MathJax

SyntaxHighlighter

Highlight

Custom CSS

Wednesday, April 12, 2006

SSL with Tomcat

The Tomcat documentation for SSL setup is not entirely correct. The How-to on the Jakarta website is accurate about keystore creation, but the snippet of XML for your server.xml file is outdated.

I suppose it's because they keep changing the format of that file and the documentation is having trouble keeping up. If you include the className attribute in your Connector element, it is likely that Tomcat will start, and then promptly throw an InvocationTargetException, which you will see if you look at your stdoutXXX.log file (or your catalina.out file if you've opted for the huge monolithic catalina.out logging solution).

Instead, you should use the following snippet without the className attribute. Name sure you declare it within the you want to use (typically it is Catalina).

<Connector port="8443"
        maxHttpHeaderSize="8192"
        maxThreads="150"
        minSpareThreads="25"
        maxSpareThreads="75"
        enableLookups="false"
        disableUploadTimeout="true"
        acceptCount="100"
        scheme="https"
        secure="true"
        clientAuth="false"
        keypass="password"
        sslProtocol="TLS"/>

Make sure you follow the rest of the instructions for setting up your keystore, and place the keystoreFile attribute within the Connector element (there's no Factory element for Tomcat 5) if your keystore isn't located in the same directory as your home directory, or you're not running Tomcat as yourself (highly likely if you're running Linux).

Note: Generate your keystore file with this command:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
Post a Comment