Saturday 17 December 2011

SSL configuration at Tomcat 6

SSL configuration at Tomcat 6

Dear all,

I have installed a Tomcat 6 (tomcat-6.0.26) web server, not a clear installation but included at the installation of Liferay (Liferay bundled with tomcat). I want to configure SSL in order to access the site hosted by the Tomcat server with digital certificates. I obtained a server certificate from a CA, by creating the private key and certificate signing request using an openssl command. I tried with the following command, to import to the server the certificate:

# openssl pkcs12 -export -in hostcert.pem
-inkey hostkey.pem \
-out mycert.p12 -name tomcat -CAfile myCA.crt \
-caname root -chain

but I got the error "Error unable to get local issuer certificate getting chain", so I used the following command:

keytool -import -alias tomcat -file hostcert.pem

which executed successfully and the file /root/.keystore created.

Then at the server.xml file I defined the following default JSSE connector for SSL:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

but at tomcat logs (catalina.out) I get the error:

LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: jsse.invalid_ssl_confb

I used also and the following APR connector, after installing the APR libraries:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtoc ol"
maxThreads="200"
SSLEngine="on"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/etc/grid-security/hostcert.pem"
SSLCertificateKeyFile="/etc/grid-security/hostkey.pem"
SSLProtocol="TLSv1"
clientAuth="false" sslProtocol="TLS" />

but tomcat is not starting at all after stopping it.

I would appreciate any help on how can configure SSL.

Regards,

Vasilis

No comments:

Post a Comment