it is neccessary to install both server tomcat5 and apache2 for running JSP with SSL

nomis · 03-31-2008, 04:07 AM

hi
i m new in OpenSource i have two questions

1. Can any one tell me if i m running my JSP page using Tomcat5 as web server and want to configure SSL on Tomcat5 is that necessary to install Apache2.

2. i properly generate keystore

keytool -genkey -alias tomcat -keyalg RSA \
-keystore <your_keystore_filename>

then generate CSR

keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \
-keystore <your_keystore_filename>

ok the detail i enter while generate CSR is

YourName : localhost

rest of the option of generating CSR i m not mention here and send to certificate authority. Certificate authority send me 5 files
which i properly install by using following command

keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore mykeystore.key
keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore mykeystore.key
keytool -import -trustcacerts -alias ComodoUTNServerCA -file ComodoUTNServerCA.crt -keystore mykeystore
keytool -import -trustcacerts -alias EssentialSSLCA -file EssentialSSLCA.crt -keystore mykeystore
keytool -import -trustcacerts -alias tomcat -file localhost.crt -keystore mykeystore

if there is any mistake in above please correct me. Then amendments in my server.xml which reside tomcat55/bin/conf/

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->


after that i restart my tomcat and try to access https://locahost:8443/ i got following error

Unable to connect

Firefox can't establish a connection to the server at localhost:8443.

* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web

Appreciation in advance

bathory · 04-01-2008, 02:09 AM

1. Nope, you can use just tomcat
2.
Remove the comment tags ( ) around the Connector element, restart tomcat and try again. I.e. you should have:

Code:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

<Connector
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS" keystorefile-"$JAVA_HOME/bin/mykeystore.key" keypass="123456"/>

nomis · 04-01-2008, 11:32 PM

i already did but still its no working when i trying to access any https website its not allow me to access it any clue ??

bathory · 04-02-2008, 02:07 AM

Does tomcat running? Is port 8443 listening? What are the logs saying?
Replace @JAVA_HOME in the Connector definition with the actual full path to java:

Code:

<Connector
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS" keystorefile-"/path/to/java/bin/mykeystore.key" keypass="123456"/>

and see what happens

Regards

nomis · 04-04-2008, 04:42 AM

i did but still showing same error

Firefox can't establish a connection to the server at localhost:8443.

bathory · 04-04-2008, 05:55 AM

Is tomcat running?

Code:

ps -ef|grep tomcat

Is it listening on port 8443?

Code:

 netstat -tanpl|grep 8443

If not take a look at tomcat logs, specially catalina.out and localhost-date-xyz.log to see if you find the reason.

nomis · 04-05-2008, 02:18 AM

i get following error

INFO: Starting Coyote HTTP/1.1 on http-8080
Apr 5, 2008 8:08:13 AM org.apache.coyote.http11.Http11BaseProtocol start
SEVERE: Error starting endpoint
java.io.FileNotFoundException: /usr/share/tomcat55/.keystore (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:106)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:284)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:227)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:142)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:111)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293)
at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:313)
at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:151)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:76)
at org.apache.catalina.connector.Connector.start(Connector.java:1090)
at org.apache.catalina.core.StandardService.start(StandardService.java:457)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Apr 5, 2008 8:08:13 AM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.FileNotFoundException: /usr/share/tomcat55/.keystore (No such file or directory)
at org.apache.catalina.connector.Connector.start(Connector.java:1097)
at org.apache.catalina.core.StandardService.start(StandardService.java:457)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Apr 5, 2008 8:08:13 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 987 ms
"catalina.2008-04-05.log" 92L, 6844C

nomis · 04-05-2008, 02:21 AM

i store my mykeystore.key in /usr/lib/jvm/java/bin/mykeystore.key is that n e problem if i m store in $JAVA_HOME

nomis · 04-05-2008, 02:51 AM

i am already mention in my sever.xml file where is keystore file and store password. Here is my server.xml file details


<Connector port="443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystorefile="/usr/lib/jvm/java/bin/mykeystore.key" keypass="123456" />

bathory · 04-07-2008, 01:43 AM

Quote:

Apr 5, 2008 8:08:13 AM org.apache.coyote.http11.Http11BaseProtocol start
SEVERE: Error starting endpoint
java.io.FileNotFoundException: /usr/share/tomcat55/.keystore (No such file or directory)

Are you sure you're using the correct tomcat installation (i.e the correct server.xml)? Why is tomcat looking for the keystore under /usr/share/tomcat55?

nomis · 04-15-2008, 11:44 PM

hey guyz i resolve my problem but thanks for all members who share there experiences.
actually when we generating keystore so by default tomcat5.5 save ".keystore" file in "usr/share/tomcat55/.keystore".
so save your keystore file at tomcat by default location, i hope its help other
thanks