3rd update:
For the 2nd issue below, I had some "http" references in my static html
file--that's why I was getting the message about the page having unencrypted
elements on it. :-)
I still haven't figured out the 1st issue regarding ports 443/8443, but 443
is the one I want anyhow, so it's not critical that I figure that out
(although I'm curious!)
Sonny
>From: "Sonny Sukumar" <ahimsadesi@(protected)>
>
>
>2nd Update:
>
>--I reconfigured the SSL port from 8443 to 443 on our server (as well as
>the redirect port), and all of a sudden I can connect using SSL. I don't
>understand why 8443 didn't work. Any ideas??
>
>--Now when I request static HTML pages, I get a browser alert saying that
>some of the info on the requested page is NOT encrypted, so it displays a
>lock broken in half instead of the golden lock I so desire. :-( I can't
>understand how a page would get partially encrypted--especially a static
>HTML page.
>
>I'm not sure if it's relevant, but I use Cocoon for the backend (2.1.2) in
>conjunction with Tomcat (4.1.27) on Linux (RedHat 7.3).
>
>Sonny
>
>>From: "Sonny Sukumar" <ahimsadesi@(protected)>
>>
>>
>>Update: I did a "keytool -list" with the "-rfc" options and discovered
>>that all the certs *are* in fact there, but just that public/private key
>>were bundled together under the same alias. The way it lists the certs by
>>default is what confused me.
>>
>>HOWEVER, I uploaded the keystore to our server, set up server.xml, and
>>restarted Tomcat, but every single secure connection I attempt just times
>>out. I don't understand why this happens.
>>
>>Here's my server.xml SSL connector:
>>
>> <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
>> <Connector className="
org.apache.coyote.tomcat4.CoyoteConnector"
>> port="8443" minProcessors="5" maxProcessors="75"
>> enableLookups="true"
>> acceptCount="100" debug="0" scheme="https" secure="true"
>> useURIValidationHack="false" disableUploadTimeout="true"
>> compression="on">
>> <Factory
>>className="
org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
>> clientAuth="false" protocol="TLS" keystorePass="changeit"
>> keystoreFile="conf/.keystore"/>
>> </Connector>
>>
>>Btw, does anybody know how to secure the server.xml file? It contains
>>some clear text passwords, so this really concerns me! (Yes, I know
>>"changeit" is the default password even without specifying it here).
>>
>>Also, I don't currently have any <security-contraint>s set in my web.xml.
>>
>>Thanks for any insights!
>>
>>Sonny
>>
>>>From: "Sonny Sukumar" <ahimsadesi@(protected)>
>>>Reply-To: ssukumar@(protected)
>>>To: tomcat-user@(protected)
>>>Subject: Re: [HELP!] Which key alias names to use for SSL?
>>>Date: Sat, 11 Oct 2003 14:12:17 -0700
>>>
>>>
>>>Hi Adam,
>>>
>>>Your first step was:
>>>># keytool -genkey -alias tomcat -keyalg RSA
>>>
>>>and your last step was:
>>>># keytool -import trustcacerts -file public.crt -alias tomcat
>>>
>>>So you used the same alias ("tomcat") for both the private key and the
>>>signed public key. This is what doesn't work for me, because when I
>>>import the signed public key using the same ("tomcat") alias, my private
>>>key gets overwritten. I've verified this using "keytool list -keystore
>>>./.keystore"
>>>
>>>I also have the root cert from GeoTrust in there with alias "root". The
>>>root cert is actually an Equifax cert valid from 1998 to 2018, but the
>>>GeoTrust tech support rep told me to use that one. Could this be the
>>>problem?
>>>
>>>Other ideas?
>>>
>>>Thanks,
>>>
>>>Sonny
>>>
>>>>From: Adam Hardy <ahardy.struts@(protected)>
>>>
>>>>On 10/11/2003 09:08 PM Sonny Sukumar wrote:
>>>>>
>>>>>[I sent this once before, but got no response, and I'm not sure what to
>>>>>do. Thanks in advance.]
>>>>>
>>>>>Hi guys,
>>>>>
>>>>>I'm trying to setup my Tomcat (4.1.27) server to work with SSL. I got
>>>>>a CA-signed cert to go with my private key and CA root cert, but I'm
>>>>>confused as to how to name the alias for the CA-signed-cert and my
>>>>>private key.
>>>>>
>>>>>The Tomcat SSL How-To is confusing me, becuase it says to give the
>>>>>"tomcat" alias to both the private key and the CA-signed key. I tried
>>>>>it and it overwrote my private key (luckily I made a backup of my
>>>>>keystore).
>>>>>
>>>>>I'm looking at this documentation:
>>>>>http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
>>>>>
>>>>>It also doesn't seem possible to configure the alias names in
>>>>>server.xml. So what alias names should I use? :-)
>>>
>>>_________________________________________________________________
>>>Instant message with integrated webcam using MSN Messenger 6.0. Try it
>>>now FREE! http://msnmessenger-download.com
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>>>For additional commands, e-mail: tomcat-user-help@(protected)
>>>
>>
>>_________________________________________________________________
>>Share your photos without swamping your Inbox. Get Hotmail Extra Storage
>>today! http://join.msn.com/?PAGE=features/es
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>>For additional commands, e-mail: tomcat-user-help@(protected)
>>
>
>_________________________________________________________________
>Frustrated with dial-up? Get high-speed for as low as $29.95/month
>(depending on the local service providers in your area).
>https://broadband.msn.com
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>For additional commands, e-mail: tomcat-user-help@(protected)
>
_________________________________________________________________
Instant message during games with MSN Messenger 6.0. Download it now FREE!
http://msnmessenger-download.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
