it is neccessary to install both server tomcat5 and apache2 for running JSP with SSL

[nomi]

hi
i m new in OpenSource i have two questions

1. Can any one tell me if i m running my JSP page using Tomcat5 as web server and want to configure SSL on Tomcat5 is that necessary to install Apache2.

2. i properly generate keystore

keytool -genkey -alias tomcat -keyalg RSA \
-keystore <your_keystore_filename>

then generate CSR

keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \
-keystore <your_keystore_filename>

ok the detail i enter while generate CSR is

YourName : localhost

rest of the option of generating CSR i m not mention here and send to certificate authority. Certificate authority send me 5 files
which i properly install by using following command

keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore mykeystore.key
keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore mykeystore.key
keytool -import -trustcacerts -alias ComodoUTNServerCA -file ComodoUTNServerCA.crt -keystore mykeystore
keytool -import -trustcacerts -alias EssentialSSLCA -file EssentialSSLCA.crt -keystore mykeystore
keytool -import -trustcacerts -alias tomcat -file localhost.crt -keystore mykeystore

if there is any mistake in above please correct me. Then amendments in my server.xml which reside tomcat55/bin/conf/


<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS" keystorefile-"$JAVA_HOME/bin/mykeystore.key" keypass="123456"/>
-->

after that i restart my tomcat and try to access https://locahost:8443/ i got following error

Unable to connect

Firefox can't establish a connection to the server at localhost:8443.

* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web

Appreciation in advance

[raghaven.kumar]

Hi,

see in /etc/services file if the port is being used by any service.

If not, i think you should add the port in that file.

Also, checking if firewall is blocking your port will be advisable.

[nomi]

when i check my services file i got following stuff
# 834-846 Unassigned

wat can i do for this

[raghaven.kumar]

https://locahost:8443/

what of 8443?

[nomi]

well ..its SSL port .. i mean SSL runs on this port

[nomi]

oh sorry i checked wrong line number following are code for SSL

# 8418-8442 Unassigned
pcsync-https 8443/tcp # PCsync HTTPS
pcsync-https 8443/udp # PCsync HTTPS
pcsync-http 8444/tcp # PCsync HTTP
pcsync-http 8444/udp # PCsync HTTP

[nomi]

buddy if u have msn and don't have n e problem please give it to me

[raghaven.kumar]

check it its in listen state

Code:

netstat -tulpn | grep 8443

you can also do a portscan for firewall check.
which is normally in menu
System->Administration->Network Tools
Select Portscan tab and enter localhost

If your port doesnt showup then you need to deal with firewall.

ps: im in office dude and no msn

[nomi]

only following port are open after running netstat -tulpn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3163/portmap
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3191/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3304/master
tcp 0 0 127.0.0.1:8005 :::* LISTEN 10970/java
tcp 0 0 :::8080 :::* LISTEN 10970/java
tcp 0 0 :::22 :::* LISTEN 3397/sshd
tcp 0 0 ::1:631 :::* LISTEN 3191/cupsd
tcp 0 0 ::1:25 :::* LISTEN 3304/master
udp 0 0 0.0.0.0:32768 0.0.0.0:* 3106/avahi-daemon:
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3106/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 3163/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3191/cupsd

[raghaven.kumar]

check firewall