3 Replies Latest reply on Nov 13, 2003 5:06 PM by Jon Barnett

    Tomcat SSL/TLS problem

    Chris Sheets Newbie

      I am using JBoss3.2.2/Tomcat and am attempting to configure SSL for Tomcat. I have modified the jboss-service.xml file to look like:
      <!-- A HTTP/1.1 Connector on port 8080

      -->
      <!-- A AJP 1.3 Connector on port 8009 -->


      <!-- SSL/TLS Connector configuration using the SSL domain keystore -->




      On server startup I am getting the follwoing error:
      2003-11-12 15:07:05,775 DEBUG [org.apache.tomcat.util.net.SSLImplementation] Error loading SSL Implementation org.apache.tomcat.util.net.puretls.PureTLSImplementation
      java.lang.ClassNotFoundException: No ClassLoaders found for: org.apache.tomcat.util.net.puretls.PureTLSImplementation

      When I look in tomcat-utils.jar where these PureTLS classes are usually found in a standalone Tomcat distribution they are indeed not there.

      In addition, when I access the https URL it seems to function but exceptions are getting logged in the log file. These errors are as follows:

      2003-11-12 15:15:30,681 DEBUG [org.apache.tomcat.util.net.jsse.JSSE14Support] Error getting client certs
      javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
      at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(DashoA6275)
      at org.apache.tomcat.util.net.jsse.JSSE14Support.getX509Certificates(JSSE14Support.java:151)
      at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:161)


      So my question is: what do I need to do in order to get a valid SSL configuration?

      I have read the 3.2.x documentation but there is no mention of any other configuration other than modifying the config file.

        • 1. Re: Tomcat SSL/TLS problem
          Jon Barnett Master

          Not having the TLS module may be breaking the SSL validation chain, causing the errors. Have you tried copying in the tomcat-util.jar from the standalone Tomcat distribution and seeing if that solves your TLS problem?

          • 2. Re: Tomcat SSL/TLS problem
            Chris Sheets Newbie

            I did not try replacing the entire tomcat-util.jar since it looked like there were some other changes make to classes in the jar for the JBoss distribution. I did however, extract just the TLS classes and deploy them which definately got me further but then there were some other TLS implementation classes that could not be found.

            • 3. Re: Tomcat SSL/TLS problem
              Jon Barnett Master

              You'll probably need to drop in the Tomcat JARs from the standalone distribution. I would only replace the ones already existing in the JBoss SAR and omit the Tomcat bootstrap libraries. AFAIK, there are no actual changes to Tomcat for the JBoss build. However, you should keep a back-up of the original Tomcat SAR if anything goes wrong.