RE: Question about SSL

Wed, 24 Feb 2010 20:19:28 -0800 

_______________________________________
>From: Caldarale, Charles R [chuck.caldar...@unisys.com]
>Subject: RE: Question about SSL
>
> In windows, the service account shows up as:  .\tomcat_user
> I have that service set to start manually.

>If you used the tomcat6w.exe program to set the service's logon account, that 
>may have been ignored, at 
>least on some versions of Windows.  I have to change it with the Services 
>console snap-in.

>Regardless, I wouldn't count on Windows getting the home directory right when 
>running as a service.

Chuck, you were probably right about Windows not getting the home directory 
right.

Success!!!!!

When I got home, I fired up VMWare and started a Windows Server 2003 R2 SP2 vm, 
updated 34 hotfixes (I haven't turned this vm on in awhile), downloaded tomcat 
6.0.24, left the default keystore password, and this time moved the .keystore 
file to c:\.keystore.  I changed the SSL port from 8443 to 443.  IIS was never 
installed on this server.

When I started tomcat, the logs told me everything I needed to know.  
The logs showed the following error:  java.io.FileNotFoundException: 
{some-directory}/{some-file} not found". 

I don't know why I wasn't seeing that error in the logs at work.

The windows tomcat_user account did not have access to the .keystore file after 
moving it to the root of c:.  I gave it full control and restarted tomcat.

Now, using IE8 (I know, this is not comparing apples to apples), 
https://localhost:443

The "There is a problem with this website's security certificate" appears.  I 
continue to this website, and the Tomcat default webapp appears with https.

I did go back and edit server.xml for port 8443 and tried it again.  Still 
works using 8443!

I think it all boiled down to being able to access the .keystore file.

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" 
SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               keystoreFile="c:/.keystore" keystorePass="changeit"
               clientAuth="false" sslProtocol="TLS" />

Thank you everyone for helping me with this.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to