<div dir="ltr"><div><div><div><div><br></div>Whew. success at last! As we suspected the issue was with my server.xml connector configuration. Apparently tomcat supports both JSSE and APR connection types and I was doing a connector designed for APR and trying to connect by JSSE. (DOH!)<br>
<br></div>It should've been more like <br><br><Connector port="443" maxHttpHeaderSize="8192"<br> maxThreads="150" minSpareThreads="25" maxSpareThreads="76"<br>
enableLookups="false" disableUploadTimeout="true"<br> acceptCount="100" connectionTimeout="20000"<br> scheme="https"<br> secure="true"<br>
clientAuth="false"<br> sslProtocol="TLS"<br> SSLEnabled="true"<br> keystorePass="XXXXXXX"<br> keystoreFile="/openssl-1.0.0d_rhel6/ssl/certs/.keystore" /><br>
<br></div>Apologies for troubling the list!<br><br></div>Mike Bean<br><div><div><div><div><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Mike Bean</b> <span dir="ltr"><<a href="mailto:beandaemon@gmail.com">beandaemon@gmail.com</a>></span><br>
Date: Wed, Jun 19, 2013 at 8:37 AM<br>Subject: tomcat listeners<br>To: CLUE's mailing list <<a href="mailto:clue@cluedenver.org">clue@cluedenver.org</a>><br><br><br><div dir="ltr"><div><div><div>OK, I've been staring at this for a while now, it's going to make me crazy if I don't ask for advice. I've been following the steps at: <a href="http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html" target="_blank">http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html</a><br>
<br></div>We're trying to get tomcat to listen for SSL connections: and I've got tomcat working and serving pages on localhost:8080, and SSL accepting connections on 8080<br>via: openssl s_client -connect localhost:8080 -ssl3<br>
<br></div>Where the whole thing just kind of falls apart is that all the reading I've been doing suggests that once you have tomcat and SSL going, it's just a matter of configuring the tomcat server.xml to add a listener on the correct port<br>
<br><Connector port="8443" maxHttpHeaderSize="8192"<br> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"<br> enableLookups="false" disableUploadTimeout="true"<br>
acceptCount="100" scheme="https" secure="true"<br> SSLEngine="on"<br> SSLCertificateFile="/openssl-1.0.0d_rhel6/ssl/certs/myca.crt"<br>
SSLCertificateKeyFile="/openssl-1.0.0d_rhel6/ssl/private/localhost.key" /><br><br><br></div><div>When the service is running, there should be a listener on the port:<br><br>[root@XXXXXXXXXXX conf]# lsof -iTCP:8080<br>
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME<br>jsvc 15886 root 41u IPv6 492302 0t0 TCP *:webcache (LISTEN)<br><br></div><div>But I'm coming up dry every time:<br><br>[root@XXXXXXXXX conf]# lsof -iTCP:8443<br>
[root@XXXXXXXXX conf]#<br><br></div><div>The only errors I have in the tomcat log are of no use, they're on a different port. <br></div><div>I'm running on RHEL6.3<br></div><div><br></div><div>Everybody I talk to seems to think tomcat is the easiest thing in the world, but I'll be damned if I'm not seeing it. Advice is appreciated.<span class=""><font color="#888888"><br>
<br></font></span></div><span class=""><font color="#888888"><div>Mike Bean<br></div></font></span></div>
</div><br></div></div></div></div></div>