SSL configuration at Tomcat 6
Dear all, I have installed a Tomcat 6 (tomcat-6.0.26) web server, not a clear installation but included at the installation of Liferay (Liferay bundled with tomcat). I want to configure SSL in order to access the site hosted by the Tomcat server with digital certificates. I obtained a server certificate from a CA, by creating the private key and certificate signing request using an openssl command. I tried with the following command, to import to the server the certificate: # openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem \ -out mycert.p12 -name tomcat -CAfile myCA.crt \ -caname root -chain but I got the error "Error unable to get local issuer certificate getting chain", so I used the following command: keytool -import -alias tomcat -file hostcert.pem which executed successfully and the file /root/.keystore created. Then at the server.xml file I defined the following default JSSE connector for SSL: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> but at tomcat logs (catalina.out) I get the error: LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: jsse.invalid_ssl_confb I used also and the following APR connector, after installing the APR libraries: <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtoc ol" maxThreads="200" SSLEngine="on" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/etc/grid-security/hostcert.pem" SSLCertificateKeyFile="/etc/grid-security/hostkey.pem" SSLProtocol="TLSv1" clientAuth="false" sslProtocol="TLS" /> but tomcat is not starting at all after stopping it. I would appreciate any help on how can configure SSL. Regards, Vasilis |
No comments:
Post a Comment