Re: Embedded Tomcat & SSL
Hi Mark,
On a similar note, would you be able to point me on how to get CRL
validator invoked by tomcat 5.x for ssl/mutual.
thnks
On 6/8/05, Mark <[EMAIL PROTECTED]> wrote:
> I do not think that you need an SSL connector. I have an embedded
> tomcat working using mutual authenticated SSL and the connector is not
> SSL enabled.
>
> On 6/8/05, Diarmuid McDonald <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > Can anyone help me with regard to running Embedded Tomcat 5.5.9 with SSL. I
> > found a mail archive before that has the same problem, however there is no
> > resolution.
> >
> > http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg153661.html
> >
> > I have included my code and errors that I am receiving. Any help would be
> > greatly appreciated
> >
> > Here is the code I am Using
> >
> > import java.io.File;
> > ..
> > ..
> > import org.apache.tomcat.util.IntrospectionUtils;
> >
> > public class TestEmbededTomcat {
> >
> >
> > public static void main( String args[] )
> > {
> >
> > Embedded embedded = new Embedded();
> >
> > // set default logger and realm
> > org.apache.log4j.BasicConfigurator.configure();
> >
> > MemoryRealm memRealm = new MemoryRealm();
> > embedded.setRealm(memRealm);
> >
> > //Create an Engine
> > Engine baseEngine = embedded.createEngine();
> >
> > baseEngine.setName("TestEngine");
> > baseEngine.setDefaultHost("vsjHost");
> >
> > //Create Host
> > Host baseHost = embedded.createHost( "vsjHost",
> > "e:/ent/sip2.0/rte/jakarta-tomcat-5.5.9-embed/webapps" );
> >
> > baseEngine.addChild( baseHost );
> >
> > //Create default context
> > Context rootContext = embedded.createContext("","ROOT");
> >
> > baseHost.addChild( rootContext );
> >
> > // Create context for web app for axis
> > Context axisContext = embedded.createContext("/axis", "axis");
> > axisContext.setPrivileged( true );
> > baseHost.addChild( axisContext );
> >
> > embedded.addEngine( baseEngine );
> >
> > //Create a ssh Connector
> > Connector sshConnector = embedded.createConnector(
> > (java.net.InetAddress) null,
> >9012,
> >true);
> >
> > IntrospectionUtils.setProperty(sshConnector, "sslProtocol", "TLS");
> > IntrospectionUtils.setProperty(sshConnector, "keypass", "changeit");
> > IntrospectionUtils.setProperty(sshConnector, "keystore",
> > "C:/Documents and Settings/mcdonald/.keystore");
> > IntrospectionUtils.setProperty(sshConnector, "clientAuth", "false");
> >
> > embedded.addConnector( sshConnector );
> > sshConnector.setProtocol( "TLS" );
> >
> > //start operation
> > embedded.start();
> > }
> > }
> >
> >
> > Here is the error message I get :-
> >
> > 12:16:41:375:
> > [org.apache.tomcat.util.net.PoolTcpEndpoint][http-9012-Processor3] DEBUG -
> > Handshake
> > ailed
> > javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
> > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
> > at
> > org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119)
> > at
> > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520)
> > at
> > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.j
> > va:80)
> > at
> > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> > at java.lang.Thread.run(Thread.java:536)
> > 287423 [http-9012-Processor3] DEBUG
> > org.apache.tomcat.util.net.PoolTcpEndpoint - Handshake failed
> > javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
> > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
> > at
> > org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119)
> > at
> > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520)
> > at
Tomcat 5.x client SSL and CRL
Hi, I was trying to get tomcat 5.x (standalone) setup for mutual ssl for (only some service URLs) with CRL/OCSP validations. If I write my own CRL validator, how can I tell tomcat to invoke it for such requests? I tried various docs, lists but couldn'tfind any pointers. Any pointers are appeciated. thx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to allow only https access to certain directories
Hi how do I force to use only https access only for certain directories. Thanks, -Atul. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
RE: Tomcat 4.0.3 + Apache 2.0.32
Hi, The problem is solved. I compiled the latest version 4.0.4.b1 version of the tomcat-connectors and it works now. Chad, Thanks for your suggestion but I do not want to use mod_webapp as I want to use SSL with Apache and mod_jk is more efficient in doing this. With mod_webapp it is all or nothing which I personally do not like. Regards, Atul -Original Message- From: chad kellerman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 06, 2002 4:52 AM To: Tomcat Users List Subject: Re: Tomcat 4.0.3 + Apache 2.0.32 I am not sure about mod jk, but in order to get webapp module to load and answer pases tomcat needs to be started first before apache. If that does not work send in a copy of the tomcat/logs/ files. I am pretty sure mad_jk write to catalina.out. tomcat/bin/startup.sh starts up tomcat -chad On Tue, 5 Mar 2002 17:49:40 -0800 "Bhide, Atul" <[EMAIL PROTECTED]> wrote: > I am trying to integrate tomcat 4.0.3 & apache 2.0.32 using mod_jk 1.2. I > downloaded "jakarta-tomcat-connectors-4.0.2-01-src" and compiled the source > for mod_jk. I used the following commands > > ant > ant native > ant install > > It produced 2 mod_jk.so file in the following directories > > /home/src/jakarta-tomcat-connectors-4.0.2-01-src/jk/build/WEB-INF/jk/apache2 > /mod_jk.so & > /home/src/jakarta-tomcat-connectors-4.0.2-01-src/jk/build/WEB-INF/jk2/apache > 2/mod_jk.so > > I initially copied the "jk/apache2/mod_jk.so" file to > /usr/local/apache/modules directory and started tomcat. Then I started > apache2. Apache loaded the mod_jk.so file. but it simply failed to work and > the URL "http://localhost/examples came up with an error "jakarta-servlet" > not found. > > I then shut down both the servers and copied the "jk2/apache2/mod_jk.so" > file to /usr/local/apache/modules directory and started tomcat. Then I > started apache2. the URL "http://localhost/examples came up with an proper > page that of directory listing. But when I clicked on the "jsp" link on the > directory listing the browser went into a infinite wait. When I looked at > the error_log, it was quickly getting filled with the following messages: > > [Tue Mar 05 17:32:23 2002] [notice] child pid 17247 exit signal Segmentation > fault (11) > > repeated at least 5 time a second till I clicked the Stop button on my > browser. > > Any idea why the mod_jk is not working. The documentation does talk about > the module being compatible with Apache 2.0. > > I have RedHat 7.2 as my OS with Tomcat 4.0.3 & Apache 2.0.32. > > Am I using wrong FILES/TECHNIQUES/SETUP/PROCESS? I would appreciate and > ideas as to what is going on in there whit mod_jk. > > Thanks in advance! > > Cheers, Atul :) > > > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
Tomcat 4.0.3 + Apache 2.0.32
I am trying to integrate tomcat 4.0.3 & apache 2.0.32 using mod_jk 1.2. I downloaded "jakarta-tomcat-connectors-4.0.2-01-src" and compiled the source for mod_jk. I used the following commands ant ant native ant install It produced 2 mod_jk.so file in the following directories /home/src/jakarta-tomcat-connectors-4.0.2-01-src/jk/build/WEB-INF/jk/apache2 /mod_jk.so & /home/src/jakarta-tomcat-connectors-4.0.2-01-src/jk/build/WEB-INF/jk2/apache 2/mod_jk.so I initially copied the "jk/apache2/mod_jk.so" file to /usr/local/apache/modules directory and started tomcat. Then I started apache2. Apache loaded the mod_jk.so file. but it simply failed to work and the URL "http://localhost/examples came up with an error "jakarta-servlet" not found. I then shut down both the servers and copied the "jk2/apache2/mod_jk.so" file to /usr/local/apache/modules directory and started tomcat. Then I started apache2. the URL "http://localhost/examples came up with an proper page that of directory listing. But when I clicked on the "jsp" link on the directory listing the browser went into a infinite wait. When I looked at the error_log, it was quickly getting filled with the following messages: [Tue Mar 05 17:32:23 2002] [notice] child pid 17247 exit signal Segmentation fault (11) repeated at least 5 time a second till I clicked the Stop button on my browser. Any idea why the mod_jk is not working. The documentation does talk about the module being compatible with Apache 2.0. I have RedHat 7.2 as my OS with Tomcat 4.0.3 & Apache 2.0.32. Am I using wrong FILES/TECHNIQUES/SETUP/PROCESS? I would appreciate and ideas as to what is going on in there whit mod_jk. Thanks in advance! Cheers, Atul :) -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
