LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-11-2008, 12:18 PM   #1
vamsi_k
Member
 
Registered: Aug 2008
Posts: 66

Rep: Reputation: 18
How to configure SSL on Tomcat 5


are the below steps correct :


# cd $CATALINA_HOME

# $JAVA_HOME/keytool -genkey -alias tomcat -keyalg RSA -keystore


{ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \
-keystore /path/to/my/keystore }

Enter keystore password : changeit

What is your first and last name? [Unknown]:

What is the name of your organizational unit? [Unknown] :

What is the name of your organization? [Unknown]:

What is the name of your City or Locality? [Unknown]:

What is the name of your State or Province? [Unknown]:

What is the two-letter country code for this unit? [Unknown]:

{ its asks the details are correct or not } correct? [no]: yes

Enter key password for (RETURN if same as keystore password): Hit Enter.


Tomcat will assume the password is “changeit” by default so it’s advised to leave it that way. Now let’s tell Tomcat to use the keystore file.


# cd $CATALINA_HOME/conf/

# vi server.xml

3. Look for “<!– Define a SSL HTTP/1.1 Connector on port 8443 –>”. Remove the <!– –> comments indicator and add the keystore info.

<!– Define a SSL HTTP/1.1 Connector on port 8443 –>

<Connector port=”8443” maxHttpHeaderSize=”8192″

maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″

enableLookups=”false” disableUploadTimeout=”true”

acceptCount=”100″ scheme=”https” secure=”true”

keystoreFile=”/path/to/my/keystore”

clientAuth=”false” sslProtocol=”TLS” />


then

restarting the tomcat

Next

https://localhost:8443
 
Old 11-11-2008, 12:56 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,921

Rep: Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690
Quote:
Originally Posted by vamsi_k View Post
are the below steps correct :

# cd $CATALINA_HOME
# $JAVA_HOME/keytool -genkey -alias tomcat -keyalg RSA -keystore

{ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \
-keystore /path/to/my/keystore }

Enter keystore password : changeit
What is your first and last name? [Unknown]:
What is the name of your organizational unit? [Unknown] :
What is the name of your organization? [Unknown]:
What is the name of your City or Locality? [Unknown]:
What is the name of your State or Province? [Unknown]:
What is the two-letter country code for this unit? [Unknown]:
{ its asks the details are correct or not } correct? [no]: yes

Enter key password for (RETURN if same as keystore password): Hit Enter.

Tomcat will assume the password is “changeit” by default so it’s advised to leave it that way. Now let’s tell Tomcat to use the keystore file.


# cd $CATALINA_HOME/conf/
# vi server.xml
3. Look for “<!– Define a SSL HTTP/1.1 Connector on port 8443 –>”. Remove the <!– –> comments indicator and add the keystore info.
<!– Define a SSL HTTP/1.1 Connector on port 8443 –>

<Connector port=”8443” maxHttpHeaderSize=”8192″

maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ scheme=”https” secure=”true”
keystoreFile=”/path/to/my/keystore”
clientAuth=”false” sslProtocol=”TLS” />

then

restarting the tomcat

Next

https://localhost:8443
Have you TRIED these steps? What was the result? And you don't say anything about what version/distro of Linux you're using, or anything about your environment.
 
Old 11-11-2008, 09:43 PM   #3
vamsi_k
Member
 
Registered: Aug 2008
Posts: 66

Original Poster
Rep: Reputation: 18
i did'nt try them. I searched in the Google and i got these steps.

os: centos 5.2
 
Old 11-12-2008, 09:05 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,921

Rep: Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690
Quote:
Originally Posted by vamsi_k View Post
i did'nt try them. I searched in the Google and i got these steps.

os: centos 5.2
Well, then...go try them, if you want to enable SSL. Post here if you're having problems......
 
Old 11-17-2008, 07:14 AM   #5
vamsi_k
Member
 
Registered: Aug 2008
Posts: 66

Original Poster
Rep: Reputation: 18
followed and did same as in 1 st post

Last edited by vamsi_k; 11-17-2008 at 07:16 AM.
 
Old 11-17-2008, 07:15 AM   #6
vamsi_k
Member
 
Registered: Aug 2008
Posts: 66

Original Poster
Rep: Reputation: 18
followed the same which are written in the 1 st post

but keystore file path edited in server.xml is : /usr/share/tomcat5

OS : centos 5.2

java version :
java version "1.5.0_16"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_16-b02)
Java HotSpot(TM) Client VM (build 1.5.0_16-b02, mixed mode, sharing)

tomcat : 5.5 ( installed rpm's )


this is the error :

17-Nov-08 5:07:33 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SEVERE: Exception trying to load keystore /usr/share/tomcat5/.keystore
java.security.KeyStoreException: JKS
at java.security.KeyStore.getInstance(libgcj.so.7rh)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(tomcat-util-5.5.23.jar.so)
at org.apache.coyote.http11.Http11BaseProtocol.start(tomcat-http-5.5.23.jar.so)
at org.apache.coyote.http11.Http11Protocol.start(tomcat-http-5.5.23.jar.so)
at org.apache.catalina.connector.Connector.start(catalina-5.5.23.jar.sot7n6f7.so)
at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.sot7n6f7.so)
at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.sot7n6f7.so)
at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.sot7n6f7.so)
at java.lang.reflect.Method.invoke(libgcj.so.7rh)
at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Nov-08 5:07:33 PM org.apache.coyote.http11.Http11BaseProtocol start
SEVERE: Error starting endpoint
java.io.IOException: Exception trying to load keystore /usr/share/tomcat5/.keystore: JKS
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(tomcat-util-5.5.23.jar.so)
at org.apache.coyote.http11.Http11BaseProtocol.start(tomcat-http-5.5.23.jar.so)
at org.apache.coyote.http11.Http11Protocol.start(tomcat-http-5.5.23.jar.so)
at org.apache.catalina.connector.Connector.start(catalina-5.5.23.jar.sot7n6f7.so)
at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.sot7n6f7.so)
at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.sot7n6f7.so)
at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.sot7n6f7.so)
at java.lang.reflect.Method.invoke(libgcj.so.7rh)
at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Nov-08 5:07:33 PM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: Exception trying to load keystore /usr/share/tomcat5/.keystore: JKS
at org.apache.catalina.connector.Connector.start(catalina-5.5.23.jar.sot7n6f7.so)
at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.sot7n6f7.so)
at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.sot7n6f7.so)
at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.sot7n6f7.so)
at java.lang.reflect.Method.invoke(libgcj.so.7rh)
at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Nov-08 5:07:33 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 3622 ms
 
Old 11-17-2008, 12:02 PM   #7
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,921

Rep: Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690
Quote:
Originally Posted by vamsi_k View Post
followed the same which are written in the 1 st post

but keystore file path edited in server.xml is : /usr/share/tomcat5

OS : centos 5.2

java version :
java version "1.5.0_16"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_16-b02)
Java HotSpot(TM) Client VM (build 1.5.0_16-b02, mixed mode, sharing)

tomcat : 5.5 ( installed rpm's )


this is the error :

17-Nov-08 5:07:33 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SEVERE: Exception trying to load keystore /usr/share/tomcat5/.keystore
java.security.KeyStoreException: JKS
Ok...seems easy to understand. Either the file isn't there, or has incorrect permissions. Go fix it.
 
Old 11-27-2008, 07:12 AM   #8
vamsi_k
Member
 
Registered: Aug 2008
Posts: 66

Original Poster
Rep: Reputation: 18
File is existing in the path . I even tried providing complete 777 permissions to the file
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tomcat with ssl. ayush1440 Linux - Server 1 05-06-2008 12:17 AM
intgrating Apache with Tomcat on SSL hany_77 Linux - Server 1 12-30-2007 10:05 PM
Apache Tomcat and SSL selestin Mathew Linux - Software 1 11-22-2007 04:46 AM
Tomcat .keystore file for SSL keysorsoze Linux - Software 0 08-28-2007 04:07 PM
tomcat don't listen on port 8443 (ssl) Kanaflloric Linux - Software 2 05-03-2007 06:41 AM


All times are GMT -5. The time now is 01:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration