-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrea,
Please keep discussions on the mailing list. On 8/26/2010 5:19 PM, Andrea Freire wrote: > I pass you my configuration, go ahead It looks like you have not configured Apache httpd for SSL. Did you want to have SSL terminate at Apache httpd or at Tomcat? > <Connector className="org.apache.tomcat.service.PoolTcpConnector"> > <Parameter name="handler" > value="org.apache.tomcat.service.http.HttpConnectionHandler"/> > <Parameter name="port" value="6443"/> > <Parameter name="socketFactory" > value="org.apache.tomcat.net.SSLSocketFactory"/> > <Parameter name="keystore" value="/root/.keystore" /> > <Parameter name="keypass" value="my_key_forsecurityreasonsInotputit"/> > <Parameter name="clientAuth" value="false"/> > </Connector> That's a weird <Connector> configuration. Where did you get this example? I note you're trying to use a keystore in /root/.keystore... it's generally not a good idea to run Tomcat as root, and it's generally not a good idea to allow /root to be world-readable. From the above configuration, I suspect you are running Tomcat as root: seriously consider running Tomcat as a non-privileged user. There's a perfectly good SSL connector configuration listed already in server.xml (though it's commented-out): > <!-- Define a SSL HTTP/1.1 Connector on port 8443 > This connector uses the JSSE configuration, when using APR, the > connector should be using the OpenSSL style configuration > described in the APR documentation --> > <!-- > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" /> > --> You just need to uncomment this and add the following attributes: keystoreFile (note that your attribute was "keystore", not "keystorefile") keystorePass Please see http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html for reference. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx36y0ACgkQ9CaO5/Lv0PBsOACfeKqk+2V7sKVtGytEboZG9ESx +hkAoJWJwwfElvvst+FCwZj3w3crWYN+ =94gF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org