-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Charles,
On 6/10/2011 9:25 AM, Charles Van Damme wrote: > 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener init > INFO: The APR based Apache Tomcat Native library which allows optimal > performance in production environments was not found on the > java.library.path: [...] FWIW, that's just an INFO message, but if you are going to be using SSL, you might want to go ahead and install the APR library: your performance will improve measurably. Note that <Connector> configuration for an APR connector using SSL is completely different if you choose to go this route. If you are not going to be using APR, you can disable the APR lifecycle listener because you aren't using it. > java.security.NoSuchAlgorithmException: RSA SSLContext not available As Pid points out, it's pretty obvious that "RSA" is not a valid algorithm in this situation: > at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) > at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:490) So, it's an SSL configuration problem. Let's look at your SSL <Connector>: > <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port > 443 --> > <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" > port="443" > maxThreads="150" scheme="https" secure="true" > SSLEnabled="true" > keystoreFile="C:/Documents and Settings/Papa/.keystore" > keystorePass="changeit" > clientAuth="false" sslProtocol="RSA" /> SO, you have sslProtocol="RSA"... seems like a good place to look. If you check the <Connector> documentation, you can see that there are only a few recognized protocols you can choose. http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support Note that "protocol" refers to the protocol used for SSL, not for any specific cipher, key exchange strategy, etc. Unfortunately, the Tomcat documentation does not list all the available protocols, nor should it: the protocols available to you are determined by JVM support. The Javadoc for javax.net.ssl.SSLContext.getInstance has a pointer to documentation for "standard names" (which takes you through several hops to) here: http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext Those are the valid ssl protocol names you can choose. If you want use only ciphers that use the RSA algorithm (which is really limiting, IMO), you can look up their names here (after scrolling a bit downward): http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames Just look for stuff like SSL_DH_DSS_blah_blah_blah. Of course, support for a certain algorithm might not be available in your environment. It's best to find out what your JVM supports and use that. I wrote a short bit of code a while back to determine the supported algorithms and the default cipher suite for an SSLSocketFactory. I'll try to dig it up and post it. > <!-- Define an AJP 1.3 Connector on port 8009 --> > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> If you aren't using AJP, then disable the extra connector. > Hoping you are not overwhelmed. Anything else ? You had other errors in the log file. After you get SSL working properly, stop Tomcat, delete all your logs and re-launch it. Anything that looks like an error should be investigated and fixed. Feel free to come back to the list for help on those additional issues: just remember start a new thread if you do. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3yd5IACgkQ9CaO5/Lv0PCSwQCggfhTML/aJwMtBlw1pVJ+mJIt rg8AoJOrh9amZcTCiLFrXjZQtFRGQbd0 =fu8H -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
