Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

CSWS_JAVA & SSL

 
OwensJ
Advisor

CSWS_JAVA & SSL

So for my latest most of openvms noobie insanity, I am hitting a wall trying to get HTTPS/SSL to work with Apache Tomcat (Aka CSWS_JAVA). As a forward, I know how to do this on windows and linux and have done it several times before.

Generate a keystore using keytool, modify server.xml, ucomment the SSL connector, link the keystore to the connector.

I've been messing with this all morning here but for some reason OpemVMS's version of Tomcat is not playing nice with my attempts to get this to run. I was able to get a keystore created in the same folder as my server.xml file. I have referenced the keystore in both a full path keystoreFile="DISK$I64SYS:[APACHE.JAKARTA.TOMCAT.CONF]KEYSTORE.JKA]" and "KEYSTORE.JKA", I've tried it with and without SSLEnabled="true", I've tried it using port 8443 and 443. I'm using keyalias "tomcat". I have a custom key password and I have verified it works commandline using the keytool command, and yes, I am using keypass="password".

There are no log files whatsoever under the DISK$I64SYS:[APACHE.JAKARTA.TOMCAT.logs] folder, so I can't see what is failing, if anything. The standard port 80 connector is running just fine, and the port isnt blocked by a firewall because 443 comes through on normal CSWS just fine. (I have shut it down while testing 443 on tomcat)
2 REPLIES 2
OwensJ
Advisor

Re: CSWS_JAVA & SSL

So I solved my own problem. I re-ran the keytool command to create a keystore in APACHE$COMMON:[000000] with name .keystore and this time all I needed to do was uncomment the server.xml and add the keypass to be what I made it and it came right up. Must have either been a file permission issue or not locating that path correctly. I also found the logs in the APACHE$SPECIFIC:[000000] folder, which was not in the .logs folder I was looking in before, and they were showing me permission denied errors during startup previously.

OwensJ
Advisor

Re: CSWS_JAVA & SSL

I have a new issue with this particular thread. So I currently have CSWS and CSWS_JAVA installed. (Apache and Tomcat) Both work by themselves for their own functions

Apache on port 80 and 443 and Tomcat on 8080 and 8443.

However I only need to use Tomcat, and none of the functionality of plain CSWS (Apache). On a standard machine, Tomcat can be changed to use port 80/443 just by changing the ports. However, on a Unix/Linux machine, there are security issues using ports under 1024, which require root level permissions.

If I shutdown Apache, so it is not running and not using ports 80 and 443, and shut down Tomcat, and try to use ports 80 and 443, Tomcat does not come up. Simply changing the ports does not work. Both use the standard apache$www user as noted in the configuration guide.

I know that I can go through the mod_jk/2 route to push data through apache to get to tomcat, and thus achieve my goal, but I'm curious what I would need to do to get ports 80 and 443 to run on OpenVMS with just CSWS_JAVA (Tomcat) by itself (Without Apache)