[Yanel-dev] SSL

Michael Wechner michael.wechner at wyona.com
Tue Dec 21 09:53:30 CET 2010 

On 12/21/10 7:17 AM, Balz Schreier wrote:
> ... sorry , I missed something: the parameter belongs to the =

> <Connector> tag:
>
> e.g.
> <Connector
>            port=3D"8443" maxThreads=3D"200"
>            scheme=3D"https" secure=3D"true" *SSLEnabled=3D"true"*
>            keystoreFile=3D"yanel.keystore" keystorePass=3D"***"
>            clientAuth=3D"false" sslProtocol=3D"TLS"/>

thanks very much. I have created a patch

svn diff src/build/connector.xsl
Index: src/build/connector.xsl
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- src/build/connector.xsl    (revision 55038)
+++ src/build/connector.xsl    (working copy)
@@ -35,6 +35,7 @@
<xsl:attribute name=3D"scheme">https</xsl:attribute>
<xsl:attribute name=3D"sslProtocol">TLS</xsl:attribute>
<xsl:attribute name=3D"clientAuth">false</xsl:attribute>
+ <xsl:attribute name=3D"SSLEnabled">true</xsl:attribute> <!-- INFO: =

Tomcat 6 needs this attribute: =

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html -->

<!-- UTF-8 Support -->
<!--

but haven't tested it yet. Will do this later.

Thanks

MIchael
>
>
> On Tue, Dec 21, 2010 at 7:16 AM, Balz Schreier =

> <balz.schreier at gmail.com <mailto:balz.schreier at gmail.com>> wrote:
>
>     Hi Michael,
>
>     I can confirm that not much did actually change but one single
>     parameter was missing which seems to have broken the whole thing.
>
>     So the only parameter that must be added to the Tomcat5
>     configuration in order to run on Tomcat 6 is the following:
>
>     SSLEnabled=3D"true"
>
>     Thanks for helping out!
>     Cheers
>     Balz
>
>     On Mon, Dec 20, 2010 at 11:54 PM, Michael Wechner
>     <michael.wechner at wyona.com <mailto:michael.wechner at wyona.com>> wrote:
>
>         Hi Balz
>
>         As discussed offline you seem to use Tomcat 6, whereas Yanel's
>         build process is building
>         the SSL configuration for Tomcat 5 and it seems like Tomcat 6
>         needs a different kind
>         of configuration. Would be a nice contribution though ;-)
>
>         Cheers
>
>         Michael
>
>
>         On 12/20/10 4:12 PM, Balz Schreier wrote:
>>         Hi Michael,
>>
>>         I did this on my local machine and it works fine.
>>         But now I have to apply it to my distribution binaries.
>>
>>         The above is step 1 (which still does not work).
>>         Step 2 is then to make the keystore ready with real trusted
>>         certificates from e.g. Verisign.
>>
>>         So any further help for Step 1 would be great.
>>
>>         Question:
>>         1) the web.xml entry with the SSL port: this is for Yanel
>>         only, right? I guess for some logic that redirects to the
>>         https in certain cases, correct?
>>
>>         2) Do you know of any other configuration items for SSL other
>>         than <Connector> entry in server.xml, the keystore file itself ?
>>
>>         Cheers
>>         Balz
>>
>>         On Mon, Dec 20, 2010 at 4:01 PM, Michael Wechner
>>         <michael.wechner at wyona.com
>>         <mailto:michael.wechner at wyona.com>> wrote:
>>
>>             Hi Balz
>>
>>
>>             On 12/20/10 3:14 PM, Balz Schreier wrote:
>>
>>                 Hi,
>>
>>                 I am setting up SSL for my realm.
>>
>>                 Questions:
>>                 1) Is there a full <Connector> or server.xml example
>>                 from a productive environment that works?
>>
>>                 2) I see that Yanel's tomcat is using the native APR
>>                 libraries (at least they are referenced by <Listener>
>>                 tag at the beginning of server.xml
>>
>>
>>             Have you tried running
>>
>>             ./configure.sh
>>             ./build.sh
>>
>>             ? The script configure.sh will help you to setup
>>             Tomcat/Yanel with SSL.
>>
>>             (whereas you should do a ./build.sh clean-all first)
>>
>>             HTH
>>
>>             Michael
>>
>>
>>                 Thanks
>>                 Cheers
>>                 Balz
>>
>>
>>             -- =

>>             Yanel-development mailing list
>>             Yanel-development at wyona.com
>>             <mailto:Yanel-development at wyona.com>
>>             http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-develo=
pment
>>
>>
>
>
>         -- =

>
>         Yanel-development mailing list Yanel-development at wyona.com
>         <mailto:Yanel-development at wyona.com>
>         http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wyona.org/pipermail/yanel-development/attachments/2010122=
1/d634fac1/attachment-0001.htm

More information about the Yanel-development mailing list