<div dir="ltr">Kinda. Even if nobody responds to it, posting to the list for advice forces to me organize my thoughts and what I've done in a way that I hope others can understand. Sometimes moving the parts around like that helps. But I can't say it did this time. I showed my server.xml to a co-worker, he pointed out what was wrong with it. (New set of eyes!)<br>
<br>Mike Bean<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 19, 2013 at 9:37 AM, <span dir="ltr"><<a href="mailto:foo7775@comcast.net" target="_blank">foo7775@comcast.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:12pt;font-family:Arial">Heh - if you're anything like me, posting to the list seems to be the prerequisite that finally "unlocks" the 'Aha! moment' - regardless of whether anyone replies to the message or not... ;-)<br>
<br>T<br><hr><b>From: </b>"Mike Bean" <<a href="mailto:beandaemon@gmail.com" target="_blank">beandaemon@gmail.com</a>><div class="im"><br><b>To: </b>"CLUE's mailing list" <<a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a>><br>
</div><b>Sent: </b>Wednesday, June 19, 2013 9:27:10 AM<br><b>Subject: </b>[clue] Fwd: tomcat listeners (solved)<div><div class="h5"><br><br><div dir="ltr"><div><div><div><div><br></div>Whew. success at last! As we suspected the issue was with my server.xml connector configuration. Apparently tomcat supports both JSSE and APR connection types and I was doing a connector designed for APR and trying to connect by JSSE. (DOH!)<br>
<br></div>It should've been more like <br><br><Connector port="443" maxHttpHeaderSize="8192"<br> maxThreads="150" minSpareThreads="25" maxSpareThreads="76"<br>
enableLookups="false" disableUploadTimeout="true"<br> acceptCount="100" connectionTimeout="20000"<br> scheme="https"<br> secure="true"<br>
clientAuth="false"<br> sslProtocol="TLS"<br> SSLEnabled="true"<br> keystorePass="XXXXXXX"<br> keystoreFile="/openssl-1.0.0d_rhel6/ssl/certs/.keystore" /><br>
<br></div>Apologies for troubling the list!<br><br></div>Mike Bean<br><div><div><div><div><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Mike Bean</b> <span dir="ltr"><<a href="mailto:beandaemon@gmail.com" target="_blank">beandaemon@gmail.com</a>></span><br>
Date: Wed, Jun 19, 2013 at 8:37 AM<br>Subject: tomcat listeners<br>To: CLUE's mailing list <<a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a>><br><br><br><div dir="ltr"><div><div><div>
OK, I've been staring at this for a while now, it's going to make me crazy if I don't ask for advice. I've been following the steps at: <a href="http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html" target="_blank">http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html</a><br>
<br></div>We're trying to get tomcat to listen for SSL connections: and I've got tomcat working and serving pages on localhost:8080, and SSL accepting connections on 8080<br>via: openssl s_client -connect localhost:8080 -ssl3<br>
<br></div>Where the whole thing just kind of falls apart is that all the reading I've been doing suggests that once you have tomcat and SSL going, it's just a matter of configuring the tomcat server.xml to add a listener on the correct port<br>
<br><Connector port="8443" maxHttpHeaderSize="8192"<br> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"<br> enableLookups="false" disableUploadTimeout="true"<br>
acceptCount="100" scheme="https" secure="true"<br> SSLEngine="on"<br> SSLCertificateFile="/openssl-1.0.0d_rhel6/ssl/certs/myca.crt"<br>
SSLCertificateKeyFile="/openssl-1.0.0d_rhel6/ssl/private/localhost.key" /><br><br><br></div><div>When the service is running, there should be a listener on the port:<br><br>[root@XXXXXXXXXXX conf]# lsof -iTCP:8080<br>
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME<br>jsvc 15886 root 41u IPv6 492302 0t0 TCP *:webcache (LISTEN)<br><br></div><div>But I'm coming up dry every time:<br><br>[root@XXXXXXXXX conf]# lsof -iTCP:8443<br>
[root@XXXXXXXXX conf]#<br><br></div><div>The only errors I have in the tomcat log are of no use, they're on a different port. <br></div><div>I'm running on RHEL6.3<br></div><div><br></div><div>Everybody I talk to seems to think tomcat is the easiest thing in the world, but I'll be damned if I'm not seeing it. Advice is appreciated.<span><font color="#888888"><br>
<br></font></span></div><span><font color="#888888"><div>Mike Bean<br></div></font></span></div>
</div><br></div></div></div></div></div>
<br></div></div>_______________________________________________<br>clue mailing list: <a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a><br>For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a></div></div><br>_______________________________________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br></blockquote></div><br></div>