[clue] Fwd: tomcat listeners (solved)
foo7775 at comcast.net
foo7775 at comcast.net
Wed Jun 19 09:37:41 MDT 2013
Heh - if you're anything like me, posting to the list seems to be the prerequisite that finally "unlocks" the 'Aha! moment' - regardless of whether anyone replies to the message or not... ;-)
T
----- Original Message -----
From: "Mike Bean" <beandaemon at gmail.com>
To: "CLUE's mailing list" <clue at cluedenver.org>
Sent: Wednesday, June 19, 2013 9:27:10 AM
Subject: [clue] Fwd: tomcat listeners (solved)
Whew. success at last! As we suspected the issue was with my server.xml connector configuration. Apparently tomcat supports both JSSE and APR connection types and I was doing a connector designed for APR and trying to connect by JSSE. (DOH!)
It should've been more like
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="76"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" connectionTimeout="20000"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
SSLEnabled="true"
keystorePass="XXXXXXX"
keystoreFile="/openssl-1.0.0d_rhel6/ssl/certs/.keystore" />
Apologies for troubling the list!
Mike Bean
---------- Forwarded message ----------
From: Mike Bean < beandaemon at gmail.com >
Date: Wed, Jun 19, 2013 at 8:37 AM
Subject: tomcat listeners
To: CLUE's mailing list < clue at cluedenver.org >
OK, I've been staring at this for a while now, it's going to make me crazy if I don't ask for advice. I've been following the steps at: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
We're trying to get tomcat to listen for SSL connections: and I've got tomcat working and serving pages on localhost:8080, and SSL accepting connections on 8080
via: openssl s_client -connect localhost:8080 -ssl3
Where the whole thing just kind of falls apart is that all the reading I've been doing suggests that once you have tomcat and SSL going, it's just a matter of configuring the tomcat server.xml to add a listener on the correct port
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEngine="on"
SSLCertificateFile="/openssl-1.0.0d_rhel6/ssl/certs/myca.crt"
SSLCertificateKeyFile="/openssl-1.0.0d_rhel6/ssl/private/localhost.key" />
When the service is running, there should be a listener on the port:
[root at XXXXXXXXXXX conf]# lsof -iTCP:8080
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
jsvc 15886 root 41u IPv6 492302 0t0 TCP *:webcache (LISTEN)
But I'm coming up dry every time:
[root at XXXXXXXXX conf]# lsof -iTCP:8443
[root at XXXXXXXXX conf]#
The only errors I have in the tomcat log are of no use, they're on a different port.
I'm running on RHEL6.3
Everybody I talk to seems to think tomcat is the easiest thing in the world, but I'll be damned if I'm not seeing it. Advice is appreciated.
Mike Bean
_______________________________________________
clue mailing list: clue at cluedenver.org
For information, account preferences, or to unsubscribe see:
http://cluedenver.org/mailman/listinfo/clue
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20130619/9c6589d5/attachment.html
More information about the clue
mailing list