{"id":822,"date":"2009-04-29T12:15:07","date_gmt":"2009-04-29T17:15:07","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=822"},"modified":"2011-05-15T12:03:43","modified_gmt":"2011-05-15T17:03:43","slug":"tomcat-ssl","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=822","title":{"rendered":"Tomcat 5 SSL"},"content":{"rendered":"<p>* Create a self signed keystore named tomcat.keystore in the %CATALINA_HOME%\\conf directory.<\/p>\n<pre>keytool.exe -genkey -alias tomcat -keyalg RSA -storepass changeit -keypass changeit -dname \"cn=localhost\" -keystore tomcat.keystore<\/pre>\n<p>* Config Tomcat conf\/server.xml to use generated keystore:<\/p>\n<pre lang=\"xml\">\r\n<Connector \r\n     protocol=\"org.apache.coyote.http11.Http11Protocol\"\r\n     port=\"8443\" maxHttpHeaderSize=\"8192\"\r\n     maxThreads=\"150\" minSpareThreads=\"25\" maxSpareThreads=\"75\"\r\n     enableLookups=\"false\" disableUploadTimeout=\"true\"\r\n     acceptCount=\"100\" scheme=\"https\" secure=\"true\"\r\n     clientAuth=\"false\" sslProtocol=\"TLS\"\r\n     keystoreFile=\"C:\/prog\/apache-tomcat-5.5.29\/conf\/tomcat.keystore\"\r\n     keystorePass=\"changeit\" \/>\r\n<\/pre>\n<p><strong>For two way SSL<\/strong><br \/>\n* Import trusted certificate(s) into truststore named tomcat.truststore in the %CATALINA_HOME%\\conf directory.<\/p>\n<pre>keytool.exe -import -v -keystore tomcat.truststore -alias client -storepass changeit -file client.cert<\/pre>\n<p>* Config Tomcat conf\/server.xml to use both keystore and truststore:<\/p>\n<pre lang=\"xml\">\r\n<Connector \r\n               protocol=\"org.apache.coyote.http11.Http11Protocol\"\r\n               port=\"8443\" maxHttpHeaderSize=\"8192\"\r\n               maxThreads=\"150\" minSpareThreads=\"25\" maxSpareThreads=\"75\"\r\n               enableLookups=\"false\" disableUploadTimeout=\"true\"\r\n               acceptCount=\"100\" scheme=\"https\" secure=\"true\"\r\n               clientAuth=\"true\" sslProtocol=\"TLS\" \r\n               truststoreFile=\"C:\/prog\/apache-tomcat-5.5.29\/conf\/\/tomcat.truststore\"\r\n               truststorePass=\"changeit\"\r\n               keystoreFile=\"C:\/prog\/apache-tomcat-5.5.29\/conf\/tomcat.keystore\"\r\n               keystorePass=\"changeit\" \/><\/pre>\n<p>* Restart Tomcat<br \/>\n* Test by pointing browser to <a href=\"https:\/\/localhost:8443\">https:\/\/localhost:8443<\/a><\/p>\n<span id=\"Errors\"><h2>Errors<\/h2><\/span>\n<span id=\"ssl_error_rx_record_too_long\"><h3>ssl_error_rx_record_too_long<\/h3><\/span>\n<p>* When pointing browser to https:\/\/localhost:8443, browser gives error message:<\/p>\n<pre lang=\"txt\">\r\nSSL received a record that exceeded the maximum permissible length.\r\n(Error code: ssl_error_rx_record_too_long)\r\n<\/pre>\n<p>* Possible cause:<br \/>\n&#8211; truststoreFile attribute is not setup correctly.<br \/>\n&#8211; truststoreFile value needs to be full path, partial path does not seem to work.<br \/>\n&#8211; in Windows environment, path needs to use unix style slashes, i.e. \/ NOT \\.<\/p>\n<span id=\"Reference\"><h2>Reference<\/h2><\/span>\n<p>* <a href=\"http:\/\/tomcat.apache.org\/tomcat-5.5-doc\/ssl-howto.html\">Apache Tomcat 5.5 SSL Configuration HOW-TO<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>* Create a self signed keystore named tomcat.keystore in the %CATALINA_HOME%\\conf directory. keytool.exe -genkey -alias tomcat -keyalg RSA -storepass changeit -keypass changeit -dname &#8220;cn=localhost&#8221; -keystore tomcat.keystore * Config Tomcat conf\/server.xml to use generated keystore: For two way SSL * Import &hellip; <a href=\"https:\/\/jianmingli.com\/wp\/?p=822\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[57],"tags":[],"class_list":["post-822","post","type-post","status-publish","format-standard","hentry","category-tomcat"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-dg","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=822"}],"version-history":[{"count":10,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/822\/revisions"}],"predecessor-version":[{"id":2304,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/822\/revisions\/2304"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=822"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}