Results 1 to 9 of 9
  1. #1
    Join Date
    Jul 2009
    Posts
    33

    Tomcat/APR and SSL

    HI all this post is mainly to clarify for me, and hopefully others what they need to do when acquiring/configuring ssl tomcat/apr: (I'm still not up and running..(still waiting for my cert reissue) but hopefully I'm on the right track now).

    I initially ordered my cert following RapidSSL's tomcat/jakarta instructions. doing this gives you the following files:

    domainName.csr -->Send this to rapidSSL
    domainName.cer <-- Recieve from RapidSSL
    domainName.kdb <-- Built per RapidSSL's tomcat/jakarta instructions.

    These files will not work with tomcat/APR.

    I believe the proper instructions at RapidSSL are infact the Apache-ModSSL.
    as these will generate:
    1) domainName.key <-- Your server Private Key
    2) domainName.csr -->Send to RapidSSL
    3) domainName.cer <-- Receive from RapidSSL

    now when configuring your server.xml

    u set:
    SSLCertificateFile="domainName.crt"
    SSLCertificateKeyFile="domainName.key"
    SSLPassword="xxxx"

    Can anyone confirm/deny this is correct?
    i.e. when setting up tomcat/APR ssl you need to follow modssl instructions (i.e. your using openssl not tomcats built in ssl).

  2. #2
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by MrDano View Post
    HI all this post is mainly to clarify for me, and hopefully others what they need to do when acquiring/configuring ssl tomcat/apr: (I'm still not up and running..(still waiting for my cert reissue) but hopefully I'm on the right track now).

    I believe the proper instructions at RapidSSL are infact the Apache-ModSSL.
    as these will generate:
    1) domainName.key <-- Your server Private Key
    2) domainName.csr -->Send to RapidSSL
    3) domainName.cer <-- Receive from RapidSSL

    now when configuring your server.xml

    u set:
    SSLCertificateFile="domainName.crt"
    SSLCertificateKeyFile="domainName.key"
    SSLPassword="xxxx"

    Can anyone confirm/deny this is correct?
    i.e. when setting up tomcat/APR ssl you need to follow modssl instructions (i.e. your using openssl not tomcats built in ssl).

    Hello,

    Did you follow these steps?

    http://www.rapidssl.com/ssl-certific...rta_tomcat.htm

  3. #3
    Join Date
    Jul 2009
    Posts
    33
    Yes, I followed those instructions they don't work (for tomcat/APR combo), btw: those are only half of the instructions....

    Here is what I did (the working path):
    1) Instruction page 1:
    Here you create a private Server CERT (the .key file), and generate the proper CSR
    http://www.rapidssl.com/ssl-certific...he_mod_ssl.htm

    2) Now assuming you got your cert, follow instructions per tomcat/APR from Apache not RapidSSL.
    http://tomcat.apache.org/tomcat-6.0-doc/apr.html

    This assumes you already have the APR already installed and running.

    Bottom line is: APR == APACHE PORTABLE RUNTIME, which uses openssl not tomcat ssl..there u need to follow the apache INSTRUCTIONS WHEN GETTING your cert.

    Well I hope that helps people out there.

    In theory this should perform much faster then tomcat ssl.

    Cheers
    Last edited by MrDano; 08-07-2009 at 04:02 PM.

  4. #4
    Join Date
    Sep 2007
    Posts
    368

  5. #5
    Join Date
    Jul 2009
    Posts
    33
    Its not that their instructions are incorrect, they do not have instructions on their website for tomcat/APR, they have instructions for tomcat.

    What they really need is another link for CSR Generation that is titled: Tomcat/APR.

    Then on their CERT install page they need another link: that is title Tomcat/APR Cert install.

    hope that clears things up.

  6. #6
    Join Date
    Jul 2009
    Posts
    33
    BTW: Here is why u want tomcat/apr

    Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets).

  7. #7
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by MrDano View Post
    Its not that their instructions are incorrect, they do not have instructions on their website for tomcat/APR, they have instructions for tomcat.

    What they really need is another link for CSR Generation that is titled: Tomcat/APR.

    Then on their CERT install page they need another link: that is title Tomcat/APR Cert install.

    hope that clears things up.

    Hmm,

    http://code.google.com/p/jianwikis/w...mcatSSLWithAPR

  8. #8
    Join Date
    Jul 2009
    Posts
    33
    Interesting..my approach was much simpler but, their approach may support more..I do not have a cert chain....not sure if mean my solution is less secure or not..I only have these values set in my server.xml:
    SSLCertificateFile="domainName.crt"
    SSLCertificateKeyFile="domainName.key"
    SSLPassword="xxxx"
    no SSLA...values..

    it appears to working just fine..except..I need to tweak my login process..as now everything stays in ssl mode once a user logs in..which is not my intent..but thats a different issue

  9. #9
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by MrDano View Post
    Interesting..my approach was much simpler but, their approach may support more..I do not have a cert chain....not sure if mean my solution is less secure or not..I only have these values set in my server.xml:
    SSLCertificateFile="domainName.crt"
    SSLCertificateKeyFile="domainName.key"
    SSLPassword="xxxx"
    no SSLA...values..

    it appears to working just fine..except..I need to tweak my login process..as now everything stays in ssl mode once a user logs in..which is not my intent..but thats a different issue
    Hmmm, you need to post your all detail what exactly you are checking, just checking by yourself finding solutions by ourself still no one clear what exactly you are doing how exactly you solved, SSL certificate configuration is not hard, its pretty simple for all web server if someone have idea about it or configure any one ssl certificate on any webserver

Similar Threads

  1. DA-Tomcat ~ Tomcat Manager Plugin for DirectAdmin
    By hehachris in forum Other Web Hosting Related Offers
    Replies: 3
    Last Post: 10-07-2010, 07:45 PM
  2. SSL tomcat/Apache or Tomcat/APR
    By MrDano in forum Hosting Security and Technology
    Replies: 2
    Last Post: 08-07-2009, 12:05 PM
  3. Tomcat and JSP
    By skzubair in forum Web Hosting
    Replies: 2
    Last Post: 05-08-2007, 07:33 AM
  4. Admin to configure Tomcat 4 to run with Tomcat 3
    By dpshost in forum Employment / Job Offers
    Replies: 0
    Last Post: 09-17-2002, 02:55 PM
  5. TomCat
    By D8Mike in forum Dedicated Server
    Replies: 2
    Last Post: 08-02-2002, 05:05 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •