RE: Apache mod_SSL and Tomcat using mod_jk
-Message d'origine- De: Pete Ehli [mailto:[EMAIL PROTECTED]] Date: mardi 16 janvier 2001 08:34 : [EMAIL PROTECTED] Objet: Apache mod_SSL and Tomcat using mod_jk Hello I am new to Apache and am using mod_ssl Apache server connected with Tomcat via the mod_jk module - I've just done that ... (absolute beginer) I get the following warning when starting Apache after I start tomcat "Loaded DSO modules/mod_jk.dll uses plain Apache 1.3 API, this module might crash under EAPI! (Please recompile it with -DEAPI) same for me... it seems to works anyway... note that I had to install JSSE 102 from sun java site... I've put it into the JRE 1.3 as documented (jar in lib/ext) and changed the security provider list in some properties file as documented... For tomcat servlet/jsp to be able to call-back HTTPS as a client I had to add a -D... that sets the implementor of URL... documented in JSSE also... I also had to set the keystore of jsse extract from tomcat.bat: :runServer rem Running Tomcat in this window if "%2" == "-security" goto runSecure %_RUNJAVA% %TOMCAT_OPTS% -Dtomcat.home="%TOMCAT_HOME%" -Djavax.net.ssl.trustStore="%TOMCAT_HOME%/conf/ssl/cacerts" -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol org.apache.tomcat.startup.Tomcat %2 %3 %4 %5 %6 %7 %8 %9 goto cleanup I am trying to get Apache and Tomcat to use SSL . I don't have a certificate configured and get the following error "localhost:443 should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]" Can someone point me to the exact directions on how to configure a certificate and also will this module I had to use the snakeoil certificates an keys as documented... all is configured in a virtual host on port 443... the last problem is tha the snakeoil certificate have a /CN= different from my host DNS name (sure, it is a dummy certificate), and thus the HTTPS URL connector refuse to trust an HTTPS server whose certificat CN is different from it's DNS name... I've found example of config files on the web... note the the ifdefined SSL does not works with the apache/mod_ssl found on mod_ssl.org... I have used the IfModule mod_ssl.c I've put parts of the config files at the end... mod_jk work with the version of Apache I am using - Apache_1.3.14-mod_ssl_2.7.2-openssl_0.96-win32.zip and Tomcat 3.2.1 I have configured this via the documentation in Tomcat. Any ideas or suggestion on where to go form here would be much appreciated if some one can explai me how to generate a good server certificat with openssl or keytool... 8) -- here is the SSL config included at the end of the httpd.conf in apache ## ## SSL Support ## ## When we also provide SSL we have to listen to the ## standard HTTP port (see above) and to the HTTPS port ## LoadModule ssl_module modules/ApacheModuleSSL.dll IfModule mod_ssl.c Listen 8000 Listen 8443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First either `none' # or `dbm:/path/to/file' for the mechanism to use and # second the expiring timeout (in seconds). #SSLSessionCachenone #SSLSessionCacheshm:logs/ssl_scache(512000) SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual explusion semaphore the # SSL engine uses internally for inter-process synchronization. #SSLMutex file:logs/ssl_mutex # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # Logging: # The home of the dedicated SSL protocol logfile. Errors are # additionally duplicated in the general error log file. Put # this somewhere where it cannot be used for symlink attacks on # a real server (i.e. somewhere where only root can write). # Log levels are (ascending order: higher ones include lower ones): # none, error, warn, info, trace,
RE: Apache mod_SSL and Tomcat using mod_jk
Hello I am new to Apache and am using mod_ssl Apache server connected with Tomcat via the mod_jk module - I've just done that ... (absolute beginer) I get the following warning when starting Apache after I start tomcat "Loaded DSO modules/mod_jk.dll uses plain Apache 1.3 API, this module might crash under EAPI! (Please recompile it with -DEAPI) The module as been compiled on a Standard Apache and you want it to run on a EAPI Apache (ie using mod_ssl). If you're using a Linux Redhat or compatible take a look at my RPM at :ftp://ftp.falsehope.com/home/gomez/tomcat/ or at http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.1/rpms/ same for me... it seems to works anyway... note that I had to install JSSE 102 from sun java site... I've put it into the JRE 1.3 as documented (jar in lib/ext) and changed the security provider list in some properties file as documented... For tomcat servlet/jsp to be able to call-back HTTPS as a client I had to add a -D... that sets the implementor of URL... documented in JSSE also... I also had to set the keystore of jsse extract from tomcat.bat: :runServer rem Running Tomcat in this window if "%2" == "-security" goto runSecure %_RUNJAVA% %TOMCAT_OPTS% -Dtomcat.home="%TOMCAT_HOME%" -Djavax.net.ssl.trustStore="%TOMCAT_HOME%/conf/ssl/cacerts" -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol org.apache.tomcat.startup.Tomcat %2 %3 %4 %5 %6 %7 %8 %9 goto cleanup I am trying to get Apache and Tomcat to use SSL . I don't have a certificate configured and get the following error "localhost:443 should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]" Can someone point me to the exact directions on how to configure a certificate and also will this module I had to use the snakeoil certificates an keys as documented... all is configured in a virtual host on port 443... the last problem is tha the snakeoil certificate have a /CN= different from my host DNS name (sure, it is a dummy certificate), and thus the HTTPS URL connector refuse to trust an HTTPS server whose certificat CN is different from it's DNS name... I've found example of config files on the web... note the the ifdefined SSL does not works with the apache/mod_ssl found on mod_ssl.org... I have used the IfModule mod_ssl.c I've put parts of the config files at the end... mod_jk work with the version of Apache I am using - Apache_1.3.14-mod_ssl_2.7.2-openssl_0.96-win32.zip and Tomcat 3.2.1 I have configured this via the documentation in Tomcat. Any ideas or suggestion on where to go form here would be much appreciated if some one can explai me how to generate a good server certificat with openssl or keytool... 8) -- here is the SSL config included at the end of the httpd.conf in apache ## ## SSL Support ## ## When we also provide SSL we have to listen to the ## standard HTTP port (see above) and to the HTTPS port ## LoadModule ssl_module modules/ApacheModuleSSL.dll IfModule mod_ssl.c Listen 8000 Listen 8443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First either `none' # or `dbm:/path/to/file' for the mechanism to use and # second the expiring timeout (in seconds). #SSLSessionCachenone #SSLSessionCacheshm:logs/ssl_scache(512000) SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual explusion semaphore the # SSL engine uses internally for inter-process synchronization. #SSLMutex file:logs/ssl_mutex # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # Logging: # The home of the dedicated SSL protocol logfile. Errors are # additionally duplicated in the general error log file. Put # this somewhere where it cannot be used for symlink attacks on # a real server (i.e. somewhere where
