[clue] Fwd: tomcat listeners (solved)

Mike Bean beandaemon at gmail.com
Wed Jun 19 10:38:07 MDT 2013 

Kinda.  Even if nobody responds to it, posting to the list for advice
forces to me organize my thoughts and what I've done in a way that I hope
others can understand.   Sometimes moving the parts around like that
helps.  But I can't say it did this time.  I showed my server.xml to a
co-worker, he pointed out what was wrong with it.    (New set of eyes!)

Mike Bean


On Wed, Jun 19, 2013 at 9:37 AM, <foo7775 at comcast.net> wrote:

> Heh - if you're anything like me, posting to the list seems to be the
> prerequisite that finally "unlocks" the 'Aha! moment' - regardless of
> whether anyone replies to the message or not...  ;-)
>
> T
> ------------------------------
> *From: *"Mike Bean" <beandaemon at gmail.com>
>
> *To: *"CLUE's mailing list" <clue at cluedenver.org>
> *Sent: *Wednesday, June 19, 2013 9:27:10 AM
> *Subject: *[clue] Fwd: tomcat listeners (solved)
>
>
>
> Whew.   success at last!   As we suspected the issue was with my
> server.xml connector configuration.  Apparently tomcat supports both JSSE
> and APR connection types and I was doing a connector designed for APR and
> trying to connect by JSSE.   (DOH!)
>
> It should've been more like
>
> <Connector port="443" maxHttpHeaderSize="8192"
>          maxThreads="150" minSpareThreads="25" maxSpareThreads="76"
>          enableLookups="false" disableUploadTimeout="true"
>          acceptCount="100" connectionTimeout="20000"
>          scheme="https"
>          secure="true"
>          clientAuth="false"
>          sslProtocol="TLS"
>          SSLEnabled="true"
>          keystorePass="XXXXXXX"
>          keystoreFile="/openssl-1.0.0d_rhel6/ssl/certs/.keystore" />
>
> Apologies for troubling the list!
>
> Mike Bean
>
> ---------- Forwarded message ----------
> From: Mike Bean <beandaemon at gmail.com>
> Date: Wed, Jun 19, 2013 at 8:37 AM
> Subject: tomcat listeners
> To: CLUE's mailing list <clue at cluedenver.org>
>
>
> OK, I've been staring at this for a while now, it's going to make me crazy
> if I don't ask for advice.  I've been following the steps at:
> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
>
> We're trying to get tomcat to listen for SSL connections: and I've got
> tomcat working and serving pages on localhost:8080, and SSL accepting
> connections on 8080
> via: openssl s_client -connect localhost:8080 -ssl3
>
> Where the whole thing just kind of falls apart is that all the reading
> I've been doing suggests that once you have tomcat and SSL going, it's just
> a matter of configuring the tomcat server.xml to add a listener on the
> correct port
>
> <Connector port="8443" maxHttpHeaderSize="8192"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                SSLEngine="on"
>
> SSLCertificateFile="/openssl-1.0.0d_rhel6/ssl/certs/myca.crt"
>
> SSLCertificateKeyFile="/openssl-1.0.0d_rhel6/ssl/private/localhost.key" />
>
>
> When the service is running, there should be a listener on the port:
>
> [root at XXXXXXXXXXX conf]# lsof -iTCP:8080
> COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
> jsvc    15886 root   41u  IPv6 492302      0t0  TCP *:webcache (LISTEN)
>
> But I'm coming up dry every time:
>
> [root at XXXXXXXXX conf]# lsof -iTCP:8443
> [root at XXXXXXXXX conf]#
>
> The only errors I have in the tomcat log are of no use, they're on a
> different port.
> I'm running on RHEL6.3
>
> Everybody I talk to seems to think tomcat is the easiest thing in the
> world, but I'll be damned if I'm not seeing it.  Advice is appreciated.
>
> Mike Bean
>
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20130619/6d644cdd/attachment.html

More information about the clue mailing list