subject: Problem seting up Tomcat SSL Hi, people, It's been 3 years since I used Tomcat the last time. When I return to it these days, I am having a hard time getting the SSL to work. I've created a keystore using keytool and put the .keystore file under C:\Tomcat_6\conf\ I am using JRE 6. After I read the on-line doc, I put this in the server.xml: <-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:/Tomcat_6/conf/.keystore" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/> Turning the SSLEngine on or off makes no difference. <!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> So, what's going on? What I am missing? By the way, I am not sure what is APR, and I did not install native libraries at Tomcat Installation. Thanks. --------------------------------- TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]