Thanks all, I appreciate the input. I used http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html to attempt to configure SSL. I'll read up on APR.
On Sat, Jul 25, 2009 at 6:14 AM, Mark Thomas <ma...@apache.org> wrote: > Josh Gooding wrote: > > One more thing. Here is my server.xml information that is relative: > > > > <Listener className="org.apache.catalina.core.AprLifecycleListener" > > SSLEngine="on" SSLRandomSeed="builtin" /> > > Looks like you are trying to use the APR connector. > > > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > > minSpareThreads="5" maxSpareThreads="75" > Neither of those two attributes are valid for Tomcat 6. Get rid of them. > It looks like you have copied this from a previous Tomcat version. I'd > strongly suggest checking all of your configuration against the docs. > > > enableLookups="true" disableUploadTimeout="true" > > acceptCount="100" maxThreads="200" > > scheme="https" secure="true" > > keystoreFile="C:\Documents and Settings\Zeus\.keystore" > > keystorePass="likeIdpostit" > These are the JSSE SSL configuration attributes. You are trying to use > APR. That won't work. The docs could make this clearer. You want > http://tomcat.apache.org/tomcat-6.0-doc/apr.html > > Mark > > > clientAuth="false" sslProtocol="TLS"/> > > > > On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding <josh.good...@gmail.com > >wrote: > > > >> Hello again. > >> > >> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1 > db, I > >> need to clamp the server down tight using SSL. I've already created my > >> keystore file and I am able to get the server to serve on port 443 (by > going > >> to http://localhost:443). > > That means your connector is not configured correctly as it is serving > http rather than https. > > > I can get it to Subsequent attempts to serve as > >> https://localhost are proving not to be fruitful. > >> > >> I have a webserver (tomcat) that is in development status that I want to > >> clamp down. I am using a realm to login using j_security_check to login > to > >> the software. Right now what I want to do is install the Apache > webserver > >> and get it talking to tomcat (not hard). I created my keystore file and > I > >> know it works because I've tested it. What I need to know are these > things > >> (btw, if they are in the docs, please just say so and I'll look harder) > >> > >> If I want to use SSL for each person logging into the instance (which is > >> using Tomcat to serve) do I need to have SSL on both Apache webserver > and > >> Tomcat, just the webserver, or just tomcat? > >> > >> Right now for example, if I go to > >> http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D> > <http://server.com/%5Bcompanyid%5D>I get a simple login / pwd (using > j_sec_chk). I'm using a realm > >> configuration in my It's not using SSL. Following Tomcat's > instructions, I > >> have SSL configured on my test server, and it seems to run if I go to > >> http://test.com:443/index.jsp. I get the default tomcat page. However > if > >> I go to https://test.com/index.jsp, I get "cannot connect or website > not > >> responding" I can't remember which one. Is this a simple configuration > >> thing or will this solve itself if I install the webserver and connect > tc > >> and apache web? > >> > >> Second, since I am using j_security_check for login, are there native > >> classes in tomcat that will allow me to utilize j_sec_chk and SSL? Is > there > >> another method of logging in that I should use? I can write my own > custom > >> classes, but I am not really clear on if there is something better that > is > >> native. i'm looking at needing a 3 strikes and your locked out > >> functionality across SSL. This is a simple yes there is a better way > and > >> it's part of tomcat, or write your custom code. I'm not looking for the > >> typical "please do it for me" requests that I normally see on dev / user > >> lists. > >> > >> Since each company has exactly ONE html page (which is only a welcome > >> page), I honestly don't see the need to install the webserver except the > >> fact that it is the right way of doing things. Is my thinking off on > this? > >> > >> For some reason, my brain is becoming like a sponge for tomcat > >> configuration. So forgive me for asking a ton of questions. I'm > reading > >> both the tomcat documentation and an O'Reilly book on tomcat, and I want > to > >> get good enough at this that I can configure it in any environment. I > >> really enjoy tomcat and become knowledgeable enough that I don't fel > like > >> such a newbie asking questions. Any insight or direction would be > greatly > >> appreciated. > >> > >> Warm regards, > >> > >> Josh > >> > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
