[Yanel-dev] SSL
Michael Wechner
michael.wechner at wyona.com
Tue Dec 21 09:53:30 CET 2010
On 12/21/10 7:17 AM, Balz Schreier wrote:
> ... sorry , I missed something: the parameter belongs to the =
> <Connector> tag:
>
> e.g.
> <Connector
> port=3D"8443" maxThreads=3D"200"
> scheme=3D"https" secure=3D"true" *SSLEnabled=3D"true"*
> keystoreFile=3D"yanel.keystore" keystorePass=3D"***"
> clientAuth=3D"false" sslProtocol=3D"TLS"/>
thanks very much. I have created a patch
svn diff src/build/connector.xsl
Index: src/build/connector.xsl
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- src/build/connector.xsl (revision 55038)
+++ src/build/connector.xsl (working copy)
@@ -35,6 +35,7 @@
<xsl:attribute name=3D"scheme">https</xsl:attribute>
<xsl:attribute name=3D"sslProtocol">TLS</xsl:attribute>
<xsl:attribute name=3D"clientAuth">false</xsl:attribute>
+ <xsl:attribute name=3D"SSLEnabled">true</xsl:attribute> <!-- INFO: =
Tomcat 6 needs this attribute: =
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html -->
<!-- UTF-8 Support -->
<!--
but haven't tested it yet. Will do this later.
Thanks
MIchael
>
>
> On Tue, Dec 21, 2010 at 7:16 AM, Balz Schreier =
> <balz.schreier at gmail.com <mailto:balz.schreier at gmail.com>> wrote:
>
> Hi Michael,
>
> I can confirm that not much did actually change but one single
> parameter was missing which seems to have broken the whole thing.
>
> So the only parameter that must be added to the Tomcat5
> configuration in order to run on Tomcat 6 is the following:
>
> SSLEnabled=3D"true"
>
> Thanks for helping out!
> Cheers
> Balz
>
> On Mon, Dec 20, 2010 at 11:54 PM, Michael Wechner
> <michael.wechner at wyona.com <mailto:michael.wechner at wyona.com>> wrote:
>
> Hi Balz
>
> As discussed offline you seem to use Tomcat 6, whereas Yanel's
> build process is building
> the SSL configuration for Tomcat 5 and it seems like Tomcat 6
> needs a different kind
> of configuration. Would be a nice contribution though ;-)
>
> Cheers
>
> Michael
>
>
> On 12/20/10 4:12 PM, Balz Schreier wrote:
>> Hi Michael,
>>
>> I did this on my local machine and it works fine.
>> But now I have to apply it to my distribution binaries.
>>
>> The above is step 1 (which still does not work).
>> Step 2 is then to make the keystore ready with real trusted
>> certificates from e.g. Verisign.
>>
>> So any further help for Step 1 would be great.
>>
>> Question:
>> 1) the web.xml entry with the SSL port: this is for Yanel
>> only, right? I guess for some logic that redirects to the
>> https in certain cases, correct?
>>
>> 2) Do you know of any other configuration items for SSL other
>> than <Connector> entry in server.xml, the keystore file itself ?
>>
>> Cheers
>> Balz
>>
>> On Mon, Dec 20, 2010 at 4:01 PM, Michael Wechner
>> <michael.wechner at wyona.com
>> <mailto:michael.wechner at wyona.com>> wrote:
>>
>> Hi Balz
>>
>>
>> On 12/20/10 3:14 PM, Balz Schreier wrote:
>>
>> Hi,
>>
>> I am setting up SSL for my realm.
>>
>> Questions:
>> 1) Is there a full <Connector> or server.xml example
>> from a productive environment that works?
>>
>> 2) I see that Yanel's tomcat is using the native APR
>> libraries (at least they are referenced by <Listener>
>> tag at the beginning of server.xml
>>
>>
>> Have you tried running
>>
>> ./configure.sh
>> ./build.sh
>>
>> ? The script configure.sh will help you to setup
>> Tomcat/Yanel with SSL.
>>
>> (whereas you should do a ./build.sh clean-all first)
>>
>> HTH
>>
>> Michael
>>
>>
>> Thanks
>> Cheers
>> Balz
>>
>>
>> -- =
>> Yanel-development mailing list
>> Yanel-development at wyona.com
>> <mailto:Yanel-development at wyona.com>
>> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-develo=
pment
>>
>>
>
>
> -- =
>
> Yanel-development mailing list Yanel-development at wyona.com
> <mailto:Yanel-development at wyona.com>
> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wyona.org/pipermail/yanel-development/attachments/2010122=
1/d634fac1/attachment-0001.htm
More information about the Yanel-development
mailing list