Tomcat 3.3 RPM info the RPM will be named tomcat3 to allow coexistence with tomcat 4.x RPM These are the release notes for the tomcat RPM builds. o Tomcat 3.3 NOW REQUIRE others RPM packages to be installed : - servletapi3, xerces-j You should have these RPM installed BEFORE tomcat3 to have tomcat3 install process make the correct symlinks o Tomcat 3.3 has been compiled with JSSE support but these jars are not provided due to crypto regulation If you have JSSE jars on your system, jcert.jar, jsse.jar, jnet.jar, just define JSSE_HOME in /etc/tomcat4/conf/tomcat4.conf those JAR files will be added to thei system class path. o Alternativaly Tomcat 3.3 has been also compiled with PureTLS support so you could use it instead to have a 100% OSS SSL solution. Tomcat will detect JSSE and PureTLS are available choose the one available, or PureTLS if both are available. You should install puretls, cryptix32 and cryptix-asn RPM on your system and link their jars to /var/tomcat3/lib/container ie: ln -s /usr/share/java/puretls.jar /var/tomcat3/lib/container ln -s /usr/share/java/cryptix-3.2.0.jar /var/tomcat3/lib/container ln -s /usr/share/java/cryptix-asn1.jar /var/tomcat3/lib/container RPM will detect these jar and will install them automatically for you at install time. With PureTLS you should have a PEM encoded file, which will contains CERTIFICATE and KEY : Here is an example of a PEM encoded file from Apache HTTPD server. For more information on how to generate PEM file go to http://www.openssl.org or http://www.modssl.org. Documentation is also available in tomcat : https://localhost:8080/doc/tomcat-ssl-howto.html -----BEGIN CERTIFICATE----- MIIEDDCCA3WgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBuzELMAkGA1UEBhMCLS0x EjAQBgNVBAgTCVNvbWVTdGF0ZTERMA8GA1UEBxMIU29tZUNpdHkxGTAXBgNVBAoT EFNvbWVPcmdhbml6YXRpb24xHzAdBgNVBAsTFlNvbWVPcmdhbml6YXRpb25hbFVu aXQxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjEpMCcGCSqGSIb3DQEJ ARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcNMDExMTEyMDgwMDM4WhcN MDIxMTEyMDgwMDM4WjCBuzELMAkGA1UEBhMCLS0xEjAQBgNVBAgTCVNvbWVTdGF0 ZTERMA8GA1UEBxMIU29tZUNpdHkxGTAXBgNVBAoTEFNvbWVPcmdhbml6YXRpb24x HzAdBgNVBAsTFlNvbWVPcmdhbml6YXRpb25hbFVuaXQxHjAcBgNVBAMTFWxvY2Fs aG9zdC5sb2NhbGRvbWFpbjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3Qu bG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHDA8F4P5IF hpMrGon9XGqn6MLOeIlOZyNlSqkF043a/1QnmB3FAEJniG3V4RfWxD3b4fbrjOLa Ls88tZyIve1kUufqvvQ6xss/pAK8a3GIOoegcmSGenTEEGf4G/wti3bZUaJI3UWm HK+eCajZPYkZ4kizo+qc+Bb/Dij1vUVXAgMBAAGjggEcMIIBGDAdBgNVHQ4EFgQU V1sqsMx/BahBsrLmuBiQf+Kf0UEwgegGA1UdIwSB4DCB3YAUV1sqsMx/BahBsrLm uBiQf+Kf0UGhgcGkgb4wgbsxCzAJBgNVBAYTAi0tMRIwEAYDVQQIEwlTb21lU3Rh dGUxETAPBgNVBAcTCFNvbWVDaXR5MRkwFwYDVQQKExBTb21lT3JnYW5pemF0aW9u MR8wHQYDVQQLExZTb21lT3JnYW5pemF0aW9uYWxVbml0MR4wHAYDVQQDExVsb2Nh bGhvc3QubG9jYWxkb21haW4xKTAnBgkqhkiG9w0BCQEWGnJvb3RAbG9jYWxob3N0 LmxvY2FsZG9tYWluggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA uVkyDAtjdpzV03TqBCFHCWWydeP+SqL56W7wtVaqAk0UilvQgZs23Z3TmbbCMKB+ LRCSbr83dRaM7wgxlSCxz/XhSS+QR/J635SFE2Vbvr1xm4wmcX95RuZCeXKFYNgZ NcaPeykpnW/Ba+I4inVBBClAZlrrCshAvWFzrU9nEbc= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDBwwPBeD+SBYaTKxqJ/Vxqp+jCzniJTmcjZUqpBdON2v9UJ5gd xQBCZ4ht1eEX1sQ92+H264zi2i7PPLWciL3tZFLn6r70OsbLP6QCvGtxiDqHoHJk hnp0xBBn+Bv8LYt22VGiSN1Fphyvngmo2T2JGeJIs6PqnPgW/w4o9b1FVwIDAQAB AoGAFd9TvzU5x9wD0v0co9ML6aZGqibwiF9nWSGICgh0VyEPjYpiq4mfe9+AERYB sNU3ldwKZ/szDjCe9BngTmlJNx6/exnbd9EMAk04VFXDVvegLYXImNtpwW7n+Zpc aNgShka6Sz0nUklyMDZh0Gz7OuAnmY2ti3GghN4QIQO9paECQQDi6BmdO5mPrc+8 sdW7IAYWm/fk9n0pzzVh8s8TwNRIeoXtun9DN/OhcifaUoivSkkDXwYJTDxv3nb8 zY8jK1LfAkEA2pr604yR8phqr6Ho+HJ/NDE+EYFZWNdfeQs9UX8aLMmTYIgwZfa6 bSdS8Gw2+ZX2io7UBueYDu0+49XqCfuUiQJBAKyOU4RWIca5KITYPLCsftTM0a0m ojKcaH1PeJkOCKIBwz3xmPxWXYmGVbZbE6Uyeen9ZorFliSA6r3/2P2m4cMCQDUA sqQsRw686dEfvq7OhA0Ri20PIayqu5lLolhqKtyFG1iibKmsQtNIX5GvizzEoXxC 2SG7cWDdIQx4x0AYYZECQQDhhdRYi0gJdJEAMmdDkt/1qZhd1+4LzJV5ph4IxHCF 4+3QaHpsxaaN3YYzNP/4yg7aI5zRvoSGJKiK5BsSf+D9 -----END RSA PRIVATE KEY----- here is an example of entry in server.xml, notice that you should also define randomfile which should point to a writeable file. <Http10Connector port="8443" secure="true" keystore="/etc/tomcat3/conf/server.crt" keypass="tomcat" randomfile="/var/spool/tomcat3/random.id" /> o Tomcat 3.3 is installed under /var/tomcat3 o A configuration file /etc/tomcat3/conf/tomcat3.conf is loaded before Tomcat or Jasper start and could be used to tuned JVM params o Tomcat 3.3 invoker script is tomcat3, so the startup.sh and stop.sh are not present in the package. Take a look at /etc/tomcat4/conf/tomcat4.conf for tuning o For security purposes tomcat3 will run as user tomcat3, which user is created by rpm at install time. Warning this user should have a login shell to be able to use the su exec command o Tomcat 3.3 will listen on port 8080 (HTTP 1.0), 8443 (HTTP SSL) 8007 (AJP12), 8009 (AJP13) to avoid collision with running TC 4.x ------------------------------------------------------------------ 697ECEDD 2000/04/06 Henri Gomez <hgomez@slib.fr> Key fingerprint = 9D F8 1E A8 ED 53 2F 39 DC 9B 90 4A 36 4F 80 E6 ------------------------------------------------------------------