Thursday, January 11, 2007

The business doesn't go away ...

Holy crap, things are just getting more and more busy here at work, but I just had to take a break to blog this so I don't forget about it in the future. I've been trying to install SSL for Tomcat 5.5 on a Windows 2000 Server setup, and I've been having so luck getting it to work. I've followed the instructions to a T, and yet still nothing would work. I googled for hours on end trying to find out what was going on, but for no luck. This was yesterday. Being as obsessive as I am about software, I couldn't just let it drop when I left, and I kept thinking things over. I thought it might be an issue with the name of the keystore in Windows (.keystore), but that wasn't it. Then I found a very interesting forum post:

> From: Jim Reynolds [mailto:jim.jreynold@(protected)]
> Subject: SSL Setup From Site
>
> 4) restarted tomcat, but I do not get ssl?

If you used the .exe download for Tomcat, you may have APR installed.
Its SSL configuration is rather different than that for Tomcat's pure
Java connector. The doc for APR is here:
http://tomcat.apache.org/tomcat-5 (See http://cat-5.ora-code.com).5-doc/apr.html

Alternatively, disable APR by deleting or renaming bin\tcnative-1 (See http://ive-1.ora-code.com).dll,
and then the standard SSL handling (which appears to be what you
configured) will be in effect.

- Chuck

As it turned out, I did use the installer to do the install on the Win2k Server setup, whereas I didn't before. So I went and found $CATALINA_HOME/bin/tcnative-1.dll was indeed there, moved it out to another folder (since you should never delete thing like that in case they're not the problem), restarted Tomcat, and lo and behold, it worked. The amount of relief that got off my chest was huge. The config file I used for the install used this SSL connector in the $CATALINA_HOME/conf/server.xml file :

port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\path\to\my\.keystore"
keystorePass="mychangedpass"
keystoreType="JKS"
debug="9"
/>


So if you're having these problems in a Windows install of Tomcat and you're reading this, I hope this helps.