On 10/26/2010 04:08 AM, Richard da Silva wrote:
Thanks for your response, Darryl
But, the certificate is not the problem. The Tomcat Configuration is the issue
(server.xml)
Richard da Silva
Richard,
Are you sure that the certificate isn't also the problem?
As Brett has previously mentioned, the APR is enabled [ Listener
className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"
] , thus you need OpenSSL/mod_ssl style syntax and not the standard JSSE
way of defining a keystore.
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
SSLCertificateChainFile"/usr/local/ssl/chain.pem"
Your best bet at this time is to create a key and CSR with OpenSSL.
openssl req -nodes -newkey rsa:2048 -nodes -keyout myserver.key -out
server.csr -subj "/C=US/ST=NY/L=NY/O=MyCompany
Ltd./OU=IT/CN=mysubdomain.mydomain.com"
Then, send it to your CA to re-key the certificate. After all of that,
modify the SSL connector as per the docs for the APR [
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html ] (as per Brett too)
In your "original" server.xml file, I do not see an SSL definition, yet
the SSL Engine is on. Are you sure this "server" is enabled with SSL in
the original configuration?
--Sal
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
