[clue] Fwd: tomcat listeners (solved)

Mike Bean beandaemon at gmail.com
Wed Jun 19 09:27:10 MDT 2013 

Whew.   success at last!   As we suspected the issue was with my server.xml
connector configuration.  Apparently tomcat supports both JSSE and APR
connection types and I was doing a connector designed for APR and trying to
connect by JSSE.   (DOH!)

It should've been more like

<Connector port="443" maxHttpHeaderSize="8192"
         maxThreads="150" minSpareThreads="25" maxSpareThreads="76"
         enableLookups="false" disableUploadTimeout="true"
         acceptCount="100" connectionTimeout="20000"
         scheme="https"
         secure="true"
         clientAuth="false"
         sslProtocol="TLS"
         SSLEnabled="true"
         keystorePass="XXXXXXX"
         keystoreFile="/openssl-1.0.0d_rhel6/ssl/certs/.keystore" />

Apologies for troubling the list!

Mike Bean

---------- Forwarded message ----------
From: Mike Bean <beandaemon at gmail.com>
Date: Wed, Jun 19, 2013 at 8:37 AM
Subject: tomcat listeners
To: CLUE's mailing list <clue at cluedenver.org>


OK, I've been staring at this for a while now, it's going to make me crazy
if I don't ask for advice.  I've been following the steps at:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

We're trying to get tomcat to listen for SSL connections: and I've got
tomcat working and serving pages on localhost:8080, and SSL accepting
connections on 8080
via: openssl s_client -connect localhost:8080 -ssl3

Where the whole thing just kind of falls apart is that all the reading I've
been doing suggests that once you have tomcat and SSL going, it's just a
matter of configuring the tomcat server.xml to add a listener on the
correct port

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEngine="on"
               SSLCertificateFile="/openssl-1.0.0d_rhel6/ssl/certs/myca.crt"

SSLCertificateKeyFile="/openssl-1.0.0d_rhel6/ssl/private/localhost.key" />


When the service is running, there should be a listener on the port:

[root at XXXXXXXXXXX conf]# lsof -iTCP:8080
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
jsvc    15886 root   41u  IPv6 492302      0t0  TCP *:webcache (LISTEN)

But I'm coming up dry every time:

[root at XXXXXXXXX conf]# lsof -iTCP:8443
[root at XXXXXXXXX conf]#

The only errors I have in the tomcat log are of no use, they're on a
different port.
I'm running on RHEL6.3

Everybody I talk to seems to think tomcat is the easiest thing in the
world, but I'll be damned if I'm not seeing it.  Advice is appreciated.

Mike Bean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20130619/be391a1c/attachment.html

More information about the clue mailing list