I need to deploy the iportal project under https protocol schema, therefore, I need to configure my tomcat 6 to make it support https connection. this sounds easy but it really take me some time because of some trivial stuffs. write them down to make future reference.
steps :
- generate keystore by using keytool
here is the tomcat official document
Create a certificate keystore by executing the following command:
Windows:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
question 1 : where is the generated .keystore file. after I run this command, I can not find where the generated file is. I make a folder named d:\work\keystore, under this folder, I run “keytool –genkey –alias tomcat –keyalg RSA”,
but I found nothing under folder keystore. after do a global search, I finally find the .keystore is in
c:\Document and Settings\xwei.HQ, this is the $user_home
2. change server.xml
<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true” keystoreFile=”${user.home}/.keystore” keystorePass=”Actuate” clientAuth=”false” sslProtocol=”TLS” />
queston2 arises from the ocean :
question 2 : the generated file is not working? here is the log
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property ‘keystoreFile’ to ‘C:\Documents and Settings\xwei.HQ\.keystore’ did not find a matching property.
Jul 26, 2011 2:32:52 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property ‘keystorePass’ to ‘123456’ did not find a matching property.
Jul 26, 2011 2:32:52 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property ‘clientAuth’ to ‘false’ did not find a matching property.
Jul 26, 2011 2:32:52 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Jul 26, 2011 2:32:53 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: No Certificate file specified or invalid file format
it seems the generated keystore file doesn’t work as expected, something must be wrong. tomcat document sucks.
3. change the protocol
Add protocol=”org.apache.coyote.http11.Http11NioProtocol” to the server.xml file in <path to Apache Tomcat>\Tomcat 6.0\conf
Example:
C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\server.xml
Example:
From:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
To:
<Connector port="8443" protocol=”org.apache.coyote.Http11NioProtocol” SSLEnabled="true” maxThreads="150" scheme="https" secure="true” clientAuth="false" sslProtocol="TLS" />
but still the same error log.
4. create a correct key. after google for some time, I finally write a batch to create a correct key which is working.
echo on keytool -v -genkey -alias abc -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -keypass 123456 -keystore d:\work\myKey\test
bingo, it finally works, but takes me more than one hour.
Thanks a lot – works fine and made my day 🙂
The protocol is: org.apache.coyote.http11.Http11NioProtocol