on 09-05-2008 7:09 PM
We are setting up SSL on BOE XI 3.0 with Tomcat web application server on AIX 5.3. We followed the instruction given in the BOE Administrator's Guide "Configuring servers for SSL" from page 261-266. After creating the certificates and keys, we restarted the Server Intelligent Agent and trying to start tomcat in https mode. The documentation for J2EE Web Application is not much detail and just instructs to add following options in the JAVA_OTS,
-Dbusinessobjects.orb.oci.protocol=ssl -DcertDir=d:\ssl
-DtrustedCert=cacert.der -DsslCert=clientcert.der -DsslKey=client.key
-Dpassphrase=passphrase.txt
Problem 1
clientcert.der and client.key files are not mentioned anywhere in the admin guide till this command. We are guessing these are the servercert.der and server.key created in the earlier steps. Does anyone know if we have any other documentation that gives more clarification on tomcat SSL setup for BOE XI 3.0?
and client.key files are not mentioned anywhere in the admin guide till this command. We are guessing these are the servercert.der and server.key created in the earlier steps. Does anyone know if we have any other documentation that gives more clarification on tomcat SSL setup for BOE XI 3.0?
Problem 2
After restarting the Tomcat the https is not working and we are getting the following error message on catalina.out file. The KeyManagerFactory is in the jsse.jar file which is present in Windows installations under <installdir>/bobje/jdk/jre/lib. But on AIX installation none of the JSSE jar files (jsse.jar, jcert.jar, jnet.jar) required for Tomcat are present. Are these files necessary? Is there any other location where we can grab these files from? Does anyone know where to download these jar files for AIX?
SEVERE: Error starting endpoint
java.io.IOException: SunX509 KeyManagerFactory not available
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)
at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75)
at org.apache.catalina.connector.Connector.start(Connector.java:1089)
at org.apache.catalina.core.StandardService.start(StandardService.java:459)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:615)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Sep 5, 2008 12:46:28 PM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: SunX509 KeyManagerFac
tory not available
at org.apache.catalina.connector.Connector.start(Connector.java:1096)
at org.apache.catalina.core.StandardService.start(StandardService.java:459)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:615)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Sep 5, 2008 12:46:28 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 46678 ms
To be able to use SSL on AIX, you need to add the SSL factory class to the tomcat server configuration
<Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0"
scheme="https" secure="true" clientAuth="false"
sslProtocol="SSL" keystorePass="xxxxxt" keystoreFile="/yyyyyy/xxx.cert">
<Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"
clientAuth="false" protocol="SSL" algorithm="IbmX509" />
</Connector >
Regards,
Patrick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Patrick Melli.
I have the same problem but in Windows.
I follow all the steps of the manual and when i try https://localhost:8443
It give me one error.
i think that its a server.xml configuration problem but i can find the solution.
thanks!!!
User | Count |
---|---|
81 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.