Some additional info:
Debian Etch w/o system-wide Java installation
These are included in the Funambol sync server bundle (6.5.12):
Java Runtime environment 1.5.0
Tomcat 5.5.20
First of all, instead of recipes, I'd prefer to be pointed at
information on how to debug this problem. I'm not a professional Java
developer so all these Servlet/Java/log4j/properties/Connector/Factory
things are a bit strange for me.
Anyways, here are the HTTPS/SSL connector settings that I've tried to no
avail. Please tell me which one _should_ work, or if they are all
faulty. The paths are correct.
<!-- This is based strictly on Tomcat 5.5 SSL Howto. Still -->
<!-- it does not work. The keystoreFile should be in -->
<!-- Connector part, not Factory part. Feel free to -->
<!-- verify with "strace" to see what I mean. -->
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystorePass="something"
keyAlias="tomcat">
<Factory clientAuth="false" protocol="TLS"
keystoreFile="/root/newkeystore"/>
</Connector>
<!-- Another variant with keystorePass in Connector -->
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystorePass="something"
keyAlias="tomcat"
keystoreFile="/root/newkeystore">
<Factory clientAuth="false" protocol="TLS"/>
</Connector>
<!-- Another variant with keystorePass inside Factory -->
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="tomcat"
keystoreFile="/root/newkeystore">
<Factory clientAuth="false" protocol="TLS"
keystorePass="something"/>
</Connector>
<!-- Another variant without Factory part -->
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystorePass="something"
keyAlias="tomcat"
keystoreFile="/root/newkeystore"/>
So none of these work. Any ideas?
Hi!
I migrated from Tomcat 5.0 to Tomcat 5.5. I had SSL working in Tomcat
5.0 with both a self-created certificate and a signed (trusted)
certificate, both inside a Java keystore (JKS).
Now, with Tomcat 5.5 the SSL connector refuses to start with the dreaded
"keystore was tampered with" error. This only happens _if_ I change the
keystore password to anything else than "changeit".
I already searched the mailinglist archives, Tomcat Wiki, Tomcat Howto's
and Google. No definitive answers. Just lots of contradicting
information. I also read the Tomcat 5.5 SSL HOWTO carefully so I'm
positive I did miss anything.
Anyways, the process in a nutshell:
First I create a new Java keystore (JKS) with keytool, like this:
keytool -genkey -alias tomcat -keyalg RSA -keystore /root/newkeystore
Next I move on to modifying the server.xml. No matter what I do, I can't
get Tomcat to use the correct password. The
"keystoreFile="/root/newkeystore" in the <Connector> statement works as
it should (I straced Tomcat startup). The "keystorePass", however, does
not work whether it's inside <Connector> or inside <Factory> (which is
inside the <Connector>. The "keyAlias" entry did not help either.
I can open my Java keystore just fine with keytool an with the defined
password, so it seems that Tomcat is just not using the password that's
defined in server.xml and therefore reverts to default.
Does anyone have a functional Tomcat 5.5 SSL/https connector definition
which I could use? Or does someone have an idea what's happening here?
I'd be really happy if this thing gets sorted out!
Best regards to all,
Samuli
---
Btw. The Tomcat 5.5 SSL-Howto seems to have an error in it:
"If the keystore file is anywhere else, you will need to add a
keystoreFile attribute to the <Factory> element in the Tomcat
configuration file."
I straced Tomcat startup and if the keystoreFile was defined in
<Connector> element, strace showed that Tomcat was trying to open
keystorefile from that location. Adding it to <Factory> did not work.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]