java - SSL in Tomcat 8: server & client JKS + client public cer -

August 15, 2011

i've followed guide setup tomcat 8 instance ssl layer, producing client , server keystores , public client certificate autosigned.

the issue is, guess, don't know how configure tomcat's connector...

here current server.xml file (removed unnecessary comments):

    <?xml version='1.0' encoding='utf-8'?> <server port="8005" shutdown="shutdown">   <listener classname="org.apache.catalina.startup.versionloggerlistener"/>    <listener sslengine="on" classname="org.apache.catalina.core.aprlifecyclelistener"/>   <listener classname="org.apache.catalina.core.jrememoryleakpreventionlistener"/>   <listener classname="org.apache.catalina.mbeans.globalresourceslifecyclelistener"/>   <listener classname="org.apache.catalina.core.threadlocalleakpreventionlistener"/>    <globalnamingresources>      <resource auth="container" description="user database can updated , saved" factory="org.apache.catalina.users.memoryuserdatabasefactory" name="userdatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.userdatabase"/>   </globalnamingresources>    <service name="catalina">      <connector connectiontimeout="40000" port="9090" protocol="http/1.1" redirectport="8443"/>      <!-- i've tried using these ones: -->     <!-- <connector port="8443" protocol="org.apache.coyote.http11.http11nioprotocol"                maxthreads="150" sslenabled="true" scheme="https" secure="true"                clientauth="false" sslprotocol="tls" /> -->     <!--<connector  clientauth="true" port="8443" minsparethreads="5"                 enablelookups="true" disableuploadtimeout="true"                 acceptcount="100" maxthreads="200"                 scheme="https" secure="true" sslenabled="true"                 keystorefile="c:\program files\apache software foundation\tomcat 8.0\keys/server.jks" keystoretype="jks" keystorepass="triple1327"                 truststorefile="c:\program files\apache software foundation\tomcat 8.0\keys/server.jks" truststoretype="jks" truststorepass="triple1327"                 sslprotocol="tls" />-->                  <!-- don't work on tomcat8:                 maxsparethreads="75"                 sslverifyclient="require"                 sslengine="on"                 sslverifydepth="2"                 -->          <connector port="8443" protocol="org.apache.coyote.http11.http11nioprotocol"         maxthreads="150" sslenabled="true" scheme="https" secure="true"         clientauth="true" sslprotocol="tls"          keystorefile="c:\program files\apache software foundation\tomcat 8.0\keys\server.jks" keystoretype="jks" keystorepass="triple1327"         truststorefile="c:\program files\apache software foundation\tomcat 8.0\keys\server.jks" truststoretype="jks" truststorepass="triple1327"                 />          <!-- define ajp 1.3 connector on port 8009 -->         <connector port="8009" protocol="ajp/1.3" redirectport="8443"  />         <engine defaulthost="localhost" name="catalina">          <realm classname="org.apache.catalina.realm.lockoutrealm">          <realm classname="org.apache.catalina.realm.userdatabaserealm" resourcename="userdatabase"/>     </realm>      <host appbase="webapps" autodeploy="true" name="localhost" unpackwars="true">         <valve classname="org.apache.catalina.valves.accesslogvalve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log" suffix=".txt"/>         <context path="/rutas" docbase="c:\users\in006\cavwebapp" reloadable="true" crosscontext="false">         </context>     </host>      </engine>   </service> </server>

using this, i've tried access tomcat welcome page:

but none of them worked...

any tip?

thank you!

edit

solution:

<connector port="8443" protocol="http/1.1" sslenabled="true"        maxthreads="150" scheme="https" secure="true"        clientauth="false" sslprotocol="tls"         keystorefile="/etc/tomcat7/server.jks"        keystorepass="changeit" />

i've been able access through https://localhost:8443

you question lacks important details such tomcat's log , structure of keystore. example, key placed in keystore can password protected itself. port want use can occupied, etc, etc. there many things can go wrong.

in common, can advise keep things simple can. try snippet:

<connector port="443" protocol="http/1.1" sslenabled="true"            maxthreads="150" scheme="https" secure="true"            clientauth="false" sslprotocol="tls"             keystorefile="/etc/tomcat7/server.jks"            keystorepass="changeit" />

Search This Blog

Lix

java - SSL in Tomcat 8: server & client JKS + client public cer -

Comments

Post a Comment

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -