Announcement Announcement Module
Collapse
No announcement yet.
Problems configuring SSL on tcServer using APR Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problems configuring SSL on tcServer using APR

    Hi,

    Our existing client communicates to our server using 2 way SSL, both configured with JKS keystores and truststores, and this communication works fine.

    Presently, we are switching from our WebSphere application server to tcServer. As a result, I am trying to get SSL configured on tcServer using the OpenSSL/Apache Portable Runtime method.

    I have followed the instructions in the 6.0 documentation and have specified the necessary Listener and Connector.

    However, after I invoke my client I get the following error message:
    An IO error occurred while communicating with the server. com.ibm.jsse2.util.h: No trusted certificate found

    This does not occur for my WebSphere server, when invoked using the same client certificates, so is definitely a server-side problem.

    I then attempted to set the truststore using the environment variables in wrapper.conf, as follows:

    Code:
    -Djavax.net.ssl.trustStorePassword=passwordhere
    -Djavax.net.ssl.trustStoreType=JKS
    -Djavax.net.ssl.trustStore=truststore.jks
    However, I still got the same trust store error. The following is my server.xml configuration as well:

    Code:
    <?xml version='1.0' encoding='utf-8'?>
    <Server port="${shutdown.port}" shutdown="SHUTDOWN">
    
      <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
      <Listener className="org.apache.catalina.core.JasperListener" />
      <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
      <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
    
      <Listener className="com.springsource.tcserver.serviceability.rmi.JmxSocketListener"
                port="${jmx.port}"
                bind="127.0.0.1" 
                useSSL="false" 
                passwordFile="${catalina.base}/conf/jmxremote.password"
                accessFile="${catalina.base}/conf/jmxremote.access" 
                authenticate="true"/>
    
      <Listener className="com.springsource.tcserver.serviceability.deploy.TcContainerDeployer" />
      
      
      <GlobalNamingResources>
        <Resource name="UserDatabase" auth="Container"
                  type="org.apache.catalina.UserDatabase"
                  description="User database that can be updated and saved"
                  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
                  pathname="conf/tomcat-users.xml" />
      </GlobalNamingResources>
    
      <Service name="Catalina">
      
        <Executor name="tomcatThreadPool" namePrefix="tomcat-http--" maxThreads="300" minSpareThreads="50"/>
    
        <Connector
               executor="tomcatThreadPool"
               port="8443"
               protocol="org.apache.coyote.http11.Http11AprProtocol"
               connectionTimeout="20000"
               redirectPort="8443"
               acceptCount="100"
               maxKeepAliveRequests="15"
               SSLCertificateFile="name.crt" 
               SSLCertificateKeyFile="name.key"
    		   SSLCACertificateFile="name.cer"
               SSLEnabled="true"
               scheme="https"
               secure="true"/>
    	
    	<Engine name="Catalina" defaultHost="localhost">
    
          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                 resourceName="UserDatabase"/>
    
          <Host name="localhost"  appBase="webapps"
                unpackWARs="true" autoDeploy="true" deployOnStartup="true" deployXML="true" 
                xmlValidation="false" xmlNamespaceAware="false">
    			
    			
          </Host>
        </Engine>
      </Service>
    </Server>
    Has anyone any ideas where I am going wrong here?

    Thanks

  • #2
    Are you just trying to get https to work on your web server? You said you were switching from websphere to tcserver but your error message is from an IBM class. Can you straighten me out a little bit since I can better understand your question? We are also in the middle of dropping websphere and implementing tcserver. We have configured it for ssl and everything seems to be working.

    Comment

    Working...
    X