• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSL Help please

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello guys.

I installed tomcat 5 and trying to config https.

I got .crt file and .key file (with private key).
I found out that it tomcat there are 2 ways of enabling ssl (JSSP (default), and ARP)
I created .keystore from .crt file and i think somehow i must add .key to that store (i generated file named .keystore)
If i use JSSP i post in server.xml setting like this

I got an error like


Please help me fix it or advice any different way to configurate ssl in tomcat.

Thank you.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The steps you have performed seems correct:
1) generating a keystore file
2) enabling port 8443 at server.xml file

Try giving absolute path of your keystore file in server.xml
something like:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
enableLookups="true"
keystoreFile="c:/tomcat.keystore" keystorePass="xyz"/>
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Dmitri!

You say you "created the keystore from the .crt file". I'm not sure I know what you did. What you needed to do was create the keystore file using the keytool application ("keytool -genkey") and then add the certificate to the keystore.
 
Dmitry Fedorovich
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Holloway wrote:Welcome to the JavaRanch, Dmitri!

You say you "created the keystore from the .crt file". I'm not sure I know what you did. What you needed to do was create the keystore file using the keytool application ("keytool -genkey") and then add the certificate to the keystore.



It`s just what i did...

After long painful trying i found a better solution. I just installed NGINX and use it as SSL proxy. The only thing i did is setup some config arguments and pathes to .key file and pem file (pem file is just a result of concatenation of .crt and .key files). Thank you very much anyway.
 
reply
    Bookmark Topic Watch Topic
  • New Topic