Hi Anthony,
I'm not sure what's your meaning of "Turning the SSLEngine on or
off".
But, after you change the server.xml, you need restart tomcat.
I use tomcat5.5.17, there is a log file under logs of tomcat home
dir,
named as catalina.yyyy-mm-yy.log, before restart tomcat, remove this
log
file if there is one there. Then restart your tomcat, after restart
tomcat, look at that log file. The first few of lines should be like:
Feb 10, 2007 9:06:46 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Feb 10, 2007 9:06:47 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
Feb 10, 2007 9:06:47 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1750 ms
And the last few of lines should be like :
Feb 10, 2007 9:06:55 AM org.apache.coyote.http11.Http11BaseProtocol
start
INFO: Starting Coyote HTTP/1.1 on http-8080
Feb 10, 2007 9:06:55 AM org.apache.coyote.http11.Http11BaseProtocol
start
INFO: Starting Coyote HTTP/1.1 on http-8443
Feb 10, 2007 9:06:56 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Feb 10, 2007 9:06:56 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/32 config=null
Feb 10, 2007 9:06:56 AM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
Feb 10, 2007 9:06:56 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 9047 ms
Otherwise, you can find exceptions, most should be one of following:
SEVERE: Error initializing endpoint
java.io.IOException: Cannot recover key
SEVERE: Error initializing endpoint
java.io.IOException: Keystore was tampered with, or password was
incorrect
SEVERE: Error initializing endpoint
java.io.FileNotFoundException: C:\Tomcat5\public\.keystore (The system
cannot find the file specified)
Hope this will help you, Good luck!
By the way, I have the problem, to turn on the clientAuth,
hope you can help me out there. Here is my problem posted 5 days
ago.
On 2/15/07, Zhan, Jimmy <[EMAIL PROTECTED]> wrote:
>
> Hi,
> I have set up HTTPS for tomcat without client certificate, and it
is
> running good. Now I want to turn on the client certificate.
> How can to config the tomcat, let pop a "Choose a digital
> certificate" window, allow clients pick Choose a digital certificate,
> If failed , pop a new window to allow user input "User Name" and
> "Password".
> In file servrer.xml , if change clientAuth="true", then when
client
> is not in the "truststoreFile",
>
> "The page cannot be display" comes out.
> If change clientAuth="want", then, tomcat ignores the result of
> checking client certificate.
> Thanks in advance!!
> Jimmy ZHAN
> Cash America International
Thanks
Jimmy Zhan
-----Original Message-----
From: Anthony Liu [mailto:[EMAIL PROTECTED]
Sent: Monday, February 19, 2007 7:01 PM
To: users@tomcat.apache.org
Subject: Problem seting up Tomcat SSL
Hi, people,
It's been 3 years since I used Tomcat the last time. When I return to
it these days, I am having a hard time getting the SSL to work.
I've created a keystore using keytool and put the .keystore file under
C:\Tomcat_6\conf\
I am using JRE 6.
After I read the on-line doc, I put this in the server.xml:
<-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port
8443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Tomcat_6/conf/.keystore"
keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Turning the SSLEngine on or off makes no difference.
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
So, what's going on? What I am missing?
By the way, I am not sure what is APR, and I did not install native
libraries at Tomcat Installation.
Thanks.
---------------------------------
TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
