[clue] Fwd: tomcat listeners (solved)

foo7775 at comcast.net foo7775 at comcast.net
Wed Jun 19 09:37:41 MDT 2013 

Heh - if you're anything like me, posting to the list seems to be the prerequisite that finally "unlocks" the 'Aha! moment' - regardless of whether anyone replies to the message or not... ;-) 

T 
----- Original Message -----
From: "Mike Bean" <beandaemon at gmail.com> 
To: "CLUE's mailing list" <clue at cluedenver.org> 
Sent: Wednesday, June 19, 2013 9:27:10 AM 
Subject: [clue] Fwd: tomcat listeners (solved) 







Whew. success at last! As we suspected the issue was with my server.xml connector configuration. Apparently tomcat supports both JSSE and APR connection types and I was doing a connector designed for APR and trying to connect by JSSE. (DOH!) 

It should've been more like 

<Connector port="443" maxHttpHeaderSize="8192" 
maxThreads="150" minSpareThreads="25" maxSpareThreads="76" 
enableLookups="false" disableUploadTimeout="true" 
acceptCount="100" connectionTimeout="20000" 
scheme="https" 
secure="true" 
clientAuth="false" 
sslProtocol="TLS" 
SSLEnabled="true" 
keystorePass="XXXXXXX" 
keystoreFile="/openssl-1.0.0d_rhel6/ssl/certs/.keystore" /> 

Apologies for troubling the list! 

Mike Bean 






---------- Forwarded message ---------- 
From: Mike Bean < beandaemon at gmail.com > 
Date: Wed, Jun 19, 2013 at 8:37 AM 
Subject: tomcat listeners 
To: CLUE's mailing list < clue at cluedenver.org > 






OK, I've been staring at this for a while now, it's going to make me crazy if I don't ask for advice. I've been following the steps at: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html 

We're trying to get tomcat to listen for SSL connections: and I've got tomcat working and serving pages on localhost:8080, and SSL accepting connections on 8080 
via: openssl s_client -connect localhost:8080 -ssl3 

Where the whole thing just kind of falls apart is that all the reading I've been doing suggests that once you have tomcat and SSL going, it's just a matter of configuring the tomcat server.xml to add a listener on the correct port 

<Connector port="8443" maxHttpHeaderSize="8192" 
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
enableLookups="false" disableUploadTimeout="true" 
acceptCount="100" scheme="https" secure="true" 
SSLEngine="on" 
SSLCertificateFile="/openssl-1.0.0d_rhel6/ssl/certs/myca.crt" 
SSLCertificateKeyFile="/openssl-1.0.0d_rhel6/ssl/private/localhost.key" /> 



When the service is running, there should be a listener on the port: 

[root at XXXXXXXXXXX conf]# lsof -iTCP:8080 
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME 
jsvc 15886 root 41u IPv6 492302 0t0 TCP *:webcache (LISTEN) 


But I'm coming up dry every time: 

[root at XXXXXXXXX conf]# lsof -iTCP:8443 
[root at XXXXXXXXX conf]# 


The only errors I have in the tomcat log are of no use, they're on a different port. 

I'm running on RHEL6.3 



Everybody I talk to seems to think tomcat is the easiest thing in the world, but I'll be damned if I'm not seeing it. Advice is appreciated. 


Mike Bean 


_______________________________________________ 
clue mailing list: clue at cluedenver.org 
For information, account preferences, or to unsubscribe see: 
http://cluedenver.org/mailman/listinfo/clue 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20130619/9c6589d5/attachment.html

More information about the clue mailing list