Just an update. I decided to change up what I was doing. Instead of starting with SSL on tomcat, I ported Apache and Tomcat to work together on my local test server. Now I am going to do the APR. Do I need to configure SSL on both Apache and Tomcat or just Tomcat?
On Mon, Jul 27, 2009 at 12:08 AM, Josh Gooding <josh.good...@gmail.com>wrote: > Thanks all, I appreciate the input. I used > http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html to attempt to > configure SSL. I'll read up on APR. > > On Sat, Jul 25, 2009 at 6:14 AM, Mark Thomas <ma...@apache.org> wrote: > >> Josh Gooding wrote: >> > One more thing. Here is my server.xml information that is relative: >> > >> > <Listener className="org.apache.catalina.core.AprLifecycleListener" >> > SSLEngine="on" SSLRandomSeed="builtin" /> >> >> Looks like you are trying to use the APR connector. >> >> > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" >> > minSpareThreads="5" maxSpareThreads="75" >> Neither of those two attributes are valid for Tomcat 6. Get rid of them. >> It looks like you have copied this from a previous Tomcat version. I'd >> strongly suggest checking all of your configuration against the docs. >> >> > enableLookups="true" disableUploadTimeout="true" >> > acceptCount="100" maxThreads="200" >> > scheme="https" secure="true" >> > keystoreFile="C:\Documents and Settings\Zeus\.keystore" >> > keystorePass="likeIdpostit" >> These are the JSSE SSL configuration attributes. You are trying to use >> APR. That won't work. The docs could make this clearer. You want >> http://tomcat.apache.org/tomcat-6.0-doc/apr.html >> >> Mark >> >> > clientAuth="false" sslProtocol="TLS"/> >> > >> > On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding <josh.good...@gmail.com >> >wrote: >> > >> >> Hello again. >> >> >> >> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1 >> db, I >> >> need to clamp the server down tight using SSL. I've already created my >> >> keystore file and I am able to get the server to serve on port 443 (by >> going >> >> to http://localhost:443). >> >> That means your connector is not configured correctly as it is serving >> http rather than https. >> >> >> I can get it to Subsequent attempts to serve as >> >> https://localhost are proving not to be fruitful. >> >> >> >> I have a webserver (tomcat) that is in development status that I want >> to >> >> clamp down. I am using a realm to login using j_security_check to >> login to >> >> the software. Right now what I want to do is install the Apache >> webserver >> >> and get it talking to tomcat (not hard). I created my keystore file >> and I >> >> know it works because I've tested it. What I need to know are these >> things >> >> (btw, if they are in the docs, please just say so and I'll look harder) >> >> >> >> If I want to use SSL for each person logging into the instance (which >> is >> >> using Tomcat to serve) do I need to have SSL on both Apache webserver >> and >> >> Tomcat, just the webserver, or just tomcat? >> >> >> >> Right now for example, if I go to >> >> http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D> >> <http://server.com/%5Bcompanyid%5D>I get a simple login / pwd (using >> j_sec_chk). I'm using a realm >> >> configuration in my It's not using SSL. Following Tomcat's >> instructions, I >> >> have SSL configured on my test server, and it seems to run if I go to >> >> http://test.com:443/index.jsp. I get the default tomcat page. However >> if >> >> I go to https://test.com/index.jsp, I get "cannot connect or website >> not >> >> responding" I can't remember which one. Is this a simple >> configuration >> >> thing or will this solve itself if I install the webserver and connect >> tc >> >> and apache web? >> >> >> >> Second, since I am using j_security_check for login, are there native >> >> classes in tomcat that will allow me to utilize j_sec_chk and SSL? Is >> there >> >> another method of logging in that I should use? I can write my own >> custom >> >> classes, but I am not really clear on if there is something better that >> is >> >> native. i'm looking at needing a 3 strikes and your locked out >> >> functionality across SSL. This is a simple yes there is a better way >> and >> >> it's part of tomcat, or write your custom code. I'm not looking for >> the >> >> typical "please do it for me" requests that I normally see on dev / >> user >> >> lists. >> >> >> >> Since each company has exactly ONE html page (which is only a welcome >> >> page), I honestly don't see the need to install the webserver except >> the >> >> fact that it is the right way of doing things. Is my thinking off on >> this? >> >> >> >> For some reason, my brain is becoming like a sponge for tomcat >> >> configuration. So forgive me for asking a ton of questions. I'm >> reading >> >> both the tomcat documentation and an O'Reilly book on tomcat, and I >> want to >> >> get good enough at this that I can configure it in any environment. I >> >> really enjoy tomcat and become knowledgeable enough that I don't fel >> like >> >> such a newbie asking questions. Any insight or direction would be >> greatly >> >> appreciated. >> >> >> >> Warm regards, >> >> >> >> Josh >> >> >> > >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
