• Post Reply Bookmark Topic Watch Topic
  • New Topic

configuring ssl for apache+openssl+tomcat  RSS feed

John Kim
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have apache 4 and tomcat 2 installed, which work perfectly fine through mod_jk2. i've been trying to set up a SSL secure server
by using mod_ssl, but after hours of working through it, i still haven't been able to make it work. in order to install mod_ssl, i enabled this
while configuring apache as below:
./configure --enable-ssl --with-ssl=/usr/openssl
before calling make and make install.
i can see that mod_ssl.c has been installed by typing ./bin/httpd -l, which shows a list of modules installed. at this point, i proceeded
to make the certificate key and a corresponding self-signed certificate using openssl. i made sure that the key and the certificate matched by
checking the modulus portion as instructed on mod_ssl.org. i didn't change anything in httpd.conf because it already had the include directive
for ssl.conf in the case of <IfDefine SSL>. I kept ssl.conf as it was when first installed, except changing the path for the certificate key and the
certificate file, as well as the Server Name within the SSL-enabled <VirtualHost>, because apache complained that the server name of the key/certificate
didn't match its 'Server Name'. Below is the portion that i've changed, as well as the error msg that prompted me to change the server name.
<VirtualHost 63.251.x.x:443>
# General setup for the virtual host
#DocumentRoot "/usr/local/apache2/htdocs"
DocumentRoot "/usr/local/apache2/temp"
#ServerName new.host.name:443
ServerName 63.251.x.x:443
#ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
error msg:
[Wed Sep 10 16:47:55 2003] [warn] RSA server certificate CommonName (CN) `john doe' does NOT match server name!?
(so after this i changed the common name of the crt to [my ip address]:443)

starting apache is fine w/o any errors, but when i tried to access the page by going to https://63.251.x.x, i get 'cannot find server - the page cannot
be displayed' error. i understand that sometimes apache+openssl+mod_ssl has problems with IE, but all the fixes recommended on mod_ssl.org has
already been included in the .conf files that i have. is there something else i'm missing here? any help would be appreciated. thanks in advance.
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!