In my case, apache is in the front as a load balancer (JK module). I read an instruction that says SSL is only needed between client and Apache, but SSL is not configured between apache and tomcat. I am using JBOSS 4.2.2. In my environment, the security between apache and tomcat is a concern. How to configure SSL all the way between client --> Apache --> Tomcat? Thanks! dave
Schadler Johann <[EMAIL PROTECTED]> wrote: To ensure you have a valid keystore with the included private key and a refer to an alias 'tomcat' I recommend strongly to create a new keystore as described in the reference (see links in other answer mails). At least you can create a self-signed certificate if you don't need one signed by a trusted CA. To check if SSL is running you can test it from a Linux or Unix box with installed OpenSSL with the following command: echo -e "GET /jsp-examples/index.jsp HTTP/1.0\r\n\r\n"|openssl s_client -connect localhost:8443 -ssl3 -debug -quiet Replace URI-context and welcome file, replace hostname and port if neccessary, change SSL mode to ssl2 or tsl as needed Johann ----- Original Message ----- From: "Bob Grabbe" To: "'Tomcat Users List'" Sent: Monday, November 26, 2007 10:48 PM Subject: RE: SSL problem with Tomcat 5.5 > OK, I've attached a new file with the startup. Unfortunately I'm not > seeing > anything in any logs that indicate any https requests. > Just in case, what's the command to generate a new empty keystore file ? > I've seen the notes on the tomcat docs for creating the csr, but I didn't > do > that this time. I might try it though, if I can get godaddy to go through > the process with me again, > > Thanks > > Bob Grabbe > University of Michigan > [EMAIL PROTECTED] > _________________________________________________________________________ > "Research is the process of going up alleys to see if they are blind." -- > Marston Bates > >> -----Original Message----- >> From: Hassan Schroeder [mailto:[EMAIL PROTECTED] >> Sent: Monday, November 26, 2007 4:09 PM >> To: Tomcat Users List >> Subject: Re: SSL problem with Tomcat 5.5 >> What would be best would be catalina.log at startup, showing >> whether the SSL connector started cleanly. >> >> And of course, any log entry relating specifically to an HTTPS >> request. >> >> > I didn't generate a new csr, I figured renewing the cert shouldn't >> need >> > that. Do I need to go through that or should I be able to just renew >> it ? >> >> Dunno about GoDaddy, but when I "renew" a Thawte cert for one of >> my sites, I have to generate a new cert request. So I just create a new >> keystore file, named something like keystore-example.com-2007, and >> use that for the new cert. >> >> HTH! >> -- >> Hassan Schroeder ------------------------ [EMAIL PROTECTED] >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > -------------------------------------------------------------------------------- > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Get easy, one-click access to your favorites. Make Yahoo! your homepage.