Question about getting client certificate in servlet
I am using Tomcat 4.1.18 in SSL mode under Win2K. And my Web server requires client
authentication.
As we know, if we visit a web server which requires client authentication, say,
https://www.myweb.com , the browser brings up a dialog box which presents a list of
valid certificates for you to choose from.
Then we select one of them and hit ok, and the certificate is sent to the web server.
But no servlet is invoked by this action, so how can the web server get the client
certificate information?
Suppose I want to intercept the client certificates in a servlet called
CertInterceptor which contains the following code:
[CODE]
X509Certificate[] certs = (X509Certificate[])
httpRequest.getAttribute(javax.servlet.request.X509Certificate);
if (certs == null) {
//Processed a request that did not contain a client certificate.
}
//Attempt to extract principal name from Subject:
String clientDN = certs[0].getSubjectDN().getName();
...
[/CODE]
Usually, we invoke this servlet by way of a submit button *on the web page*. But in
this case, we want to invoke it by hitting an OK button in a dialog box that IE
brings up.
Is this possible? And if this is not the right way to intercept the client
certificates submitted that way, how do we catch the client certificates?
Click here to get a better view of my question.
http://www.geocities.com/markliu1989/
Thanks!
-
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
How to configure Tomcat to accept certificates from certain CA's?
I am trying to do mutual SSL authentication via certificates. I have installed both my personal and the CA's certificates in my IE browser. When I visit my Web server which requires client authentication via HTTPS, IE certainly brings up the dialog box for me to choose a certificate, but it does not give me a list of my certificates to choose from! Please click the following link to get a better picture of my problem. http://www.geocities.com/markliu1989/ Do any of you know what this problem is please? And how can fix this? Thanks a lot. - Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
Re: Correction - How to configure Tomcat to accept certificates from certain CA's?
Hi, Klute, Thank you for your reply. But I do not quite understand this. Does this cacert keystore have anything to do with my Tomcat Web server? I followed the Tomcat SSL-How-To documentation and managed to run Tomcat in SSL mode successfully. Thus the certificate Tomcat uses is in the keystore (.keystore) in my home directory under the Win2K system. Please tell me if the J2SDK_HOME\jre\lib\security\cacerts have anything to do with my Tomcat Web server. Thanks a lot. Regards, Mark klute [EMAIL PROTECTED] wrote:Correction - I realized that I gave you the wrong path before. The cacerts keystore is located at: /jre/lib/security you will need to use the keytool that came with your jdk to import the CA cert into this cacerts. while importing you need to use a switch -storetype trusted (i believe) hope this helps, james --- Mark Liu wrote: I am trying to do mutual SSL authentication via certificates. I have installed both my personal and the CA's certificates in my IE browser. When I visit my Web server which requires client authentication via HTTPS, IE certainly brings up the dialog box for me to choose a certificate, but it does not give me a list of my certificates to choose from! Please click the following link to get a better picture of my problem. http://www.geocities.com/markliu1989/ Do any of you know what this problem is please? And how can fix this? Thanks a lot. - Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
Re: Correction - How to configure Tomcat to accept certificates from certain CA's?
Oh, man! You are great! It is exactly this problem. It works now! But still I don't quite understand how the cacerts keystore is related to the Tomcat server. Does the Tomcat server also reads this keystore? Thank you! Klute. klute [EMAIL PROTECTED] wrote:Correction - I realized that I gave you the wrong path before. The cacerts keystore is located at: /jre/lib/security you will need to use the keytool that came with your jdk to import the CA cert into this cacerts. while importing you need to use a switch -storetype trusted (i believe) hope this helps, james --- Mark Liu wrote: I am trying to do mutual SSL authentication via certificates. I have installed both my personal and the CA's certificates in my IE browser. When I visit my Web server which requires client authentication via HTTPS, IE certainly brings up the dialog box for me to choose a certificate, but it does not give me a list of my certificates to choose from! Please click the following link to get a better picture of my problem. http://www.geocities.com/markliu1989/ Do any of you know what this problem is please? And how can fix this? Thanks a lot. - Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
Tomcat SSL mutual authentication: Nobody's got a clue?
For over 1 week, I've been exploring about this. So far, I got no reply. Is this so professional, so tough that nobody's got a clue? __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL mutual authentication: Nobody's got a clue?
Hi, No, the Tomcat docs only says how to turn on the *server* authentication, i.e., how to run Tomcat in SSL mode. It does not mention how to have the client also pass over its certificate to the Web server. You have an idea about how to turn on client cert? --- Norris Shelton [EMAIL PROTECTED] wrote: That about sums it up. We are looking at client certs also. The Tomcat docs say how to turn on client authentication, but there is not much out there on hooking up to a CA and verifying against a CRL. All of that is beyond the scope of this list and dives deep into the realm of JCE. We are looking into going with a vendor (probably VeriSign). --- Mark Liu [EMAIL PROTECTED] wrote: For over 1 week, I've been exploring about this. So far, I got no reply. Is this so professional, so tough that nobody's got a clue? __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Norris Shelton Software Engineer Sun Certified Java 1.1 Programmer Appriss, Inc. ICQ# 26487421 AIM NorrisEShelton YIM norrisshelton __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Does Tomcat SSL support dual authentication?
I am running tomcat 4.1.18 in SSL mode on a Win2K system. And my Web server wants to parse the client's certificate. How can I configure Tomcat SSL to request the clientto send its certificate? Thanks. __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to configure Tomcat to request client Certificate?
I am running tomcat 4.1.18 in SSL mode on a Win2K system. Suppose my web server wants to see client certificate which is installed in the IE browser, how do I configure Tomcat to request the client to send the cert? Thanks. __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Public keys in reply and keystore don't match???
I want to run Tomcat SSL with a certificate issued by a certification authority I write. I am getting this exception: Public keys in reply and keystore don't match when I was trying to import a cert obtained from my certification authority, an application I write myself. Look, this is the public key modulus of the self-signed cert generated by keytool. I got this with a little Java application which reads the keystore. 1455069284194502322511586612427835896501117343193426 1277698580642282319386580591964584468845888978125540 4518567671864716720860391438340619569576370607201589 3597036773285578759967861684947201411771194610241696 2195897050728953234159981469972108152218694712333750 6190126517212329374573410343657665600894042769733 And on my CA server side, I also print out the client public key modulus, which is extracted from the CSR: 1455069284194502322511586612427835896501117343193426 1277698580642282319386580591964584468845888978125540 4518567671864716720860391438340619569576370607201589 3597036773285578759967861684947201411771194610241696 2195897050728953234159981469972108152218694712333750 6190126517212329374573410343657665600894042769733 Man, they are the same! But when I try to import the cert issued by my CA into the keystore, I get the exception like so: C:\keytool -import -alias tomcat -trustcacerts -file tomcatcert.cer Enter keystore password: changeit keytool error: java.lang.Exception: Public keys in reply and keystore don't match How come? Any idea? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Public keys in reply and keystore don't match???
Yes, they all are! --- Matt Fury [EMAIL PROTECTED] wrote: The biggest issue I had was making sure the Aliases are EXACTLY the same. Also make sure the certs are imported in the correct order. --- Mark Liu [EMAIL PROTECTED] wrote: I want to run Tomcat SSL with a certificate issued by a certification authority I write. I am getting this exception: Public keys in reply and keystore don't match when I was trying to import a cert obtained from my certification authority, an application I write myself. Look, this is the public key modulus of the self-signed cert generated by keytool. I got this with a little Java application which reads the keystore. 1455069284194502322511586612427835896501117343193426 1277698580642282319386580591964584468845888978125540 4518567671864716720860391438340619569576370607201589 3597036773285578759967861684947201411771194610241696 2195897050728953234159981469972108152218694712333750 6190126517212329374573410343657665600894042769733 And on my CA server side, I also print out the client public key modulus, which is extracted from the CSR: 1455069284194502322511586612427835896501117343193426 1277698580642282319386580591964584468845888978125540 4518567671864716720860391438340619569576370607201589 3597036773285578759967861684947201411771194610241696 2195897050728953234159981469972108152218694712333750 6190126517212329374573410343657665600894042769733 Man, they are the same! But when I try to import the cert issued by my CA into the keystore, I get the exception like so: C:\keytool -import -alias tomcat -trustcacerts -file tomcatcert.cer Enter keystore password: changeit keytool error: java.lang.Exception: Public keys in reply and keystore don't match How come? Any idea? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
I am not sure if they are of the same format. I only know that I am able to import the certificate generated by my little Java program into the keystore as alias tomcat. Anywhere I can check the format of the keytool-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
--- Gabriel Santonja [EMAIL PROTECTED] wrote: On Thu, 13 Mar 2003 19:51:57 -0800 (PST) Mark Liu [EMAIL PROTECTED] wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but on linux it work fine with SSL on the 8443 port Actually my own problem is to use SSL only in realm login page but it's visibly difficult. Goodbye. Man, it's not that I don't know how to run Tomcat with SSL. I know how to do that with the keytool-generated certificate. What I don't understand is why I can't run Tomcat SSL with the certificate generated by my little Java program. And it is a valid certificate which I can successfully import into the keystore as alias tomcat. Any idea? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
Well, I've never tried any other application. I only know that I can import it into the keystore, I can also import it into the browser (IE). --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Do your certificates work with other applications in other scenarios ? On Saturday, March 15, 2003, at 12:28 AM, Mark Liu wrote: I am not sure if they are of the same format. I only know that I am able to import the certificate generated by my little Java program into the keystore as alias tomcat. Anywhere I can check the format of the keytool-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
I think I got a little idea after I re-read the keytool doc. You see, when we generate the cert using keytool, both the private key and the public key are stored in the keystore. And when we import the cert reply from the CA, keystore will associate the private key with the cert that wraps up the corresponding public key, right? However, in my project, I have the browser IE generate the pkcs10 request and submit the request to the CA. Apparently IE does not use the SUN keystore facility. Thus, when I get the cert reply from the CA and import it into the SUN keystore, the SUN keystore has no way of matching the cert with a private key because the the private key does not exist in the SUN keystore, it is stored in the keystore that IE maintains, although the SUN keystore still imports the cert. Does my conjecture sound reasonable? Thank you for your continued education. Mark --- Mufaddal Khumri [EMAIL PROTECTED] wrote: I suggest that you try using your certificate with other applications for instance send yourself a digitally signed email using your certificate. If your certificate works with another app then probably there is something wrong with the way tomcat is handling certificates. If not (which is most probably the case) then there is something missing from the certificate. So I would strongly recommend you to try using your little java application generated certificate with some other app other than tomcat and see how it works. Thanks. On Saturday, March 15, 2003, at 12:39 AM, Mark Liu wrote: Well, I've never tried any other application. I only know that I can import it into the keystore, I can also import it into the browser (IE). --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Do your certificates work with other applications in other scenarios ? On Saturday, March 15, 2003, at 12:28 AM, Mark Liu wrote: I am not sure if they are of the same format. I only know that I am able to import the certificate generated by my little Java program into the keystore as alias tomcat. Anywhere I can check the format of the keytool-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail
Why can't I use my CA-generated certificate for Tomcat SSL?
I know how to use keytool to generate a self-signed certificate and run Tomcat with SSL. I want to use a certificate that is generated by my little Java program which is part of my Certification Authority. So I have my little Java program generate a X509 Certificate called cert4ca.cer. Then I deletee the tomcat certificate in my keystore and successfully imported cert4ca.cer into my keystore as alias tomcat. See the attached file cert4ca.cer. It's a valid one, otherwise, I would not have been able to import it into my keystore. After I launch tomcat, I can visit http://localhost, but not https://localhost. However, I am able to visit both http and https if I use the certificate generated by keytool. So, would you please give me a hint, how can I use the certificate generated by my little Java program to run tomcat with SSL? Thanks a lot in advance. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com cert4ca.cer Description: cert4ca.cer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why can't I use my CA-generated certificate for Tomcat SSL?
Hello, thank you very much for your reply. I think server.xml is irrelevant to my problem, since I am able to run Tomcat SSL using the certificate that is generated by keytool. --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Have you edited your server.xml ? !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS / /Connector On Thursday, March 13, 2003, at 11:09 AM, Mark Liu wrote: I know how to use keytool to generate a self-signed certificate and run Tomcat with SSL. I want to use a certificate that is generated by my little Java program which is part of my Certification Authority. So I have my little Java program generate a X509 Certificate called cert4ca.cer. Then I deletee the tomcat certificate in my keystore and successfully imported cert4ca.cer into my keystore as alias tomcat. See the attached file cert4ca.cer. It's a valid one, otherwise, I would not have been able to import it into my keystore. After I launch tomcat, I can visit http://localhost, but not https://localhost. However, I am able to visit both http and https if I use the certificate generated by keytool. So, would you please give me a hint, how can I use the certificate generated by my little Java program to run tomcat with SSL? Thanks a lot in advance. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http:// webhosting.yahoo.comcert4ca.cer-- --- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why can't I use my CA-generated certificate for Tomcat SSL?
OK, are you suggesting that the certificate generated by keytool associates the host name and the certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: The certificate that you generate ... is your certificate generation application associating the host name and the certificate ? Lets say the host tomcat is running on is my.webserver.com then is your certificate generating app associating this with the certificate its generating ? Thanks. On Thursday, March 13, 2003, at 11:09 AM, Mark Liu wrote: I know how to use keytool to generate a self-signed certificate and run Tomcat with SSL. I want to use a certificate that is generated by my little Java program which is part of my Certification Authority. So I have my little Java program generate a X509 Certificate called cert4ca.cer. Then I deletee the tomcat certificate in my keystore and successfully imported cert4ca.cer into my keystore as alias tomcat. See the attached file cert4ca.cer. It's a valid one, otherwise, I would not have been able to import it into my keystore. After I launch tomcat, I can visit http://localhost, but not https://localhost. However, I am able to visit both http and https if I use the certificate generated by keytool. So, would you please give me a hint, how can I use the certificate generated by my little Java program to run tomcat with SSL? Thanks a lot in advance. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http:// webhosting.yahoo.comcert4ca.cer-- --- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why can't I use my CA-generated certificate for Tomcat SSL?
I just gave it a test. I have a working keystore on host A, and I copied that keystore to host B. And it works for both. In other words, I am able to launch Tomcat SSL with the same keytool-generated certificate on 2 different hosts. Any idea about how to run Tomcat SSL with my own CA-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: The certificate that you generate ... is your certificate generation application associating the host name and the certificate ? Lets say the host tomcat is running on is my.webserver.com then is your certificate generating app associating this with the certificate its generating ? Thanks. On Thursday, March 13, 2003, at 11:09 AM, Mark Liu wrote: I know how to use keytool to generate a self-signed certificate and run Tomcat with SSL. I want to use a certificate that is generated by my little Java program which is part of my Certification Authority. So I have my little Java program generate a X509 Certificate called cert4ca.cer. Then I deletee the tomcat certificate in my keystore and successfully imported cert4ca.cer into my keystore as alias tomcat. See the attached file cert4ca.cer. It's a valid one, otherwise, I would not have been able to import it into my keystore. After I launch tomcat, I can visit http://localhost, but not https://localhost. However, I am able to visit both http and https if I use the certificate generated by keytool. So, would you please give me a hint, how can I use the certificate generated by my little Java program to run tomcat with SSL? Thanks a lot in advance. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http:// webhosting.yahoo.comcert4ca.cer-- --- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Do you run Tomcat with SSL?
I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
That means I still won't get any answer from this list, right? Does the keytool-generated certificate have something special in it? Check the attached certificate which is generated by my little Java program. It *is* a valid certificate, and can be successfully imported into the keystore. But then how come I just can't run Tomcat SSL with this certificate? There are no exception messages from the Tomcat Console. Is this a really tough problem and even gurus, if we have a few here, don't have an answer to it? --- p niemandt [EMAIL PROTECTED] wrote: My guess would be that most people only use SSL on the web front end: Apache listens on port 443, does all the SSL layer stuff, with Tomcat usually behind the firewall, and the Tomcat -- Web Server (Apache / IIS) unencrypted. just my 2c Regards, Paul On Fri, 2003-03-14 at 02:43, Mark Liu wrote: I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- p niemandt [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com cert4ca.cer Description: cert4ca.cer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Do you run Tomcat with SSL?
I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Why can't I use my CA-generated certificate for tomcat SSL?
I know how to use keytool to generate a self-signed certificate and run Tomcat with SSL. I want to use a certificate that is generated by my little Java program which is part of my Certification Authority. So I have my little Java program generate a X509 Certificate called cert4ca.cer. Then I deletee the tomcat certificate in my keystore and successfully imported cert4ca.cer into my keystore as alias tomcat. See the attached file cert4ca.cer. It's a valid one, otherwise, I would not have been able to import it into my keystore. After I launch tomcat, I can visit http://localhost, but not https://localhost. However, I am able to visit both http and https if I use the certificate generated by keytool. So, would you please give me a hint, how can I use the certificate generated by my little Java program to run tomcat with SSL? Thanks a lot in advance. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com cert4ca.cer Description: cert4ca.cer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Why can't I use my CA-generated certificate for Tomcat SSL?
I know how to use keytool to generate a self-signed certificate and run Tomcat with SSL. I want to use a certificate that is generated by my little Java program which is part of my Certification Authority. So I have my little Java program generate a X509 Certificate called cert4ca.cer. Then I deletee the tomcat certificate in my keystore and successfully imported cert4ca.cer into my keystore as alias tomcat. See the attached file cert4ca.cer. It's a valid one, otherwise, I would not have been able to import it into my keystore. After I launch tomcat, I can visit http://localhost, but not https://localhost. However, I am able to visit both http and https if I use the certificate generated by keytool. So, would you please give me a hint, how can I use the certificate generated by my little Java program to run tomcat with SSL? Thanks a lot in advance. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com cert4ca.cer Description: cert4ca.cer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to use a 3rd party certificate to run tomcat with SSL?
I use Tomcat 4.1.12. I am writing my own Certification Authority (CA) called Demo CA, and want to give it a shot. I read the tomcat SSL-HOWTO doc and did it like this: 1. Create a local Certificate like this: keytool -genkey -alias tomcat -keyalg RSA -keystore I used John Doe as my name for this certificate. 2. I visited the website of my own CA through HTTPS, and got the CA's certificate, which I saved on hard drive as cacert.cer. 3. I requested an certificate from this CA and got a valid X509 certificate of version 3 from it shortly, this I saved on hard drive and named it webcert.cer, because i am going to run a demo banking web service. By default, certificates issued by my CA are valid for 12 months. 4. I did not create a local Certificate Signing Request (CSR), since I am not getting a certificate from a real CA like Verisign or Thawte. 5. I imported the CA certificate like this: keytool -import -alias root -keystore -trustcacerts -file cacert.cer. and this was successful. 6. Finally I imported my new Certificate which I got from the CA like so: keytool -import -alias tomcat -keystore -trustcacerts -file webcert.cer. and this was also successful. Then I was able to run the demo banking web server with SSL at https://www.mockbank.com. When I visit https://www.mockbank.com from a client machine with Internet Explorer(IE), as I expected, IE presents me with the Security Alert about the certificate of my mockbank. The security alert says 3 things: 1. The certificate was issued by a company you have not chosen to trust, view the certificate and decide if you wanna trust the CA. 2. The certificate date is valid. 3. The name on the certificate is invalid or does not match the name of the site. When I view the certificate, I see that the certificate was issued to John Doe and was issued by John Doe, and it is valid for only 6 months, and it is of version 1 instead of version 3! Obviously, this is the self-signed certificate that I created by keytool. It is not the certificate that I obtained from my CA. Then does this mean that I should have used my domain name www.mockbank.com instead of john doe as my name when I requested the certificate from my CA? Besides this, did I do anything wrong? Thanks a lot in advance. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Public keys in reply and keystore don't match
I was tring to import into my keystore a certificate which I obtained from my CA. I want to do this because I want to run Tomcat 4.1.12 with SSL. After I imported the certificate of my CA, I attempted to import my certificate issued by the CA. I did it like this: C:\keytool -import -alias tomcat -keystore .keystore -trustcacerts -file mycert.cer Enter keystore password: changeit keytool error: java.lang.Exception: Public keys in reply and keystore don't match C:\ What's the problem please? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Public keys in reply and keystore don't match
I searched the mail-archive and the web, one guy asked this question on Jan. 29, 2001, but nobody gave an answer. Is this too difficult so that nobody knows the answer? Or is this too easy so that nobody assumes an answer would be necessary? --- Mark Liu [EMAIL PROTECTED] wrote: I was tring to import into my keystore a certificate which I obtained from my CA. I want to do this because I want to run Tomcat 4.1.12 with SSL. After I imported the certificate of my CA, I attempted to import my certificate issued by the CA. I did it like this: C:\keytool -import -alias tomcat -keystore .keystore -trustcacerts -file mycert.cer Enter keystore password: changeit keytool error: java.lang.Exception: Public keys in reply and keystore don't match C:\ What's the problem please? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat complains: java.security.NoSuchProviderException: no such provider: BC
Thank you, Sean,
But you did not finish reading my message, in which I
said
I even copied the BC bundle jar file to C:\Program
Files\Apache Group\Tomcat 4.1\common\lib, but
Tomcat still keeps complaining:
java.security.NoSuchProviderException: no such
provider: BC
Mark.
--- Sean Dockery [EMAIL PROTECTED] wrote:
Remember that your classpath in your environment
which is used by the java
compiler when you issue a compile command from the
command line is not the
same classpath that Tomcat uses when it is running.
Move the JAR into $CATALINA_HOME/common/lib. I
don't believe that Tomcat
supports loading JAR files from
$JRE_HOME/jre/lib/ext.
- Original Message -
From: Mark Liu [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, February 09, 2003 00:42
Subject: Tomcat complains:
java.security.NoSuchProviderException: no such
provider: BC
I run Tomcat 4.1.18 on my Win2K box.
Because my project will use bouncycastle
cryptographic
bundle (known as BC version 1.18), I have this
package
properly installed on my system. If you don't
believe
it, look at the following output:
C:\Javajava ListCryptoProviders
SUN version 1.2
SunJSSE version 1.4
SunRsaSign version 1.0
SunJCE version 1.4
SunJGSS version 1.0
BC version 1.18
C:\Java
You see, BC version 1.18 is nicely shown there.
It is the output from the following short code:
/* This class lists the cryptographic
* providers available on current system.
*/
import java.security.*;
class ListCryptoProviders
{ public static void main(String []args)
{ Provider [] providers =
Security.getProviders();
for(int i=0; iproviders.length; i++)
{ System.out.println(providers[i]);
}
}
}
However, the Servlet I write which uses the BC
bundle
does not work with Tomcat.
When I try to invoke that servlet from the
browser,
the Tomcat console says:
java.security.NoSuchProviderException: no such
provider: BC
It's weird!
I have put the BC bundle jar file under both
JDK_HOME\jre\lib\ext and Program
Files\Java\j2re1.4.0\lib\ext.
Needless to say that I have also added the
following
line
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
in file java.security in its due paths (one under
JDK_HOME\jre\lib\security and one under C:\Program
Files\Java\j2re1.4.0\lib\security).
I even copied the BC bundle jar file to C:\Program
Files\Apache Group\Tomcat 4.1\common\lib, but
Tomcat
still keeps complaining:
java.security.NoSuchProviderException: no such
provider: BC
I have no clue how I should handle this.
Any idea please?
Mark
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up
now.
http://mailplus.yahoo.com
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: how can i make sure tomcat is running?
I am not sure about linux, but why don't you just try http://localhost:8080 or http://localhost and see? --- Jianping Zhu [EMAIL PROTECTED] wrote: Thanks, can you give me more detailed instruction? On Sun, 9 Feb 2003, Tim Funk wrote: Use a command line program like wget, cURL, JMeter, ... to get a page back. You can also look for a java process running. -Tim Jianping Zhu wrote: os: redhat 7.3 how can i make sure that tomcat is running in my server? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jianping Zhu Department of Computer Science Univerity of Georgia Athens, GA 30602 Tel 706 5423900 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat complains: java.security.NoSuchProviderException: no such provider: BC
The same thing works on my Win2K box with Tomcat
4.1.12 and J2SDK1.4.1 at my home.
But it does not work on my Win2K box with Tomcat
4.1.18 and J2SDK1.4.1 in my school lab.
I get the exception from the tomcat console:
java.security.NoSuchProviderException: no such
provider: BC
Does this mean that some environmental setting for the
Win2K system in my lab is not set right?
Please.
Mark.
--- Sean Dockery [EMAIL PROTECTED] wrote:
Remember that your classpath in your environment
which is used by the java
compiler when you issue a compile command from the
command line is not the
same classpath that Tomcat uses when it is running.
Move the JAR into $CATALINA_HOME/common/lib. I
don't believe that Tomcat
supports loading JAR files from
$JRE_HOME/jre/lib/ext.
- Original Message -
From: Mark Liu [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, February 09, 2003 00:42
Subject: Tomcat complains:
java.security.NoSuchProviderException: no such
provider: BC
I run Tomcat 4.1.18 on my Win2K box.
Because my project will use bouncycastle
cryptographic
bundle (known as BC version 1.18), I have this
package
properly installed on my system. If you don't
believe
it, look at the following output:
C:\Javajava ListCryptoProviders
SUN version 1.2
SunJSSE version 1.4
SunRsaSign version 1.0
SunJCE version 1.4
SunJGSS version 1.0
BC version 1.18
C:\Java
You see, BC version 1.18 is nicely shown there.
It is the output from the following short code:
/* This class lists the cryptographic
* providers available on current system.
*/
import java.security.*;
class ListCryptoProviders
{ public static void main(String []args)
{ Provider [] providers =
Security.getProviders();
for(int i=0; iproviders.length; i++)
{ System.out.println(providers[i]);
}
}
}
However, the Servlet I write which uses the BC
bundle
does not work with Tomcat.
When I try to invoke that servlet from the
browser,
the Tomcat console says:
java.security.NoSuchProviderException: no such
provider: BC
It's weird!
I have put the BC bundle jar file under both
JDK_HOME\jre\lib\ext and Program
Files\Java\j2re1.4.0\lib\ext.
Needless to say that I have also added the
following
line
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
in file java.security in its due paths (one under
JDK_HOME\jre\lib\security and one under C:\Program
Files\Java\j2re1.4.0\lib\security).
I even copied the BC bundle jar file to C:\Program
Files\Apache Group\Tomcat 4.1\common\lib, but
Tomcat
still keeps complaining:
java.security.NoSuchProviderException: no such
provider: BC
I have no clue how I should handle this.
Any idea please?
Mark
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up
now.
http://mailplus.yahoo.com
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat complains: java.security.NoSuchProviderException: no such provider: BC
I run Tomcat 4.1.18 on my Win2K box.
Because my project will use bouncycastle cryptographic
bundle (known as BC version 1.18), I have this package
properly installed on my system. If you don't believe
it, look at the following output:
C:\Javajava ListCryptoProviders
SUN version 1.2
SunJSSE version 1.4
SunRsaSign version 1.0
SunJCE version 1.4
SunJGSS version 1.0
BC version 1.18
C:\Java
You see, BC version 1.18 is nicely shown there.
It is the output from the following short code:
/* This class lists the cryptographic
* providers available on current system.
*/
import java.security.*;
class ListCryptoProviders
{ public static void main(String []args)
{ Provider [] providers = Security.getProviders();
for(int i=0; iproviders.length; i++)
{ System.out.println(providers[i]);
}
}
}
However, the Servlet I write which uses the BC bundle
does not work with Tomcat.
When I try to invoke that servlet from the browser,
the Tomcat console says:
java.security.NoSuchProviderException: no such
provider: BC
It's weird!
I have put the BC bundle jar file under both
JDK_HOME\jre\lib\ext and Program
Files\Java\j2re1.4.0\lib\ext.
Needless to say that I have also added the following
line
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
in file java.security in its due paths (one under
JDK_HOME\jre\lib\security and one under C:\Program
Files\Java\j2re1.4.0\lib\security).
I even copied the BC bundle jar file to C:\Program
Files\Apache Group\Tomcat 4.1\common\lib, but Tomcat
still keeps complaining:
java.security.NoSuchProviderException: no such
provider: BC
I have no clue how I should handle this.
Any idea please?
Mark
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: A follow-up of my last post
What if I am the server administrator? In fact I am. Then I'll risk leaving a grave security hole, right? But anyway, I would like to learn servlet mapping. Where do we have some documents about servlet mapping? Suppose the invoker is disable, you said that have to map each and every servlet I have for my web application, right? Mark --- Turner, John [EMAIL PROTECTED] wrote: Not only is it not safe, it's not portable. If your webapp counts on this, but then is deployed to a machine you don't control, there is a 99.99% chance that server admin has the Invoker disabled and won't enable it. Then what will you do? Mapping your servlet in web.xml will work all the time, everywhere. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:29 PM To: Tomcat Users List Subject: RE: A follow-up of my last post I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 === message truncated === __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail
RE: A follow-up of my last post
OK, thanks, I'll just try to follow the examples
applications' web.xml and give it a shot.
Mark
--- Turner, John [EMAIL PROTECTED] wrote:
Depends on your definition of grave, I guess. It
was important enough
that it was changed and included in future releases.
Yes, if the Invoker servlet is disabled, you have to
map your servlet in
web.xml.
For information, check $CATALINA_HOME/conf/web.xml,
or check the archives,
this is a FAQ. You'll need a servlet tag and a
servlet-mapping tag for
every servlet in your application if you choose not
to use the Invoker
servlet.
John
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 26, 2003 12:30 PM
To: Tomcat Users List
Subject: RE: A follow-up of my last post
What if I am the server administrator? In fact I
am.
Then I'll risk leaving a grave security hole, right?
But anyway, I would like to learn servlet mapping.
Where do we have some documents about servlet
mapping?
Suppose the invoker is disable, you said that have
to
map each and every servlet I have for my web
application, right?
Mark
--- Turner, John [EMAIL PROTECTED] wrote:
Not only is it not safe, it's not portable. If
your
webapp counts on this,
but then is deployed to a machine you don't
control,
there is a 99.99%
chance that server admin has the Invoker disabled
and won't enable it. Then
what will you do? Mapping your servlet in web.xml
will work all the time,
everywhere.
John
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 25, 2003 11:29 PM
To: Tomcat Users List
Subject: RE: A follow-up of my last post
I put the following segment of code in my x509
web.xml:
servlet-mapping
servlet-nameinvoker/servlet-name
url-pattern/servlet/*/url-pattern
/servlet-mapping
And then it starts to work. But you said that
this
is
not safe, right?
--- Turner, John [EMAIL PROTECTED] wrote:
That's why it isn't working.
As I said, the Invoker servlet is disabled by
default in recent versions of
4.1.x due to security reasons. It is enabled in
the /examples
application.
You can:
1) map your servlet(s) in your application's
web.xml
file and leave the
Invoker servlet disabled
OR
2) leave your web.xml alone and enable the
Invoker
servlet.
If you choose #2, and you're going into
production,
you should understand
the security issues before you go live. If your
web application may
be deployed on a server that you don't control,
you
should choose #1, since
that will work all the time.
John
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 25, 2003 12:44 PM
To: Tomcat Users List
Subject: RE: A follow-up of my last post
Virtually, I don't have anything for my /x509
web.xml.
Here is my /x509 web.xml:
beginning of x509 web.xml *
?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
display-nameX509 Project/display-name
description
X509 Public Key Certificate Authentication
/description
/web-app
end of x509 web.xml *
I remember in earlier versions of Tomcat, any
web application should
work just fine with a primitive web.xml like so:
*** beginning of a primitive web.xml
?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
/web-app
*** end of a primitive web.xml
Is the servlet mapping a new Tomcat rule? Is
there
any way I can have my web application work
without
mapping each servlet?
Thanks.
Mark
--- Turner, John [EMAIL PROTECTED] wrote:
Do you have a mapping for the servlet(s) in
your
application's web.xml
file?
The Invoker servlet is disabled by default in
recent
versions of 4.1.x for
security reasons, but it is enabled in the
/examples
web.xml.
John
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 25, 2003 3:09 AM
To: [EMAIL PROTECTED]
Subject: A follow-up of my last post
Also please note that I have changed Marty
Hall's
ServletUtilities.java and ShowParameters.java
according my system.
=== message truncated ===
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional
Deployment Problem: Got No Clue!
I am running Tomcat 4.1.12 on my Windows 2000 system. Tomcat runs pretty well. The examples run pretty well. I created an x509 directory under webapps, i.e., I have C:\Tomcat4_1_12\webapps\x509 now. Then I created 2 folders under x509: WEB-INF and Test, i.e., I have C:\Tomcat4_1_12\webapps\x509\WEB-INF and C:\Tomcat4_1_12\webapps\x509\Test now. Under WEB-INF I have web.xml and a folder called classes. i.e., C:\Tomcat4_1_12\webapps\x509\WEB-INF\classes. I put Marty Hall's ShowParametersPostForm.html under Test, and his ShowParameters.class ServletUtilities.class under classes. I was able to see the ShowParametersPostForm.html page via this link: http://localhost/x509/Test/ShowParametersPostForm.html But then when I fill up the form and hit submit, I always get this: type Status report message /x509/servlet/ShowParameters description The requested resource (/x509/servlet/ShowParameters) is not available. However, if I move the structure to Tomcat's examples folder, it works great. Please note that I have changed servlet path specified in ShowParametersPostForm.html to FORM ACTION=../servlet/ShowParameters METHOD=POST Also please note that I have added x509 context in server.xml under conf, like so: !-- Project X509 context -- Context path=/x509 docBase=x509 debug=0 reloadable=true privileged=true/ I do not understand why it does not work under my x509 directory. I have been trying this for the whole day! Any kind help please? Thanks a lot. Mark __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
A follow-up of my last post
Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
The Error Message Is Weird
A copy-paste of the error message follows, which I got when I hit submit from the ShowParametersPostForm.html page. Apparently, Tomcat says that (/x509/servlet/ShowParameters) is not available. But I do have ShowParameters.class under /x509/WEB-INF/classes/, like so: C:\Tomcat4_1_12\webapps\x509\WEB-INF\classes\ShowParameters.class Thus I don't know why Tomcat just can't find it. Mark ** The error message *** HTTP Status 404 - /x509/servlet/ShowParameters -- type Status report message /x509/servlet/ShowParameters description The requested resource (/x509/servlet/ShowParameters) is not available. - Apache Tomcat/4.1.12 ** End of the error message __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Deployment Problem: Got No Clue!
Really? This was not a requirement for earlier versions of Tomcat, right? Here is my web.xml for my x509 application: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app Please continue to educate. Thanks a lot! --- vim m [EMAIL PROTECTED] wrote: What does your web.xml file contain? For every servlet in your application, you should have a servlet element and a mapping element. --- Mark Liu [EMAIL PROTECTED] wrote: I am running Tomcat 4.1.12 on my Windows 2000 system. Tomcat runs pretty well. The examples run pretty well. I created an x509 directory under webapps, i.e., I have C:\Tomcat4_1_12\webapps\x509 now. Then I created 2 folders under x509: WEB-INF and Test, i.e., I have C:\Tomcat4_1_12\webapps\x509\WEB-INF and C:\Tomcat4_1_12\webapps\x509\Test now. Under WEB-INF I have web.xml and a folder called classes. i.e., C:\Tomcat4_1_12\webapps\x509\WEB-INF\classes. I put Marty Hall's ShowParametersPostForm.html under Test, and his ShowParameters.class ServletUtilities.class under classes. I was able to see the ShowParametersPostForm.html page via this link: http://localhost/x509/Test/ShowParametersPostForm.html But then when I fill up the form and hit submit, I always get this: type Status report message /x509/servlet/ShowParameters description The requested resource (/x509/servlet/ShowParameters) is not available. However, if I move the structure to Tomcat's examples folder, it works great. Please note that I have changed servlet path specified in ShowParametersPostForm.html to FORM ACTION=../servlet/ShowParameters METHOD=POST Also please note that I have added x509 context in server.xml under conf, like so: !-- Project X509 context -- Context path=/x509 docBase=x509 debug=0 reloadable=true privileged=true/ I do not understand why it does not work under my x509 directory. I have been trying this for the whole day! Any kind help please? Thanks a lot. Mark __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: A follow-up of my last post
Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: A follow-up of my last post
Thanks, Vim.
I read that page.
However, the web.xml you pasted here says
You may define any number of servlet mappings,
including zero.It is also legal to define more than
one mapping for the same servlet, if you wish to.
That means it is not necessary to map each servlet I
have in my web application right?
--- vim m [EMAIL PROTECTED] wrote:
Take a look at this web page.
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/appdev/deployment.html
There is a sample web.xml file given here. You will
do
well do read that. In the web.xml file it does state
that servlets can be called without making an entry
in
the web.xml file by using -
http://host/context-path/servlet/classname.
But I have not tried it so far. The doc also says
that
this method is not portable. Have pasted the web.xml
file below:
?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
!-- General description of your web application
--
display-nameMy Web Application/display-name
description
This is version X.X of an application to
perform
a wild and wonderful task, based on servlets
and
JSP pages. It was written by Dave Developer
([EMAIL PROTECTED]), who should be contacted
for
more information.
/description
!-- Context initialization parameters that
define
shared
String constants used within your
application, which
can be customized by the system
administrator
who is
installing your application. The values
actually
assigned to these parameters can be
retrieved
in a
servlet or JSP page by calling:
String value =
getServletContext().getInitParameter(name);
where name matches the param-name
element
of
one of these initialization parameters.
You can define any number of context
initialization
parameters, including zero.
--
context-param
param-namewebmaster/param-name
param-value[EMAIL PROTECTED]/param-value
description
The EMAIL address of the administrator to
whom
questions
and comments about this application should
be
addressed.
/description
/context-param
!-- Servlet definitions for the servlets that
make up
your web application, including
initialization
parameters. With Tomcat, you can also send
requests
to servlets not listed here with a request
like this:
http://localhost:8080/{context-path}/servlet/{classname}
but this usage is not guaranteed to be
portable. It also
makes relative references to images and
other
resources
required by your servlet more complicated,
so
defining
all of your servlets (and defining a
mapping
to them with
a servlet-mapping element) is recommended.
Servlet initialization parameters can be
retrieved in a
servlet or JSP page by calling:
String value =
getServletConfig().getInitParameter(name);
where name matches the param-name
element
of
one of these initialization parameters.
You can define any number of servlets,
including zero.
--
servlet
servlet-namecontroller/servlet-name
description
This servlet plays the controller role in
the MVC architecture
used in this application. It is generally
mapped to the .do
filename extension with a servlet-mapping
element, and all form
submits in the app will be submitted to a
request URI like
saveCustomer.do, which will therefore be
mapped to this servlet.
The initialization parameter namess for this
servlet are the
servlet path that will be received by this
servlet (after the
filename extension is removed). The
corresponding value is the
name of the action class that will be used
to
process this request.
/description
servlet-classcom.mycompany.mypackage.ControllerServlet/servlet-class
init-param
param-namelistOrders/param-name
param-valuecom.mycompany.myactions.ListOrdersAction/param-value
/init-param
init-param
param-namesaveCustomer/param-name
param-valuecom.mycompany.myactions.SaveCustomerAction/param-value
/init-param
!-- Load this servlet at server startup time
--
load-on-startup5/load-on-startup
/servlet
servlet
servlet-namegraph/servlet-name
description
This servlet produces GIF images that are
dynamically generated
graphs, based on the input parameters
included
on the request.
It is generally mapped to a specific request
URI like /graph.
/description
RE: A follow-up of my last post
I put the following segment of code in my x509 web.xml: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping And then it starts to work. But you said that this is not safe, right? --- Turner, John [EMAIL PROTECTED] wrote: That's why it isn't working. As I said, the Invoker servlet is disabled by default in recent versions of 4.1.x due to security reasons. It is enabled in the /examples application. You can: 1) map your servlet(s) in your application's web.xml file and leave the Invoker servlet disabled OR 2) leave your web.xml alone and enable the Invoker servlet. If you choose #2, and you're going into production, you should understand the security issues before you go live. If your web application may be deployed on a server that you don't control, you should choose #1, since that will work all the time. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 12:44 PM To: Tomcat Users List Subject: RE: A follow-up of my last post Virtually, I don't have anything for my /x509 web.xml. Here is my /x509 web.xml: beginning of x509 web.xml * ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameX509 Project/display-name description X509 Public Key Certificate Authentication /description /web-app end of x509 web.xml * I remember in earlier versions of Tomcat, any web application should work just fine with a primitive web.xml like so: *** beginning of a primitive web.xml ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app /web-app *** end of a primitive web.xml Is the servlet mapping a new Tomcat rule? Is there any way I can have my web application work without mapping each servlet? Thanks. Mark --- Turner, John [EMAIL PROTECTED] wrote: Do you have a mapping for the servlet(s) in your application's web.xml file? The Invoker servlet is disabled by default in recent versions of 4.1.x for security reasons, but it is enabled in the /examples web.xml. John -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:09 AM To: [EMAIL PROTECTED] Subject: A follow-up of my last post Also please note that I have changed Marty Hall's ServletUtilities.java and ShowParameters.java according my system. For example, I commented out the package line. Any way, as I said in the last post, the servlet works great if I put it under Tomcat's examples application. It just does not work under my newly-created x509 application. I don't understand this. Please kindly help. Thanks. Mark. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] === message truncated === __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Problem setting up Tomcat's SSL (again!)
Hi, I am attempting to setup tomcat's SSL, but failed. I am using tomcat 4.1.12, j2sdk1.4.1_01 and Win2K professional. Running tomcat without SSL is successful. Then I followed the instruction of tomcat-ssl-howto and generated the .keystore file, modified server.xml. Then when I start tomcat, I get the following severe handshake error and if do http://localhost:8443 in my browser, I see nothing except a completely blank page. Would you gurus please kindly tell me how to fix this? Thanks a lot! Created catalinaLoader in: C:\Tomcat4_1_12\server\lib Nov 13, 2002 4:20:15 PM org.apache.commons.modeler.Registry loadRegistry INFO: Loading registry information Nov 13, 2002 4:20:17 PM org.apache.commons.modeler.Registry getRegistry INFO: Creating new Registry instance Nov 13, 2002 4:20:24 PM org.apache.commons.modeler.Registry getServer INFO: Creating MBeanServer Nov 13, 2002 4:20:34 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 80 Nov 13, 2002 4:20:52 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 443 Nov 13, 2002 4:21:59 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 80 Nov 13, 2002 4:21:59 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 443 Nov 13, 2002 4:21:59 PM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on tcp port 8009 Nov 13, 2002 4:21:59 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=580/571 config=C:\Tomcat4_1_12\conf\jk2.properties Nov 13, 2002 4:23:22 PM org.apache.tomcat.util.log.CommonLogHandler log SEVERE: Handshake failed javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA6275) at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFactory.java:290) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:493) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) Nov 13, 2002 4:23:22 PM org.apache.tomcat.util.log.CommonLogHandler log SEVERE: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThread18488ef, terminating thread java.lang.NullPointerException at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:512) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) __ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: How do I know if tomcat is started with SSL?
I cannot get that page. So obviously I the tomcat SSL is not configured right? --- Pae Choi [EMAIL PROTECTED] wrote: Try https://localhost:8443/ and see what you get. Pae - Original Message - From: Mark Liu [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, November 12, 2002 10:54 PM Subject: How do I know if tomcat is started with SSL? I am using Tomcat 4.1.12 under my W2K box. I have done the SSL setup configuration following the documentation. After I attempted to have started Tomcat, I can check out http://localhost in the browser, but I did get such exceptions in the log file stderr.log: java.io.FileNotFoundException: C:\Documents and Settings\Default User\.keystore (The system cannot find the file specified) Then I copied .keystore from my home directory to Default User. Seems I still got such exceptions. Nonetheless, as I said, I am still able to check out http://localhost, showing the default Tomcat page. Then how do I know that the tomcat is started with SSL? __ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org __ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Problem setting up Tomcat's SSL
Hi, I am attempting to setup tomcat's SSL, but failed. I am using tomcat 4.1.12, j2sdk1.4.1_01 and Win2K professional. Running tomcat without SSL is successful. Then I followed the instruction of tomcat-ssl-howto and generated the .keystore file, modified server.xml. Then when I start tomcat, I get the following severe handshake error and if do http://localhost:8443 in my browser, I see nothing except a completely blank page. Would you gurus please kindly tell me how to fix this? Thanks a lot! Created catalinaLoader in: C:\Tomcat4_1_12\server\lib Nov 13, 2002 4:20:15 PM org.apache.commons.modeler.Registry loadRegistry INFO: Loading registry information Nov 13, 2002 4:20:17 PM org.apache.commons.modeler.Registry getRegistry INFO: Creating new Registry instance Nov 13, 2002 4:20:24 PM org.apache.commons.modeler.Registry getServer INFO: Creating MBeanServer Nov 13, 2002 4:20:34 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 80 Nov 13, 2002 4:20:52 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 443 Nov 13, 2002 4:21:59 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 80 Nov 13, 2002 4:21:59 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 443 Nov 13, 2002 4:21:59 PM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on tcp port 8009 Nov 13, 2002 4:21:59 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=580/571 config=C:\Tomcat4_1_12\conf\jk2.properties Nov 13, 2002 4:23:22 PM org.apache.tomcat.util.log.CommonLogHandler log SEVERE: Handshake failed javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA6275) at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFactory.java:290) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:493) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) Nov 13, 2002 4:23:22 PM org.apache.tomcat.util.log.CommonLogHandler log SEVERE: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThread18488ef, terminating thread java.lang.NullPointerException at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:512) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) __ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
How do I know if tomcat is started with SSL?
I am using Tomcat 4.1.12 under my W2K box. I have done the SSL setup configuration following the documentation. After I attempted to have started Tomcat, I can check out http://localhost in the browser, but I did get such exceptions in the log file stderr.log: java.io.FileNotFoundException: C:\Documents and Settings\Default User\.keystore (The system cannot find the file specified) Then I copied .keystore from my home directory to Default User. Seems I still got such exceptions. Nonetheless, as I said, I am still able to check out http://localhost, showing the default Tomcat page. Then how do I know that the tomcat is started with SSL? __ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
