Re: tomcat and firefox ssl problem - no common encryption algorithms
Lyndon Tiu wrote: Hello, I am using on server: - Tomcat 5.5.9 downloaded from Apache Tomcat website. - Tried both Java 1.4.2_09(using tomcat compat packages) and Java 1.5.0_03 - RH ES3 on client: - Firefox 1.0.6 - RH WS3 I have done ssl on Tomcat 4.x and 5.0.x a few times before with no problems and I am surprised to find this issue today. No error messages in Tomcat logs but Firefox complains about: Firefox and server host name cannot cummunicate securely because they have no common encryption algorithms. Have you set up a keystore with at least a self-signed certificate? Have you explicitly set the sslProtocol attribute in your SSL connector (despite the docs this is necessary in 5.5.9, fixed thereafter) Connector ... sslProtocol=TLS ... Have you tried another browser in case you get a more helpful message (what Firefox said is not true)? cheers Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.4/109 - Release Date: 21/Sep/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat and firefox ssl problem - no common encryption algorithms
On Thu, 22 Sep 2005 14:40:25 0100 [EMAIL PROTECTED] wrote: Lyndon Tiu wrote: Hello, I am using on server: - Tomcat 5.5.9 downloaded from Apache Tomcat website. - Tried both Java 1.4.2_09(using tomcat compat packages) and Java 1.5.0_03 - RH ES3 on client: - Firefox 1.0.6 - RH WS3 I have done ssl on Tomcat 4.x and 5.0.x a few times before with no problems and I am surprised to find this issue today. No error messages in Tomcat logs but Firefox complains about: Firefox and server host name cannot cummunicate securely because they have no common encryption algorithms. Have you set up a keystore with at least a self-signed certificate? Yes. Have you explicitly set the sslProtocol attribute in your SSL connector (despite the docs this is necessary in 5.5.9, fixed thereafter) Connector ... sslProtocol=TLS ... Yes. Have you tried another browser in case you get a more helpful message (what Firefox said is not true)? IE 6. Gave me that generic page cannot be displayed error. cheers As I said, I have done this successfully before and I am baffled that it is not working fo me now. Thanks. Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.4/109 - Release Date: 21/Sep/2005 -- Lyndon Tiu - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat and firefox ssl problem - no common encryption algorithms
As I said, I have done this successfully before and I am baffled that it is not working fo me now. Perhaps you need send your server.xml along so others can see what you've done. It definitely works with Firefox and IE on 5.5.9 David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat and firefox ssl problem - no common encryption algorithms
Problem solved. I was generating ssl certs with openssl and apparently, I needed to use keytool. Thanks. On Thu, 22 Sep 2005 09:03:52 -0700 tomcat-user@jakarta.apache.org wrote: As I said, I have done this successfully before and I am baffled that it is not working fo me now. Perhaps you need send your server.xml along so others can see what you've done. It definitely works with Firefox and IE on 5.5.9 David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Lyndon Tiu - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat and firefox ssl problem - no common encryption algorithms
Hello, I am using on server: - Tomcat 5.5.9 downloaded from Apache Tomcat website. - Tried both Java 1.4.2_09(using tomcat compat packages) and Java 1.5.0_03 - RH ES3 on client: - Firefox 1.0.6 - RH WS3 I have done ssl on Tomcat 4.x and 5.0.x a few times before with no problems and I am surprised to find this issue today. No error messages in Tomcat logs but Firefox complains about: Firefox and server host name cannot cummunicate securely because they have no common encryption algorithms. I have researched Google but there doesn't seem to be any straight answer. Any ideas? Thank you. -- Lyndon Tiu - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL problem for webservices
Hi,
I am having a problem here. I am using Jakarta Tomcat V5.5 (part of
jboss-4.0.2) and j2sdk1.4.2_08 on a Redhat Linux server.
I have been trying to perform secure HTTPS webservices calls from an
external web-server but
have thus far been unsuccessful. The local client test environment
(simulating the external webserver) always returns
the following message:
Created service and call objects.
Set call endpoint and operation name.
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
I have registered a self-signed certificate as described below. I have also
tested setting clientAuth=true (in the server.xml) and the secure logon
command works but subsequent non-secure HTTP calls don't work... which
includes the user interface via the web browser.
What am I doing wrong? Should I use a different port for secure webservice
calls so the tested setting doesn't interfere with the web-browser? And if
so does this setting still guarantee the maintenance of the (webservices)
session data via JSESSIONID since calls are made on both secure and
non-secure ports?
Also is there anything else I need to be aware of if I want to enable calls
from foreign webservers?
Cheers,
Peter
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 6 September 2005 02:17
To: Tomcat Users List
Subject: Re: SSL problem
For 5, import the CA cert to $JAVA_HOME/jre/lib/security/cacerts
Do 4 after 5.
If you do it right, you shouldn't see the prompt to trust the CA as it
is already in your list of trusted certs.
Also, check the server cert you get back is indeed what you expect.
Mark
Peter Betz wrote:
Hi,
I am having a problem here. I am using Jakarta Tomcat V5.5 (part of
jboss-4.0.2) and j2sdk1.4.2_08 on a Redhat Linux server.
I having been trying to register a signed certificate but have thus far
being unsuccessful.
It always comes out as a self-signed certificate. What am I doing wrong?
Details are as follows:
Here is what I have been doing:
~~
~~
~~~
Logged in and performed commands as jboss user because the J2EE
and Jakarta
Tomcat environment is run under jboss user.
1. Generate a private key with the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
k-factor88.kdb
2. Generate the Certificate Signing Request (CSR)
$JAVA_HOME/bin/keytool -certreq -alias tomcat -keystore
k-factor88.kdb -file
k-factor88.csr
3. Generate the Server Certificate
Submit k-factor88.csr to root certification authority and save returned
certificate into k-factor88.cer
4. Import the Server Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore
k-factor88.kdb -alias
root -file k-factor88.cer
Note: Keytool confirms that the certificate has been signed by a
certification authority. I choose to trust it.
5. Import the Trust Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore
k-factor88.kdb -alias
jboss -file UTN.cer
Note: UTN.cer is the certification authority certificate and needs to be
imported.
server.xml
~~
~~
~
Connector port=8443 address=${jboss.bind.address}
maxThreads=100 strategy=ms maxHttpHeaderSize=8192
emptySessionPath=true
scheme=https secure=true clientAuth=false
keystoreFile=${jboss.home.dir}/bin/certs/k-factor88.kdb
keystorePass=changeit sslProtocol = TLS /
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
SSL problem
Hi,
I am having a problem here. I am using Jakarta Tomcat V5.5 (part of
jboss-4.0.2) and j2sdk1.4.2_08 on a Redhat Linux server.
I having been trying to register a signed certificate but have thus far
being unsuccessful.
It always comes out as a self-signed certificate. What am I doing wrong?
Details are as follows:
Here is what I have been doing:
~~~
Logged in and performed commands as jboss user because the J2EE and Jakarta
Tomcat environment is run under jboss user.
1. Generate a private key with the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
k-factor88.kdb
2. Generate the Certificate Signing Request (CSR)
$JAVA_HOME/bin/keytool -certreq -alias tomcat -keystore k-factor88.kdb -file
k-factor88.csr
3. Generate the Server Certificate
Submit k-factor88.csr to root certification authority and save returned
certificate into k-factor88.cer
4. Import the Server Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
root -file k-factor88.cer
Note: Keytool confirms that the certificate has been signed by a
certification authority. I choose to trust it.
5. Import the Trust Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
jboss -file UTN.cer
Note: UTN.cer is the certification authority certificate and needs to be
imported.
server.xml
~
Connector port=8443 address=${jboss.bind.address}
maxThreads=100 strategy=ms maxHttpHeaderSize=8192
emptySessionPath=true
scheme=https secure=true clientAuth=false
keystoreFile=${jboss.home.dir}/bin/certs/k-factor88.kdb
keystorePass=changeit sslProtocol = TLS /
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem
For 5, import the CA cert to $JAVA_HOME/jre/lib/security/cacerts
Do 4 after 5.
If you do it right, you shouldn't see the prompt to trust the CA as it
is already in your list of trusted certs.
Also, check the server cert you get back is indeed what you expect.
Mark
Peter Betz wrote:
Hi,
I am having a problem here. I am using Jakarta Tomcat V5.5 (part of
jboss-4.0.2) and j2sdk1.4.2_08 on a Redhat Linux server.
I having been trying to register a signed certificate but have thus far
being unsuccessful.
It always comes out as a self-signed certificate. What am I doing wrong?
Details are as follows:
Here is what I have been doing:
~~~
Logged in and performed commands as jboss user because the J2EE and Jakarta
Tomcat environment is run under jboss user.
1. Generate a private key with the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
k-factor88.kdb
2. Generate the Certificate Signing Request (CSR)
$JAVA_HOME/bin/keytool -certreq -alias tomcat -keystore k-factor88.kdb -file
k-factor88.csr
3. Generate the Server Certificate
Submit k-factor88.csr to root certification authority and save returned
certificate into k-factor88.cer
4. Import the Server Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
root -file k-factor88.cer
Note: Keytool confirms that the certificate has been signed by a
certification authority. I choose to trust it.
5. Import the Trust Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
jboss -file UTN.cer
Note: UTN.cer is the certification authority certificate and needs to be
imported.
server.xml
~
Connector port=8443 address=${jboss.bind.address}
maxThreads=100 strategy=ms maxHttpHeaderSize=8192
emptySessionPath=true
scheme=https secure=true clientAuth=false
keystoreFile=${jboss.home.dir}/bin/certs/k-factor88.kdb
keystorePass=changeit sslProtocol = TLS /
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
tomcat SSL problem
Hi all,
I am trying to open a SSL connection from a tomcat server (called it TC1)
that locate within a DMZ to the other tomcat server (called it TC2) which is
located in external network.
I got the following in the TC1 system.out,
WARNING: Servlet.service() for servlet HelloWorld threw exception
java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Sou
rce)
at HelloWorld.doGet(HelloWorld.java:20)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:214)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:825)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ssConnection(Http11Protocol.java:738)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
int.java:526)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol
lowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:684)
at java.lang.Thread.run(Unknown Source)
Here is the servlet i place in TC1 which open a SSL connection to TC2.
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.net.URL;
import java.net.URLConnection;
public class HelloWorld extends HttpServlet {
public void doGet(HttpServletRequest request,HttpServletResponse response)
throws ServletException, IOException {
PrintWriter out = response.getWriter();
out.println(Hello World);
URL url = new URL(https://154.123.23.10:8443;);
URLConnection con = url.openConnection();
con.connect();
}
}
I have used java keytool to generate a self-signed cert and also a keystore
in TC2. Below is the Connector element of the server.xml of TC2
Connector port=8443
maxThreads=150 minSpareThreads=25 maxSpareThreads=75
enableLookups=false disableUploadTimeout=true
acceptCount=100 scheme=https secure=true
clientAuth=false sslProtocol=TLS
keystoreFile=C:\program files\Tomcat 5.5.7\keystore\.keystore/
I also imported the self-signed cert into the truststore of machine which
host the TC1. The place i store the self-signed cert of TC2 is
jre_home\lib\security\cacerts
I think i have setup the SSL correctly.
Does anyone know how to resolve the exception java.net.SocketException:
Default SSL context init failed: null I mentioned above?
Thanks for your help
wx
TOMCAT SSL PROBLEM
HI! I am having problem in production deployment. I am using Tomcat 4.1.24 . It's working fine in Win 2k UAT machine , same is working fine in Linux 2.1 UAT machine. While same is fine in production machine as well. But I change server.xml in all the three machine, it works fine in both UAT machine but doesn't work in production machine. When starting tomcat it hangs showing the cursor after this line HttpConnector Opening server socket on all host IP addresses and doesn't go ahead. Can anyone help me where I am wrong? Abhishek - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5 SSL problem
Hello all. I'm trying to get SSL working on my Tomcat 5.0.27 instance... I've read all the how-to's and spent an hour Googling, but I can't get past an issue I'm having... I have the following entry in my server.xml: Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory keystoreFile=c:\tomcat\.keystore keystorePass=my_password clientAuth=false protocol=TLS / /Connector The keystore file is there, and I believe generated properly, as per the how-to instructions. When I start Tomcat however, I get the following exception: [INFO] Http11Protocol - Initializing Coyote HTTP/1.1 on http-8181 [ERROR] Http11Protocol - Error initializing socket factory java.lang.ClassNotFo undException: Can't find any SSL implementationjava.lang.ClassNotFoundException : Can't find any SSL implementation at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement ation.java:57) at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement ation.java:63) at org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Prot ocol.java:770) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:119) at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. java:1429) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:609) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2384) at org.apache.catalina.startup.Catalina.load(Catalina.java:507) at org.apache.catalina.startup.Catalina.load(Catalina.java:528) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) [ERROR] Catalina - Catalina.start LifecycleException: Protocol handler initial ization failed: java.lang.ClassNotFoundException: Can't find any SSL implementat ionLifecycleException: Protocol handler initialization failed: java.lang.Class NotFoundException: Can't find any SSL implementation at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. java:1431) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:609) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2384) at org.apache.catalina.startup.Catalina.load(Catalina.java:507) at org.apache.catalina.startup.Catalina.load(Catalina.java:528) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) Tomcat DOES continue to run, but obviously without SSL working. Any ideas? Thanks all! Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies www.omnytex.com _ Get ready for school! Find articles, homework help and more in the Back to School Guide! http://special.msn.com/network/04backtoschool.armx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 SSL problem
Hola Frank, I'm doing it too. My server.xml configuration is: Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true keystoreFile=e:\java\pruebas\WSOverSSL\server.keystore keystorePass=changeit clientAuth=true sslProtocol=TLS/ I don't know if it's the best but the Tomcat Run. Now I'm trying to indetify/authentificate my WS-Client. Con fecha viernes, 27 de agosto de 2004, 19:09:03, escribiste: FZ Hello all. I'm trying to get SSL working on my Tomcat 5.0.27 instance... FZ I've read all the how-to's and spent an hour Googling, but I can't get past FZ an issue I'm having... FZ I have the following entry in my server.xml: FZ Connector className=org.apache.coyote.tomcat5.CoyoteConnector FZ port=8443 minProcessors=5 maxProcessors=75 FZ enableLookups=true FZ acceptCount=100 debug=0 scheme=https secure=true FZ useURIValidationHack=false disableUploadTimeout=true FZ Factory FZ className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory FZ keystoreFile=c:\tomcat\.keystore keystorePass=my_password FZ clientAuth=false protocol=TLS / FZ /Connector FZ The keystore file is there, and I believe generated properly, as per the FZ how-to instructions. When I start Tomcat however, I get the following FZ exception: FZ [INFO] Http11Protocol - Initializing Coyote HTTP/1.1 on http-8181 FZ [ERROR] Http11Protocol - Error initializing socket factory FZ java.lang.ClassNotFo FZ undException: Can't find any SSL implementationjava.lang.ClassNotFoundException FZ : Can't find any SSL implementation FZ at FZ org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement FZ ation.java:57) FZ at FZ org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement FZ ation.java:63) FZ at FZ org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Prot FZ ocol.java:770) FZ at FZ org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:119) FZ at FZ org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. FZ java:1429) FZ at FZ org.apache.catalina.core.StandardService.initialize(StandardService.j FZ ava:609) FZ at FZ org.apache.catalina.core.StandardServer.initialize(StandardServer.jav FZ a:2384) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:507) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:528) FZ at java.lang.reflect.Method.invoke(Native Method) FZ at FZ org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) FZ at FZ org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) FZ [ERROR] Catalina - Catalina.start LifecycleException: Protocol handler FZ initial FZ ization failed: java.lang.ClassNotFoundException: Can't find any SSL FZ implementat FZ ionLifecycleException: Protocol handler initialization failed: FZ java.lang.Class FZ NotFoundException: Can't find any SSL implementation FZ at FZ org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. FZ java:1431) FZ at FZ org.apache.catalina.core.StandardService.initialize(StandardService.j FZ ava:609) FZ at FZ org.apache.catalina.core.StandardServer.initialize(StandardServer.jav FZ a:2384) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:507) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:528) FZ at java.lang.reflect.Method.invoke(Native Method) FZ at FZ org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) FZ at FZ org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) FZ Tomcat DOES continue to run, but obviously without SSL working. Any ideas? FZ Thanks all! FZ Frank W. Zammetti FZ Founder and Chief Software Architect FZ Omnytex Technologies FZ www.omnytex.com FZ _ FZ Get ready for school! Find articles, homework help and more in the Back to FZ School Guide! http://special.msn.com/network/04backtoschool.armx FZ - FZ To unsubscribe, e-mail: [EMAIL PROTECTED] FZ For additional commands, e-mail: FZ [EMAIL PROTECTED] -- Saludos, Danielmailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Problem need Help!
What do you mean exactly??? Can you give me a sample server.xml for this ? -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Freitag, 30. Juli 2004 05:45 To: [EMAIL PROTECTED] Subject: Re: SSL Problem need Help! Edit the file by hand, and get rid of the 'keypass' attribute. There is a bunch of other stuff you could clean up, but it's mostly aliases of the same attribute over and over. Stephan Kühn [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hallo, i new with Tomcat and i use Tomcat 5.16 with j2re1.4.2_03 on Windows. So i whnat to configure a server base ssl auth. So i create my cert with xca my own ca and a serfver cert in pkcs12 format. So when i try to setup https with webgui after restart the apache/tomcat service, the service faild to start. Why evey Here is my server.xml ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 redirectPort=8443 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 /Connector Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Connector address=127.0.0.1 enableLookups=true keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123 port=8553 redirectPort=8554 scheme=https sslProtocol=TLS algorithm=SunX509 clientauth=false keypass=changeit keystore=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keytype=PKCS12 protocol=TLS secure=true Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123/ /Connector Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true/ /Host Host name=kunde3 /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service /Server Have anybody i idea for me ?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL Problem need Help!
Hallo, i new with Tomcat and i use Tomcat 5.16 with j2re1.4.2_03 on Windows. So i whnat to configure a server base ssl auth. So i create my cert with xca my own ca and a serfver cert in pkcs12 format. So when i try to setup https with webgui after restart the apache/tomcat service, the service faild to start. Why evey Here is my server.xml ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 redirectPort=8443 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 /Connector Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Connector address=127.0.0.1 enableLookups=true keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123 port=8553 redirectPort=8554 scheme=https sslProtocol=TLS algorithm=SunX509 clientauth=false keypass=changeit keystore=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keytype=PKCS12 protocol=TLS secure=true Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123/ /Connector Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true/ /Host Host name=kunde3 /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service /Server Have anybody i idea for me ?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Problem need Help!
Need still help!! -Original Message- From: Stephan Kühn [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 29. Juli 2004 11:32 To: Tomcat Users List Subject: SSL Problem need Help! Hallo, i new with Tomcat and i use Tomcat 5.16 with j2re1.4.2_03 on Windows. So i whnat to configure a server base ssl auth. So i create my cert with xca my own ca and a serfver cert in pkcs12 format. So when i try to setup https with webgui after restart the apache/tomcat service, the service faild to start. Why evey Here is my server.xml ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 redirectPort=8443 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 /Connector Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Connector address=127.0.0.1 enableLookups=true keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123 port=8553 redirectPort=8554 scheme=https sslProtocol=TLS algorithm=SunX509 clientauth=false keypass=changeit keystore=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keytype=PKCS12 protocol=TLS secure=true Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123/ /Connector Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true/ /Host Host name=kunde3 /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service /Server Have anybody i idea for me ?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: SSL Problem need Help!
What is about your log files? Do you have any logged information about that? -Ursprüngliche Nachricht- Von: Stephan Kühn [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 29. Juli 2004 12:04 An: Tomcat Users List Betreff: RE: SSL Problem need Help! Need still help!! -Original Message- From: Stephan Kühn [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 29. Juli 2004 11:32 To: Tomcat Users List Subject: SSL Problem need Help! Hallo, i new with Tomcat and i use Tomcat 5.16 with j2re1.4.2_03 on Windows. So i whnat to configure a server base ssl auth. So i create my cert with xca my own ca and a serfver cert in pkcs12 format. So when i try to setup https with webgui after restart the apache/tomcat service, the service faild to start. Why evey Here is my server.xml ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 redirectPort=8443 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 /Connector Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Connector address=127.0.0.1 enableLookups=true keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123 port=8553 redirectPort=8554 scheme=https sslProtocol=TLS algorithm=SunX509 clientauth=false keypass=changeit keystore=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keytype=PKCS12 protocol=TLS secure=true Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123/ /Connector Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true/ /Host Host name=kunde3 /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service /Server Have anybody i idea for me ?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Problem need Help!
Which log file should i show ?? -Original Message- From: Gunnar Pörschke [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 29. Juli 2004 12:46 To: 'Tomcat Users List' Subject: AW: SSL Problem need Help! What is about your log files? Do you have any logged information about that? -Ursprüngliche Nachricht- Von: Stephan Kühn [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 29. Juli 2004 12:04 An: Tomcat Users List Betreff: RE: SSL Problem need Help! Need still help!! -Original Message- From: Stephan Kühn [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 29. Juli 2004 11:32 To: Tomcat Users List Subject: SSL Problem need Help! Hallo, i new with Tomcat and i use Tomcat 5.16 with j2re1.4.2_03 on Windows. So i whnat to configure a server base ssl auth. So i create my cert with xca my own ca and a serfver cert in pkcs12 format. So when i try to setup https with webgui after restart the apache/tomcat service, the service faild to start. Why evey Here is my server.xml ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 redirectPort=8443 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 /Connector Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Connector address=127.0.0.1 enableLookups=true keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123 port=8553 redirectPort=8554 scheme=https sslProtocol=TLS algorithm=SunX509 clientauth=false keypass=changeit keystore=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keytype=PKCS12 protocol=TLS secure=true Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123/ /Connector Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true/ /Host Host name=kunde3 /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service /Server Have anybody i idea for me ?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Problem need Help!
Edit the file by hand, and get rid of the 'keypass' attribute. There is a bunch of other stuff you could clean up, but it's mostly aliases of the same attribute over and over. Stephan Kühn [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hallo, i new with Tomcat and i use Tomcat 5.16 with j2re1.4.2_03 on Windows. So i whnat to configure a server base ssl auth. So i create my cert with xca my own ca and a serfver cert in pkcs12 format. So when i try to setup https with webgui after restart the apache/tomcat service, the service faild to start. Why evey Here is my server.xml ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 redirectPort=8443 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 /Connector Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Connector address=127.0.0.1 enableLookups=true keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123 port=8553 redirectPort=8554 scheme=https sslProtocol=TLS algorithm=SunX509 clientauth=false keypass=changeit keystore=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keytype=PKCS12 protocol=TLS secure=true Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory keystoreFile=D:\VoiceTrust_AG\Web\Tomcat\Certs\VTS.p12 keystorePass=test123/ /Connector Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true/ /Host Host name=kunde3 /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service /Server Have anybody i idea for me ?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat 5.0.25 and SSL problem
We are running Tomcat 5.0.25, AIX 5.2. We are having problems getting SSL to work. We can reach the default tomcat page when we use 8070 but not when we use the SSL port 8443. We have the following connector's setup in our server.xml Connector port=8070 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 algorithm=IbmX509 disableUploadTimeout=true / Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true keystorePass=changeit keystoretype=JKS Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory clientAuth=false protocol=SSL algorithm=IbmX509 / /Connector Connector port=8071 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / We are also getting the following error in the catalina.out when we startup Tomcat. The server starts up though so we are unsure if this is related to our problem or not. INFO: Installing web application at context path /balancer from URL file:/br1/ho me/weblsnr/tomcat-5.0.25/webapps/balancer Jul 9, 2004 9:30:21 AM org.apache.catalina.core.StandardContext start SEVERE: Error filterStart Jul 9, 2004 9:30:21 AM org.apache.catalina.core.StandardContext start SEVERE: Context startup failed due to previous errors We are totally new to Tomcat so any help would be greatly appreciated.
Re: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Hi again, Now that the VeriSign Global Server ID Intermediate Root cert has expired I have to replace the Intermediate Root cert on the server. There is an example on how to replace the cert on an apache server on their website (and that works fine), but no instructions how to replace it on an standalone tomcat server. It seems that the only way to solve this problem is to get a new cert from VeriSign. The german support-team had no problem to give me a new one for free because they think that the expiration is their problem, so they do anything to help the customer! To get a new cert just follow the instructions written down in the tomcat documentation (generate key, csr, get csr-response, import response). Thx again for your replies! Joern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Jörn Böckenkamp wrote: It IS easy when you're using a self-signed cert, but I have to use one from VeriSign and I don't think that I can regenerate the VeriSign cert with a new date :-) Did you try importing the new certificate directly into the user's keystore? For example, if you run the service as root , you'll have to remove the old certificate and import the new one into /.keystore (in UNIX of course) with alias 'tomcat'. I'd recommend you backup the keystore file before you make any changes to it. Also, restart the server after you make the change, so TC starts up with the new certificate. HTH, -- Ankur - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Hi Yan, Now that the VeriSign Global Server ID Intermediate Root cert has expired I have to replace the Intermediate Root cert on the server. There is an example on how to replace the cert on an apache server on their website (and that works fine), but no instructions how to replace it on an standalone tomcat server. Hi, what i did for my local machine(TOMCAT-STANDALONE) was regenerate the certificate with a new date and everything worked fine. it's supposed to be easy. It IS easy when you're using a self-signed cert, but I have to use one from VeriSign and I don't think that I can regenerate the VeriSign cert with a new date :-) JB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Oh I see. You got a new one from them, installed for apache OK, but having trouble install it on Tomcat-StandAlone. Well, since you paid for it, you might as well ask them to see if they can give you any support:). Oh, I did a man keytool, it seems that you can import a certificate. What happens if you do that? -Yan -Original Message- From: Jörn Böckenkamp [mailto:[EMAIL PROTECTED] Sent: Friday, February 27, 2004 5:41 AM To: Tomcat Users List Subject: Re: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root Hi Yan, Now that the VeriSign Global Server ID Intermediate Root cert has expired I have to replace the Intermediate Root cert on the server. There is an example on how to replace the cert on an apache server on their website (and that works fine), but no instructions how to replace it on an standalone tomcat server. Hi, what i did for my local machine(TOMCAT-STANDALONE) was regenerate the certificate with a new date and everything worked fine. it's supposed to be easy. It IS easy when you're using a self-signed cert, but I have to use one from VeriSign and I don't think that I can regenerate the VeriSign cert with a new date :-) JB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Hi, what i did for my local machine(TOMCAT-STANDALONE) was regenerate the certificate with a new date and everything worked fine. it's supposed to be easy. i forgot what i did with the params actually. well, i don't have to worry about it for another 10 years on my local machine now:). -yan -Original Message- From: Jörn Böckenkamp [mailto:[EMAIL PROTECTED] Sent: Thursday, February 26, 2004 5:53 AM To: [EMAIL PROTECTED] Subject: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root Hi there, I'm using Tomcat standalone with SSL and a VeriSign certificate on SUN Solaris 9 and Linux (debian 3.0, 2.4.25). Now that the VeriSign Global Server ID Intermediate Root cert has expired I have to replace the Intermediate Root cert on the server. There is an example on how to replace the cert on an apache server on their website (and that works fine), but no instructions how to replace it on an standalone tomcat server. I don't want users to have to install the new Intermediate Root cert into their Internet Explorer or other browser ... Does anybody now how to solve that? I have already read these pages: https://www.verisign.com/support/site/caReplacement.html http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.html http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html Thx in advance, Joern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Hi there, I'm using Tomcat standalone with SSL and a VeriSign certificate on SUN Solaris 9 and Linux (debian 3.0, 2.4.25). Now that the VeriSign Global Server ID Intermediate Root cert has expired I have to replace the Intermediate Root cert on the server. There is an example on how to replace the cert on an apache server on their website (and that works fine), but no instructions how to replace it on an standalone tomcat server. I don't want users to have to install the new Intermediate Root cert into their Internet Explorer or other browser ... Does anybody now how to solve that? I have already read these pages: https://www.verisign.com/support/site/caReplacement.html http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.html http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html Thx in advance, Joern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with TC 5.0.16
Yes. And, what is more, apparently, Tomcat 5 can use the keystore, now. Maybe a problem with Windows 2000, cured by the reboot (yesterday it didn't work, today it does, computer was switched off overnight...) ;-). However, I've made a few more experiments, and found a snag in TC 5, possibly. Tomcat 5 can use my keystore, but only if the password is changeit, the default password. Now, the docs say, one should use this, but with TC 4.0.6 it was possible to change it. Is the password hard coded in TC 5? Maybe, that's another subject/thread... Thanks! Alex On Mon, 08 Dec 2003 20:42:41 -0500, Ankur Shah [EMAIL PROTECTED] wrote: Are you able to query your keystore (D:\ourwebapp\certificate\keystore) using the specified password from the command-line? For instance, what happens when you do this?: c:\%JAVA_HOME%/bin/keytool -list -keystore D:\ourwebapp\certificate\keystore -storepass yeahsure I just downloaded TC 5.0.16, configured SSL and ran it with no problems, FWIW. Baer Peter Christoph Alexander wrote: Yes, we set keystorePass to what we entered when creating the keystore. Below are the Connectors from our server.xml. Do you see anything wrong, here? Something, that was ok with TC 4.0.6, but is no longer valid for TC 5.0.16? Thanks in advance! Alex snip Connector acceptCount=100 connectionTimeout=3 debug=0 disableUploadTimeout=true enableLookups=true maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8080 redirectPort=8443 scheme=https secure=yes / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector acceptCount=100 debug=0 disableUploadTimeout=true enableLookups=false maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true Factory clientAuth=false keystoreFile=D:\ourwebapp\certificate\keystore keystorePass=yeahsure protocol=TLS / /Connector !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector debug=0 enableLookups=false port=8009 protocol=AJP/1.3 redirectPort=8443 / /snip -Original Message- From: Luc Foisy [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 5:53 PM To: Tomcat Users List Subject: RE: SSL problem with TC 5.0.16 Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2
SSL problem with TC 5.0.16
Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL problem with TC 5.0.16
Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL problem with TC 5.0.16
Yes, we set keystorePass to what we entered when creating the keystore. Below are the Connectors from our server.xml. Do you see anything wrong, here? Something, that was ok with TC 4.0.6, but is no longer valid for TC 5.0.16? Thanks in advance! Alex snip Connector acceptCount=100 connectionTimeout=3 debug=0 disableUploadTimeout=true enableLookups=true maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8080 redirectPort=8443 scheme=https secure=yes / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector acceptCount=100 debug=0 disableUploadTimeout=true enableLookups=false maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true Factory clientAuth=false keystoreFile=D:\ourwebapp\certificate\keystore keystorePass=yeahsure protocol=TLS / /Connector !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector debug=0 enableLookups=false port=8009 protocol=AJP/1.3 redirectPort=8443 / /snip -Original Message- From: Luc Foisy [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 5:53 PM To: Tomcat Users List Subject: RE: SSL problem with TC 5.0.16 Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with TC 5.0.16
Are you able to query your keystore (D:\ourwebapp\certificate\keystore) using the specified password from the command-line? For instance, what happens when you do this?: c:\%JAVA_HOME%/bin/keytool -list -keystore D:\ourwebapp\certificate\keystore -storepass yeahsure I just downloaded TC 5.0.16, configured SSL and ran it with no problems, FWIW. Baer Peter Christoph Alexander wrote: Yes, we set keystorePass to what we entered when creating the keystore. Below are the Connectors from our server.xml. Do you see anything wrong, here? Something, that was ok with TC 4.0.6, but is no longer valid for TC 5.0.16? Thanks in advance! Alex snip Connector acceptCount=100 connectionTimeout=3 debug=0 disableUploadTimeout=true enableLookups=true maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8080 redirectPort=8443 scheme=https secure=yes / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector acceptCount=100 debug=0 disableUploadTimeout=true enableLookups=false maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true Factory clientAuth=false keystoreFile=D:\ourwebapp\certificate\keystore keystorePass=yeahsure protocol=TLS / /Connector !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector debug=0 enableLookups=false port=8009 protocol=AJP/1.3 redirectPort=8443 / /snip -Original Message- From: Luc Foisy [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 5:53 PM To: Tomcat Users List Subject: RE: SSL problem with TC 5.0.16 Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: ssl problem with certain browsers / os versions
Known bug using IE and SSL other than on port 443. Assuming you have used the defaults you will be using SSL on port 8443 for Tomcat and IE won't do the redirect unless you specify https://tomcat:8443/etc. I'll take a guess that your application works fine with Netscape! The easiest solution is to reconfigure your Tomcat to use port 443 for SSL requests and then everything works fine. Otherwise, drop Mr. Gates a line and ask him to get it fixed. Murray -Original Message- From: Dave Beattie [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 November 2003 03:33 To: [EMAIL PROTECTED] Subject: ssl problem with certain browsers / os versions Hi I have a webapp configured to be accessed through an SSL connector and it works when I use an IE6 browser on Windows XP. However, if I try to access the same site from IE6 on NT 4 or Windows 98, something fails in the SSL handshake and I cannot access any of the pages on my site. I installed all the latest OS patches on the clients and then it works fine. However, I cannot rely on all my clients having all the latest OS updates, especially since these older OS machines were perfectly capable of accessing other SSL sites without being updated. Has anyone experienced similar problems,or know what the problem is? I am running tomcat 4.1.29 on linux with Sun's JDK 1.4.2 (although the same problem occurs running Tomcat on NT4) Thanks Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: ssl problem with certain browsers / os versions
Thanks Murray, I didn't know about the bug, however I am using 443 for SSL so that isn't the problem. Does anyone have a tomcat site running SSL which I can attempt to access with my problem browsers? Thanks Dave -Original Message- From: Murray [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2003 11:51 AM To: Tomcat Users List Subject: RE: ssl problem with certain browsers / os versions Known bug using IE and SSL other than on port 443. Assuming you have used the defaults you will be using SSL on port 8443 for Tomcat and IE won't do the redirect unless you specify https://tomcat:8443/etc. I'll take a guess that your application works fine with Netscape! The easiest solution is to reconfigure your Tomcat to use port 443 for SSL requests and then everything works fine. Otherwise, drop Mr. Gates a line and ask him to get it fixed. Murray -Original Message- From: Dave Beattie [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 November 2003 03:33 To: [EMAIL PROTECTED] Subject: ssl problem with certain browsers / os versions Hi I have a webapp configured to be accessed through an SSL connector and it works when I use an IE6 browser on Windows XP. However, if I try to access the same site from IE6 on NT 4 or Windows 98, something fails in the SSL handshake and I cannot access any of the pages on my site. I installed all the latest OS patches on the clients and then it works fine. However, I cannot rely on all my clients having all the latest OS updates, especially since these older OS machines were perfectly capable of accessing other SSL sites without being updated. Has anyone experienced similar problems,or know what the problem is? I am running tomcat 4.1.29 on linux with Sun's JDK 1.4.2 (although the same problem occurs running Tomcat on NT4) Thanks Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ssl problem with certain browsers / os versions
Hi I have a webapp configured to be accessed through an SSL connector and it works when I use an IE6 browser on Windows XP. However, if I try to access the same site from IE6 on NT 4 or Windows 98, something fails in the SSL handshake and I cannot access any of the pages on my site. I installed all the latest OS patches on the clients and then it works fine. However, I cannot rely on all my clients having all the latest OS updates, especially since these older OS machines were perfectly capable of accessing other SSL sites without being updated. Has anyone experienced similar problems,or know what the problem is? I am running tomcat 4.1.29 on linux with Sun's JDK 1.4.2 (although the same problem occurs running Tomcat on NT4) Thanks Dave
RE: ssl problem with Tomcat 4.1.27
Hi I'm using the following connector definition in 4.1.27. Same works well in 4.1.24. Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true" Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" keystoreFile="keystore_location_which_is_generated_from_keytool" keystorePass="changeit" clientAuth="false" protocol="TLS" / /Connector Could you provide some leads? thanks, Naresh -Original Message-From: Yuriy Stul [mailto:[EMAIL PROTECTED]Sent: Wednesday, October 29, 2003 6:28 PMTo: Agarwal, NareshCc: [EMAIL PROTECTED]Subject: RE: ssl problem with Tomcat 4.1.27 Noproblem with SLL in 4.1.27 version, we use 4.1.27 version and SSL. -Original Message-From: Agarwal, Naresh [mailto:[EMAIL PROTECTED]Sent: Tuesday, October 28, 2003 5:11 PMTo: [EMAIL PROTECTED]Subject: ssl problem with Tomcat 4.1.27 Hi I successfully configured Tomcat 4.1.24 (using JDK 1.3) for SSL using keystore generated by keytool and used my webapp over HTTPS. However, when I did the same for Tomcat 4.1.27, I couldaccess my webapp over HTTPSonly twice, but after this, I'm getting the following error: [ERROR] Http11Protocol - -Error reading request, ignored org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.SimpleLog does not implement Logorg.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.SimpleLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:532) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:272) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:246) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:395) at org.apache.tomcat.util.net.jsse.JSSESupport.init(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSE13Factory.getSSLSupport(JSSE13Factory.java:84) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLSupport(JSSEImplementation.java:118) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:385) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619) at java.lang.Thread.run(Thread.java:479) Is there any problem with 4.1.27 version? thanks, Naresh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ssl problem with Tomcat 4.1.27
Hi I successfully configured Tomcat 4.1.24 (using JDK 1.3) for SSL using keystore generated by keytool and used my webapp over HTTPS. However, when I did the same for Tomcat 4.1.27, I couldaccess my webapp over HTTPSonly twice, but after this, I'm getting the following error: [ERROR] Http11Protocol - -Error reading request, ignored org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.SimpleLog does not implement Logorg.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.SimpleLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:532) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:272) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:246) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:395) at org.apache.tomcat.util.net.jsse.JSSESupport.init(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSE13Factory.getSSLSupport(JSSE13Factory.java:84) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLSupport(JSSEImplementation.java:118) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:385) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619) at java.lang.Thread.run(Thread.java:479) Is there any problem with 4.1.27 version? thanks, Naresh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
reposting : ssl problem with Tomcat 4.1.27
Hi I posted this message yesterday. Butit didn't appearin the list, so I'm reposting it. I successfully configured Tomcat 4.1.24 (using JDK 1.3) for SSL using keystore generated by keytool and used my webapp over HTTPS. However, when I did the same for Tomcat 4.1.27, I couldaccess my webapp over HTTPSonly twice, but after this, I'm getting the following error: [ERROR] Http11Protocol - -Error reading request, ignored org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.SimpleLog does not implement Logorg.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.SimpleLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:532) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:272) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:246) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:395) at org.apache.tomcat.util.net.jsse.JSSESupport.init(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSE13Factory.getSSLSupport(JSSE13Factory.java:84) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLSupport(JSSEImplementation.java:118) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:385) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619) at java.lang.Thread.run(Thread.java:479) Is there any problem with 4.1.27 version? thanks, Naresh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: ssl problem with Tomcat 4.1.27
No problem with SLL in 4.1.27 version, we use 4.1.27 version and SSL. -Original Message- From: Agarwal, Naresh [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 5:11 PM To: [EMAIL PROTECTED] Subject: ssl problem with Tomcat 4.1.27 Hi I successfully configured Tomcat 4.1.24 (using JDK 1.3) for SSL using keystore generated by keytool and used my webapp over HTTPS. However, when I did the same for Tomcat 4.1.27, I could access my webapp over HTTPS only twice, but after this, I'm getting the following error: [ERROR] Http11Protocol - -Error reading request, ignored org.apache.commons.log ging.LogConfigurationException: org.apache.commons.logging.LogConfigurationExcep tion: org.apache.commons.logging.LogConfigurationException: Class org.apache.com mons.logging.impl.SimpleLog does not implement Logorg.apache.commons.logging.Lo gConfigurationException: org.apache.commons.logging.LogConfigurationException: o rg.apache.commons.logging.LogConfigurationException: Class org.apache.commons.lo gging.impl.SimpleLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactory Impl.java:532) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactory Impl.java:272) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactory Impl.java:246) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:395) at org.apache.tomcat.util.net.jsse.JSSESupport.init(JSSESupport.java:8 7) at org.apache.tomcat.util.net.jsse.JSSE13Factory.getSSLSupport(JSSE13Fac tory.java:84) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLSupport(JSSE Implementation.java:118) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce ssConnection(Http11Protocol.java:385) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :565) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:619) at java.lang.Thread.run(Thread.java:479) Is there any problem with 4.1.27 version? thanks, Naresh
SSL problem URGENT!!!!!!!!!
I have question. when i use socket connect to ssl supported web server if
successfully connected and can get http response.
However use URL cant get http response. what happened?
import java.net.*;
import javax.net.*;
import javax.net.ssl.*;
import java.io.*;
public class ReadHttpsURL1 {
static final int HTTPS_PORT = 443;
public static void main(String argv[]) throws Exception {
System.setProperty(javax.net.ssl.trustStore,
D:/j2sdk1.4.1/bin/truststore);
// Get a Socket factory
SocketFactory factory = SSLSocketFactory.getDefault();
// Get Socket from factory
Socket socket = factory.createSocket(192.168.0.198, HTTPS_PORT);
BufferedWriter out = new BufferedWriter(new
OutputStreamWriter(socket.getOutputStream()));
BufferedReader in = new BufferedReader(
new InputStreamReader(socket.getInputStream()));
out.write(GET /main.html HTTP/1.0\n\n);
out.flush();
String line;
StringBuffer sb = new StringBuffer();
while((line = in.readLine()) != null) {
sb.append(line+\r\n);
}
out.close();
in.close();
System.out.println(sb.toString());
}
}
import java.net.*;
import java.io.*;
public class ReadHttpsURL2 {
public static void main(String argv[]) throws Exception {
System.setProperty(javax.net.ssl.trustStore,
D:/j2sdk1.4.1/bin/truststore);
URL url = new URL(https://192.168.0.198/main.html;);
BufferedReader in = new BufferedReader(new InputStreamReader(
url.openStream()));
String line;
StringBuffer sb = new StringBuffer();
while ((line = in.readLine()) != null) {
sb.append(line);
}
in.close();
System.out.println(sb.toString());
}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem URGENT!!!!!!!!!
Galbayar, I'm pretty sure the desire to reply to posts is inversely proportional to the number of trailing exclamation points in the subject line. Also note that this problem does not sound urgent in the slightest. I have question. when i use socket connect to ssl supported web server if successfully connected and can get http response. However use URL cant get http response. I think you'll have better luck using a URLConnection (see java.net.URL.connect()) with a https URL. what happened? What *did* happen? What do you mean can't get http response? Did it crash? Did it wait forever for the connection? Did it fail with a timeout? Did it give you a connection refused? Did your computer catch fire? Did the server respond I'm sorry, Dave, I can't do that? If so, I think you've got bigger problems. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL problem
Hi there. I found this e-address as I was searching the internet for a solution to my problem, and found a site that had a mail to this address, so I thought I tried it. I'm having a problem with SSL in Tomcat 4.1 (I'm using jdk 1.4.1) I have achieved to see my pages through SSL, I already managed to force some pages to be seen only under SSL even if I type the 8080 port, by adding this to my web.xml file: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/intro.jsp/url-pattern url-pattern/signup.jsp/url-pattern /web-resource-collection /security-constraint The problem is that after the first SSL page is shown (through the port 8443) every other page is under SSL. I don't want that. Is there any way I can tell to Tomcat These pages should not be under SSL!!! Thank you very much for your time. Tony PS: I don't know where exactly I'm supposed to see the answer, if it's going to be in a mailing list or something. I hope I'll get an e-mail too Thanks a lot __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem
Jan, No, I haven't got anywhere yet with this. I have taken a look at the suggested pkcs12 http://www.openssl.org/docs/apps/pkcs12.html but that hasn't broght me that much further. I'll let you know if I find a solution, and, please, do likewise - surely I wouldn't to buy a new certificate. Giulia =Are you getting somewhere with this issue ? I have the same problem ( I =need to use =the certificate that was previously on Apache ) and I'm at the dead end =s =of now, =hoping for a response from this list. Yes or No would do also, but no =response yet. :(( =Jf On Tue, 1 Apr 2003, Giulia Hill wrote: Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache. this is what I have done % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have Thank for your suggestions, Giulia Giulia Hill Programmer/Analyst Library Systems Office University of California at Berkeley 386 Doe Annex Berkeley, CA 94720 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem
It sounds to me like you are trying to generate a ney key pair with keytool and then use your existing certificate with that key pair. Based on my understanding of the certificate process, that won't work. Here is a very simplified view of what happens when you create a cert. 1. You (or your webserver) generate a public/private key pair. 2. You create a certificate request for a particular domain name using the keys you generated in step 1. This certificate contains the public key info. 3. You send the cert request off to a CA (like Verisign or Thawte) and they sign your certificate request using _their_ key. At this point the CA is stating that you are who your cert says you are. 4. You then import the CA-signed certificate into your keystore (or webserver). Clients (browsers, etc.) will accept your certificate because they accept the root CA who signed your certificate. So if you generate a new keypair, the new pair won't have _squat_ to do with the pair that was used when your had your first certificate created. My understanding is that in order to re-use your existing certs, you will need to be able to create a java keystore from your existing private key and signed certificate. The cert you can export and then re-import into a java keystore created via keytool, but I don't think (could be wrong) keytool allows you to import a keypair from an external source. You might could write some java code to do this but it would be beyond me. Two options... explain to verisign your situation and see if they will re-issue the cert for a new key-pair. Or if you do have to buy a new cert you might be able to get better prices from another CA. We are using Thawte certificates with our tomcat SSL keystores. Daniel On 3 April 2003, Giulia Hill wrote: Jan, No, I haven't got anywhere yet with this. I have taken a look at the suggested pkcs12 http://www.openssl.org/docs/apps/pkcs12.html but that hasn't broght me that much further. I'll let you know if I find a solution, and, please, do likewise - surely I wouldn't to buy a new certificate. Giulia =Are you getting somewhere with this issue ? I have the same problem ( I =need to use =the certificate that was previously on Apache ) and I'm at the dead end =s =of now, =hoping for a response from this list. Yes or No would do also, but no =response yet. :(( =Jf On Tue, 1 Apr 2003, Giulia Hill wrote: Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache. this is what I have done % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file ver isign.crt However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have Thank for your suggestions, Giulia Giulia Hill Programmer/Analyst Library Systems Office University of California at Berkeley 386 Doe Annex Berkeley, CA 94720 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL problem
Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache. this is what I have done % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have Thank for your suggestions, Giulia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem
Are you getting somewhere with this issue ? I have the same problem ( I need to use the certificate that was previously on Apache ) and I'm at the dead end as of now, hoping for a response from this list. Yes or No would do also, but no response yet. :(( Jf On Tue, 1 Apr 2003 15:45:49 -0800 (PST) Giulia Hill [EMAIL PROTECTED] wrote: Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache. this is what I have done % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have Thank for your suggestions, Giulia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jan Fetyko ScriptFighter Phase 2 Development 4100 Perimeter Center, #310 Oklahoma City OK 73112 email: [EMAIL PROTECTED] (p) 405.917.3777 (p) direct line: 405.917.3779 (url) http://www.phase2online.com Oklahoma City's fastest growing web development company Today's fortune: Kirk to Enterprise -- beam down yeoman Rand and a six-pack. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem
I ended up using a pkcs12 file instead of a java keystore. Not sure if this helps, but it looks like you are using openssl, so you should be able to use the openssl command line tools. Giulia Hill wrote: Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache. this is what I have done % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have Thank for your suggestions, Giulia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem
Sorry for the dump question but what is pkcs12 ? And how did you use the certification files with that ? Jf On Wed, 02 Apr 2003 10:34:34 -0500 Mark W. Webb [EMAIL PROTECTED] wrote: I ended up using a pkcs12 file instead of a java keystore. Not sure if this helps, but it looks like you are using openssl, so you should be able to use the openssl command line tools. Giulia Hill wrote: Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache. this is what I have done % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have Thank for your suggestions, Giulia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jan Fetyko ScriptFighter Phase 2 Development 4100 Perimeter Center, #310 Oklahoma City OK 73112 email: [EMAIL PROTECTED] (p) 405.917.3777 (p) direct line: 405.917.3779 (url) http://www.phase2online.com Oklahoma City's fastest growing web development company Today's fortune: Kirk to Enterprise -- beam down yeoman Rand and a six-pack. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem
PKCS12 is a certificate storage file type. look at openssl pkcs12 Jan Fetyko wrote: Sorry for the dump question but what is pkcs12 ? And how did you use the certification files with that ? Jf On Wed, 02 Apr 2003 10:34:34 -0500 Mark W. Webb [EMAIL PROTECTED] wrote: I ended up using a pkcs12 file instead of a java keystore. Not sure if this helps, but it looks like you are using openssl, so you should be able to use the openssl command line tools. Giulia Hill wrote: Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache. this is what I have done % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have Thank for your suggestions, Giulia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jan Fetyko ScriptFighter Phase 2 Development 4100 Perimeter Center, #310 Oklahoma City OK 73112 email: [EMAIL PROTECTED] (p) 405.917.3777 (p) direct line: 405.917.3779 (url) http://www.phase2online.com Oklahoma City's fastest growing web development company Today's fortune: Kirk to Enterprise -- beam down yeoman Rand and a six-pack. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL Problem
Hi, I'm in the process of moving our standalone Tomcat server from windows to Linux. I am running 4.1.18 on both. On windows everything is working as expected. However, I am having trouble getting the SSL to work on Linux. When I initially install tomcat and setup SSL, it works. Then after some amount of time or some event (I don't know which) it fails. Specifically, it fails when the browser tries to access a page via HTTPS (HTTP works fine.) In IE, I get a page cannot be displayed page. In Netscape (7.x) I get server has received an incorrect or unexpected message. Error Code: -12227 error. Researching Error Code: -12227 leads one to believe the server is expecting client side authentication. In my SSL connector, I have clientAuth=false. My log files don't indicate any errors and the connectors appear to be starting up fine. Any help figuring out what the problem is would be much appreciated. Here are the specs on my server: Server: Apache Tomcat/4.1.18-LE-jdk14 JVM: (Sun) 1.4.1_01-b01 Linux: 2.4.18-64GB-SMP Greg Strobl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL problem
Hi All, I tried to create a keystore using the instructions for Tomcat in a UNIX environment: keytool -genkey -alias tomcat -keyalg RSA I changed the password from changeit. I updated the SSL connector in server.xml adding: keystorePass=mynewpassword After restarting the server catalina.out contained exceptions stating that the keystore password was incorrect or that the keystore file was tampered with. After adding the keystoreFile attribute to the SSL connector and trying other combinations I eventually gave up and deleted the keystore file intending to redo the entire keytool process. I've been unable to redo the keytool command: keytool -genkey -alias tomcat -keyalg RSA The original password changeit doesn't work, and neither does the new one I used. I keep receiving the following error: keytool error: KeyPairGenerator not available What can I do to solve this problem? Any help is appreciated. Thanks, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: SSL problem
hi, Rodrigo. There are several debug steps that you should follow.. First of all, when you start your tomcat server, is there any error on start process on it? If there are error, then you should first come around the generated error. Probably it can be the default location of the .keystore file... or something like that. If you can turn on your Tomcat web server... you can probably have problems related to the port number... port conflicts. you can change your port... to see what happens! There are also several scenarios,, for example... are you running your Tomcat as your primary web server??? or just a Servlet/JSP container? Hope, this help you! From: Rodrigo Videschi Reply-To: Tomcat Users List To: [EMAIL PROTECTED] Subject: Re: SSL problem Date: Sun, 01 Dec 2002 02:15:52 -0200 Ol? staff, I am trying to make configuration of the TomCat with SSL but I am not obtaining, I followed all the steps that were in the manual of the TomCat: To generate serverkey, clientkey..., all with keytool and in the end I decomento the lines of server.xml that they deal with the SSL, but unhappyly no functions. Please you they could help me? Rodrigo Videschi [EMAIL PROTECTED] Analista JAVA SIOUX Tecnologia _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br -- To unsubscribe, e-mail: For additional commands, e-mail:
Re: SSL problem
Ol? staff, I am trying to make configuration of the TomCat with SSL but I am not obtaining, I followed all the steps that were in the manual of the TomCat: To generate serverkey, clientkey..., all with keytool and in the end I decomento the lines of server.xml that they deal with the SSL, but unhappyly no functions. Please you they could help me? Rodrigo Videschi [EMAIL PROTECTED] Analista JAVA SIOUX Tecnologia _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: SSL problem
what errors are you getting ? check log file for that Rodrigo Videschi wrote: Ol? staff, I am trying to make configuration of the TomCat with SSL but I am not obtaining, I followed all the steps that were in the manual of the TomCat: To generate serverkey, clientkey..., all with keytool and in the end I decomento the lines of server.xml that they deal with the SSL, but unhappyly no functions. Please you they could help me? Rodrigo Videschi [EMAIL PROTECTED] Analista JAVA SIOUX Tecnologia _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
SSL problem
I have created my certificate using keytool... After it, i uncommented the lines in the server.xml and all that stuff. When i tried using 127.0.0.1 (https://127.0.0.1:8443/) it functions okay... The problem is that... as soon as i am in a network, if i use the ip address of my computer... if i try to use it... it doesn't appear anything. There's anything on the browser... actually it appears the lock (in IE 5.5 in the bottom-rigth corner)... but immediately. just as a blink! afterwards, anything happends. If i use the ip address and as a non-SSL (http://127.0.0.1:8080/),, it functions properly. Could anyone help me??? i have no idea what this is happening.
RE: SSL problem
Could it be a firewall problem in the network? Port 8443 is not too common. Some admins might block it. Try to change port to 443 to find out if it's a protocol or a port problem. -Original Message- From: Gabriel Enriquez Perez [mailto:[EMAIL PROTECTED]] Sent: Freitag, 29. November 2002 17:53 To: '[EMAIL PROTECTED]' Subject: SSL problem I have created my certificate using keytool... After it, i uncommented the lines in the server.xml and all that stuff. When i tried using 127.0.0.1 (https://127.0.0.1:8443/) it functions okay... The problem is that... as soon as i am in a network, if i use the ip address of my computer... if i try to use it... it doesn't appear anything. There's anything on the browser... actually it appears the lock (in IE 5.5 in the bottom-rigth corner)... but immediately. just as a blink! afterwards, anything happends. If i use the ip address and as a non-SSL (http://127.0.0.1:8080/),, it functions properly. Could anyone help me??? i have no idea what this is happening. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat-Apache-SSL problem
Hello, I am having a problem accessing my webapps using https protocol. My server conf is: Tomcat 4.0.5 + Apache 1.3.26 + mod_jk 1.2 + mod_ssl https works if I access static pages like https://myhost/manual/index.html, but does not work with my webapp (https://myhost/mywebapp/index.jsp). However, http works with my webapp (http://myhost/mywebapp/index.jsp). I tried mod_jk.so compiled by myself and the one from jakarta website (http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.0/bin/linux/i386/mod_jk-1.3-eapi.so) with mod_ssl, neither worked. Could someone give me a hint of what's going on, and how to fix this? Thanks a lot Haixi _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat-Apache-SSL problem
Assuming you're using VirtualHost, do you specify the right JkMount paths in VirtualHost sections in your Apache that serve the secure port? d. haixi liu wrote: Hello, I am having a problem accessing my webapps using https protocol. My server conf is: Tomcat 4.0.5 + Apache 1.3.26 + mod_jk 1.2 + mod_ssl https works if I access static pages like https://myhost/manual/index.html, but does not work with my webapp (https://myhost/mywebapp/index.jsp). However, http works with my webapp (http://myhost/mywebapp/index.jsp). I tried mod_jk.so compiled by myself and the one from jakarta website (http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.0/bin/linux/i386/mod_jk-1.3-eapi.so) with mod_ssl, neither worked. Could someone give me a hint of what's going on, and how to fix this? Thanks a lot Haixi _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- David Mossakowski [EMAIL PROTECTED] Instinet Corporation 212.310.7275 Disclaimer This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and/or CONFIDENTIAL or both. This email is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this email is not an intended recipient, you have received this email in error and any review, dissemination, distribution or copying is strictly prohibited. If you have received this email in error, please notify the sender immediately by return mail and permanently deleting the copy you received. Thank you. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat-Apache-SSL problem
David, No, I did not. I am using the auto config file generated by Tomcat from $CATALINA_HOME/conf/jk/workers.properties. In my http.conf, I just have this line: Include /usr/local/tomcat/conf/auto/mod_jk.conf I think that's the reason why the http works but https doesn't work. I looked at the VirtualHost _default_:443 portion of my http.conf, but don't know how to add those paths in there. I tried to paste the content of my $CATALINA_HOME/conf/auto/mod_jk.conf into the virtualhost directory, but it did not work. Would you please give me several simple sample lines? Thanks a lot Assuming you're using VirtualHost, do you specify the right JkMount paths in VirtualHost sections in your Apache that serve the secure port? _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat-Apache-SSL problem
Got it to work. Thanks From: haixi liu [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Tomcat-Apache-SSL problem Date: Fri, 04 Oct 2002 17:25:20 + David, No, I did not. I am using the auto config file generated by Tomcat from $CATALINA_HOME/conf/jk/workers.properties. In my http.conf, I just have this line: Include /usr/local/tomcat/conf/auto/mod_jk.conf I think that's the reason why the http works but https doesn't work. I looked at the VirtualHost _default_:443 portion of my http.conf, but don't know how to add those paths in there. I tried to paste the content of my $CATALINA_HOME/conf/auto/mod_jk.conf into the virtualhost directory, but it did not work. Would you please give me several simple sample lines? Thanks a lot Assuming you're using VirtualHost, do you specify the right JkMount paths in VirtualHost sections in your Apache that serve the secure port? _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Can anyone help with an SSL problem?
Dear All, Can anyone offer some advice - sorry to keep asking, but so far I've had no reply :-( I am using ISAPI redirector to serve JSP/servlet resources through IIS I would like some contexts to _require_ SSL (https) to be used, and leave others free to use http. I am able require _all_ contexts to use SSL by setting 'require secure channel' for the jakarta virtual directory under IIS. BUT What I want to do is require SSL at a _context_ level Can someone show me how to do this, perhaps using workers.properties or uriworkermap.properties or the like? I did think of setting secure=true on the ajp13 connnector, but that just tells effectively tells me that that connector has been used, not whether the original request used SSL - in other words I ALWAYS get isSecure() = whatever was set for the connector in server.xml An idea I had was to have more than one 'jakarta' virtual directory, one requiring SSL, the other not, but then I'm guessing the ISAPI filter uses the same Registry entry, so I couldn't specify a different extension_uri to get to it ?? Is this the right thinking?? Is there a way round this? Any other general advice - except don't use IIS (I have no choice for this project!) - would be welcome. Christopher -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
ssl problem
Hello - jakarta-tomcat 4.0.4 jdk1.3.1_04 jsse1.0.3 I get this in the log on startup: java.lang.SecurityException: class javax.security.cert.CertificateException's signer information does not match signer information of other classes in the same package at java.lang.ClassLoader.checkCerts(ClassLoader.java:554) at java.lang.ClassLoader.defineClass(ClassLoader.java:482) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:106) at java.net.URLClassLoader.defineClass(URLClassLoader.java:243) at java.net.URLClassLoader.access$100(URLClassLoader.java:51) at java.net.URLClassLoader$1.run(URLClassLoader.java:190) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:183) at java.lang.ClassLoader.loadClass(ClassLoader.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:250) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:310) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.init(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(DashoA6275) at org.apache.catalina.connector.http.HttpConnector.run(HttpConnector.java:993) at java.lang.Thread.run(Thread.java:479) I've googled my brain to death. what am I doing wrong here? Probably something simple. Thanks for your help. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
SSL problem
Hi, I am using the Tomcat 4.0.1 and have the problem about SSL. I have setup the SSL in one machine and it works no problem. But when I tried to deploy it to another machine, it just did not work. The Tomcat just won't start, it quits very quickly whenever I tried to start it. But if I comment out the SSL part in server.xml everything is fine. Here is what I got: LifecycleException: Container StandardContext[/czone2] has not been started at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1147) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:3440) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3397) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardHost.start(StandardHost.java:612) Would anyone knows how to deal with this? Any help would be much appreciated! Have a good day! Joe __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Please Help!! SSL problem
Dear all, I have set the JSSE_HOME already and used catalina run to startup the tomcat. There are no error message to startup , but when I try to access the servlet and execute them, they show the following errors: java.lang.NoSuchMethodError at org.apache.catalina.connector.ResponseStream.flush(ResponseStream.java:244) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:245) at java.io.PrintWriter.flush(PrintWriter.java:120) at org.apache.catalina.connector.ResponseWriter.flush(ResponseWriter.java:125) at org.apache.catalina.connector.ResponseBase.finishResponse(ResponseBase.java: 481) at org.apache.catalina.connector.HttpResponseBase.finishResponse(HttpResponseBa se.java:229) at org.apache.catalina.connector.http.HttpResponseImpl.finishResponse(HttpRespo nseImpl.java:288) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java: 1038) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106 ) at java.lang.Thread.run(Thread.java:484) When I use the startup from the Startup menu of window, it simply jump out and cannot start the tomcat. Please help!!! Thank you very much Ann Lee - Original Message - From: Heather Samsel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, April 13, 2002 4:34 AM Subject: Please Help!! SSL problem Ann, I just saw your email on Tomcat list serve. Two things to tell you (I just solved the same problem). 1. set the environment variable JSEE_HOME this will solve your problem. example: set JSSE_HOME=D:\jsse1.0.2 2. Instead of startup try catalina run so that you can see any errors that occur in the start up. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Please Help!! SSL problem
Dear all, After i have installed the SSL on my tomcat 4.0 on window 2000, the tomcat cannot start . Could anybody give me some idea how to fix it? It throws NoSuchMethodException. I am really frustrated with it because it is a final year project and is going to be handed in next week. I am posting it for the 3rd times because the previous posts were not answered. Please help me, I am desperate. Thank you!! Ann Lee
Re: Please Help!! SSL problem
Hi there, What algorithm was your key created with? WHat's the full error message please? Cheers, Ann wrote: Dear all, After i have installed the SSL on my tomcat 4.0 on window 2000, the tomcat cannot start . Could anybody give me some idea how to fix it? It throws NoSuchMethodException. I am really frustrated with it because it is a final year project and is going to be handed in next week. I am posting it for the 3rd times because the previous posts were not answered. Please help me, I am desperate. Thank you!! Ann Lee -- Jason Barr Vendor Manager Thawte Tech Support www.thawte.com/cgi/support/contents.exe smime.p7s Description: S/MIME Cryptographic Signature
RE: Please Help!! SSL problem
Did you follow all the directions in the SSL HowTo exactly: You need to provide more detail on the error. What is the full stack trace with the error message. Look in the logs in the log directory and note any messages that occur that may be connected with the problem. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
SSL problem, UnrecoverableKeyException
Hi, guys. I am runing Tomcat 4.0 on Windows 2000 Server and JDK 1.4. Followed Tomcat HOWTO-SSL document to setup ssl. After using keytool to create a key and modify the server.xml file, I restart tomcat. I am sure tomcat can find the .keystore and password is correct. I met the error message on stdout.log, and it said like below. Anyone can help? Thanks, Juguang. Create Catalina server initProxy: java.security.UnrecoverableKeyException: Cannot recover key java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:301) at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:103) at java.security.KeyStore.getKey(KeyStore.java:289) at com.sun.net.ssl.internal.ssl.X509KeyManagerImpl.init(DashoA6275) Catalina.start: LifecycleException: null.open: java.io.IOException: java.security.UnrecoverableKeyException: Cannot recover key LifecycleException: null.open: java.io.IOException: java.security.UnrecoverableKeyException: Cannot recover key at org.apache.catalina.connector.http.HttpConnector.initialize(HttpConnector.ja va:1130) at org.apache.catalina.core.StandardService.initialize(StandardService.java:454 ) -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomcat4.0.2 with Apache SSL problem
Hi again. I want to know if it's posible to recover a client certificate in a servlet when is running Apache-2.0 with tomcat-4.0.2 and mod_webapp. I need to obtain this and I don't know how. There's any information in Jakarta Home Page. Cheers, Gabi. -- - Gabriel Lopez Millan - Grupo ANTS-CIRCuS Facultad de Informática Universidad de Murcia (España) Tfo: +34 968367645 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
[Fwd: Tomcat4.0.2 with Apache SSL problem]
I have read several email with the same problem. Please. Can I obtain SSL client certificate in my servlet with mod_webapp? Thank, Gabi. Original Message Subject: Tomcat4.0.2 with Apache SSL problem Date: Wed, 13 Mar 2002 10:52:30 +0100 From: Gabriel López Millán [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Hi again. I want to know if it's posible to recover a client certificate in a servlet when is running Apache-2.0 with tomcat-4.0.2 and mod_webapp. I need to obtain this and I don't know how. There's any information in Jakarta Home Page. Cheers, Gabi. -- - Gabriel Lopez Millan - Grupo ANTS-CIRCuS Facultad de Informática Universidad de Murcia (España) Tfo: +34 968367645 -- To unsubscribe: For additional commands: Troubles with the list: -- - Gabriel Lopez Millan - Grupo ANTS-CIRCuS Facultad de Informática Universidad de Murcia (España) Tfo: +34 968367645
SSL Problem
Hi, I've installed Tomcat 4.0.3 on my system running redhat-7.2, I've also created a CA using openssl to test Tomcat-ssl. I've generated a key and certreq as well using the using java keytool with the default changeit pwd. Well, after signing the certreq with openssl and importing it to the keystore, tomcat won't allow me to connect to 443. I don't know what happens as there is no information about What's going on. I have also turned on debugging on the SSL-connector but there is no debug-info whatsoever. Please HELP!!! - Alf Scherer| | CarrotMEDIA GmbH | Saegewerkstr. 3| Q: What is a programmer? 83395 Freilassing | A: A bio-chemical machine, turning Germany, EU|coffee into lines of code - -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: SSL Problem
hi. did you change the configuration in server.xml? You need to uncomment the section like this just checking. !-- Define an SSL HTTP/1.1 Connector on port 8443 -- !-- Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- ChrisC -Original Message- From: Alf Scherer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 6:13 PM To: [EMAIL PROTECTED] Subject: SSL Problem Hi, I've installed Tomcat 4.0.3 on my system running redhat-7.2, I've also created a CA using openssl to test Tomcat-ssl. I've generated a key and certreq as well using the using java keytool with the default changeit pwd. Well, after signing the certreq with openssl and importing it to the keystore, tomcat won't allow me to connect to 443. I don't know what happens as there is no information about What's going on. I have also turned on debugging on the SSL-connector but there is no debug-info whatsoever. Please HELP!!! - Alf Scherer| | CarrotMEDIA GmbH | Saegewerkstr. 3| Q: What is a programmer? 83395 Freilassing | A: A bio-chemical machine, turning Germany, EU|coffee into lines of code - -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: SSL Problem
Well, Yes that's what I already did, I've also added the keystoreFile attribute because I have put the keystore file under common/ssl. The strange thing about it is: it works when using a certifcate that was created using the keytool -selfcert option. -Original Message- From: Chris Campbell [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 11:09 AM To: 'Tomcat Users List' Subject: RE: SSL Problem hi. did you change the configuration in server.xml? You need to uncomment the section like this just checking. !-- Define an SSL HTTP/1.1 Connector on port 8443 -- !-- Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- ChrisC -Original Message- From: Alf Scherer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 6:13 PM To: [EMAIL PROTECTED] Subject: SSL Problem Hi, I've installed Tomcat 4.0.3 on my system running redhat-7.2, I've also created a CA using openssl to test Tomcat-ssl. I've generated a key and certreq as well using the using java keytool with the default changeit pwd. Well, after signing the certreq with openssl and importing it to the keystore, tomcat won't allow me to connect to 443. I don't know what happens as there is no information about What's going on. I have also turned on debugging on the SSL-connector but there is no debug-info whatsoever. Please HELP!!! - Alf Scherer| | CarrotMEDIA GmbH | Saegewerkstr. 3| Q: What is a programmer? 83395 Freilassing | A: A bio-chemical machine, turning Germany, EU|coffee into lines of code - -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Http Session over SSL - Problem solved by pure luck
Problem solved by pure luck:
If on the client side, I remove the conn.disconnect(); statement (right
after in.close();) it seems that the ssl client uses the same sslsession
obtained by the first connection and the server does not create new http
sessions.
seven.
- Original Message -
From: Horia Muntean [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 12, 2002 3:34 PM
Subject: Http Session over SSL
Hello to all.
I have a problem with session tracking when I use secure connections:
This is the scenario:
On the server side, I have Slackware 8.0, with tomcat-4.0.3, apache 1.3.20
and a simple servlet witch does only one thing:
public void doPost(HttpServletRequest request, HttpServletResponse
response) throws IOException, ServletException {
HttpSession session = request.getSession();
if(session.isNew()) log(this is a new session:+session.getId());
ObjectInputStream in = new ObjectInputStream(request.getInputStream());
ObjectOutputStream out = new
ObjectOutputStream(response.getOutputStream());
Object message = null;
try {
message = in.readObject();
out.writeObject(message);
out.flush();
} catch (Exception e) {
e.printStackTrace();
}finally{
in.close();
out.close();
}
}
On the client side, i use HttpConnection in order to connect to this
servlet:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty(java.protocol.handler.pkgs,com.sun.net.ssl.internal.ww
w.protocol);
String target = http://myserver/access/AccessServlet;;
HttpURLConnection conn = (HttpURLConnection)new
URL(target).openConnection();
if(sessionId != null) {
conn.setRequestProperty(Cookie, sessionId);
}
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setUseCaches(false);
ObjectOutputStream out = new ObjectOutputStream(conn.getOutputStream());
out.writeObject(null);
out.flush();
out.close();
String cookie = conn.getHeaderField(Set-cookie);
if (cookie != null) {
int semicolon = cookie.indexOf(';');
sessionId = cookie.substring(0, semicolon);
}
ObjectInputStream in = new ObjectInputStream(conn.getInputStream());
Object response = in.readObject();
in.close();
conn.disconnect();
***NOTE: sessionId is a string used to keep a session id once it is returned
by the first connection to the server;
If I am using http protocol, everything works fine.
If I use https protocos, the PROBLEM ocurs: sometimes, the server
instantiates a NEW HttpSession and sends it back to the client even if the
request from the client is set-up (via conn.setRequestProperty(Cookie,
sessionId);) with the right session id.
The problem is happening no matter what kind of connection I use (direct to
tomcat configured with a SSL connector, or using apache+mod_ssl+mod_jk ).
The problem apears to depend of the j2se I use on the client side 'cause if
I use j2se1.4.0 the problem dissapears (but here I have a poor performance -
inacceptable - I have to wait 5-6 seconds until i have a response).
The problem stays with j2se1.3.1+jsse1.0.2
IMHO, the catalina container, creates a new httpsession if the user
connected via https uses a new sslsession. So, I can't overcome this
problem, 'cause I can't force the client to use the same sslsession
negotiated after the first connection.
Any ideeas?
Gtreetings,
seven
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
RE: SSL Problem
Finally I found the root of the problem: i forgot to specify the -keyalg RSA option. Thanks anyway! p.s.: this was a typical RTFM issue -Original Message- From: Alf Scherer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 5:38 PM To: 'Tomcat Users List' Subject: RE: SSL Problem Well, Yes that's what I already did, I've also added the keystoreFile attribute because I have put the keystore file under common/ssl. The strange thing about it is: it works when using a certifcate that was created using the keytool -selfcert option. -Original Message- From: Chris Campbell [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 11:09 AM To: 'Tomcat Users List' Subject: RE: SSL Problem hi. did you change the configuration in server.xml? You need to uncomment the section like this just checking. !-- Define an SSL HTTP/1.1 Connector on port 8443 -- !-- Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- ChrisC -Original Message- From: Alf Scherer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 6:13 PM To: [EMAIL PROTECTED] Subject: SSL Problem Hi, I've installed Tomcat 4.0.3 on my system running redhat-7.2, I've also created a CA using openssl to test Tomcat-ssl. I've generated a key and certreq as well using the using java keytool with the default changeit pwd. Well, after signing the certreq with openssl and importing it to the keystore, tomcat won't allow me to connect to 443. I don't know what happens as there is no information about What's going on. I have also turned on debugging on the SSL-connector but there is no debug-info whatsoever. Please HELP!!! - Alf Scherer| | CarrotMEDIA GmbH | Saegewerkstr. 3| Q: What is a programmer? 83395 Freilassing | A: A bio-chemical machine, turning Germany, EU|coffee into lines of code - -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomcast + SSL -- Problem
Hello, Im on a Linux machine (Red Hat), with Tomcat 3.3a, J2SDK 1.4.0 (with JSSE). I configured Tomcat like described on http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html When I run tomcat, SSL socket factory is set, but at the line (Http10Interceptor : Starting on 8080) I get the following exception : Java.lang.reflect.InvocationTargetException:java.lang.noSuchMethodError At com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275) At com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.init( DashoA6275) At com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl.engineInit( DashoA6275) Etc Please, help me I cant solve that problem. Benjamin Fonzé.
RE: SSL problem with tomcat 4.0.2
In my experience, Tomcat cannot actually rely on any keystore except the default one, which on W2K seems to appear as C:\\Documents and Settings\\YOURUSERNAME\\.keystore HTH, Scott -Original Message- From: Xue-Feng Yang [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 2:25 PM To: Tomcat Users List Subject: SSL problem with tomcat 4.0.2 Hi, OS: win2k JDK: 1.3.1 TOMCAT: 4.0.2 server.xml Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false keystoreFile=C:/_work/jsse1.0.2/samples/jssecacerts keystorePass=eontecStorePasswd protocol=TLS/ /Connector After startup and look at https://localhost:8443 The page cannot be displayed. There are no prints out. But in the apache_log.2002-02-20 file, I find 2002-02-20 13:59:22 [org.apache.catalina.connector.warp.WarpConnector] Error accepting requests java.net.SocketException: socket closed at java.net.PlainSocketImpl.socketAccept(Native Method) at java.net.PlainSocketImpl.accept(PlainSocketImpl.java:424) at java.net.ServerSocket.implAccept(ServerSocket.java:246) at java.net.ServerSocket.accept(ServerSocket.java:225) at org.apache.catalina.connector.warp.WarpConnector.run(WarpConne ctor.java:590) at java.lang.Thread.run(Thread.java:484) Any idea? Thanks __ Web-hosting solutions for home and business! http://website.yahoo.ca -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: SSL problem with tomcat 4.0.2
It looks that I get some prograss. I made a new .keystore in the default dir, as you mentioned. This time I didn't see the new error message in log file, but the page still The page cannot be displayed. Any more suggestions. --- Scott Shorter [EMAIL PROTECTED] wrote: In my experience, Tomcat cannot actually rely on any keystore except the default one, which on W2K seems to appear as C:\\Documents and Settings\\YOURUSERNAME\\.keystore HTH, Scott -Original Message- From: Xue-Feng Yang [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 2:25 PM To: Tomcat Users List Subject: SSL problem with tomcat 4.0.2 Hi, OS: win2k JDK: 1.3.1 TOMCAT: 4.0.2 server.xml Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false keystoreFile=C:/_work/jsse1.0.2/samples/jssecacerts keystorePass=eontecStorePasswd protocol=TLS/ /Connector After startup and look at https://localhost:8443 The page cannot be displayed. There are no prints out. But in the apache_log.2002-02-20 file, I find 2002-02-20 13:59:22 [org.apache.catalina.connector.warp.WarpConnector] Error accepting requests java.net.SocketException: socket closed at java.net.PlainSocketImpl.socketAccept(Native Method) at java.net.PlainSocketImpl.accept(PlainSocketImpl.java:424) at java.net.ServerSocket.implAccept(ServerSocket.java:246) at java.net.ServerSocket.accept(ServerSocket.java:225) at org.apache.catalina.connector.warp.WarpConnector.run(WarpConne ctor.java:590) at java.lang.Thread.run(Thread.java:484) Any idea? Thanks __ Web-hosting solutions for home and business! http://website.yahoo.ca -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] __ Web-hosting solutions for home and business! http://website.yahoo.ca -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: SSL problem with tomcat 4.0.2
My only other suggestion is to be sure that keystore password and key password are both changeit, and key alias is tomcat. -Original Message- From: Xue-Feng Yang [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 2:54 PM To: Tomcat Users List Subject: RE: SSL problem with tomcat 4.0.2 It looks that I get some prograss. I made a new .keystore in the default dir, as you mentioned. This time I didn't see the new error message in log file, but the page still The page cannot be displayed. Any more suggestions. --- Scott Shorter [EMAIL PROTECTED] wrote: In my experience, Tomcat cannot actually rely on any keystore except the default one, which on W2K seems to appear as C:\\Documents and Settings\\YOURUSERNAME\\.keystore HTH, Scott -Original Message- From: Xue-Feng Yang [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 2:25 PM To: Tomcat Users List Subject: SSL problem with tomcat 4.0.2 Hi, OS: win2k JDK: 1.3.1 TOMCAT: 4.0.2 server.xml Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false keystoreFile=C:/_work/jsse1.0.2/samples/jssecacerts keystorePass=eontecStorePasswd protocol=TLS/ /Connector After startup and look at https://localhost:8443 The page cannot be displayed. There are no prints out. But in the apache_log.2002-02-20 file, I find 2002-02-20 13:59:22 [org.apache.catalina.connector.warp.WarpConnector] Error accepting requests java.net.SocketException: socket closed at java.net.PlainSocketImpl.socketAccept(Native Method) at java.net.PlainSocketImpl.accept(PlainSocketImpl.java:424) at java.net.ServerSocket.implAccept(ServerSocket.java:246) at java.net.ServerSocket.accept(ServerSocket.java:225) at org.apache.catalina.connector.warp.WarpConnector.run(WarpConne ctor.java:590) at java.lang.Thread.run(Thread.java:484) Any idea? Thanks __ Web-hosting solutions for home and business! http://website.yahoo.ca -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] __ Web-hosting solutions for home and business! http://website.yahoo.ca -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: SSL problem with tomcat 4.0.2
Hello,
I'm not sure if you have the same problem I did, but
to fix mine, I created a
self signed key, do this with Suns Java SDK 1.4.0 (I
couldn't get it to work with 1.3.1 because jsse is not
default with this sdk and I think some important certs
were missing from the cacerts file).
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg
RSA -keystore $JAVA_HOME/jre/lib/security/cacerts
Then make sure you put the location of the cacerts
(and password if needed) file in the conf/server.xml.
Mine looks like this.
Connector
className=org.apache.catalina.connector.http.HttpConnector
port=8443 minProcessors=5
maxProcessors=75
enableLookups=true
acceptCount=10 debug=99
scheme=https secure=true
Factory
className=org.apache.catalina.net.SSLServerSocketFactory
keystoreFile=/usr/local/java/j2sdk1.4.0/jre/lib/security/cacerts
keystorePass=changeit
clientAuth=false protocol=TLS/
/Connector
Hope this helps,
Ryan
--- Xue-Feng Yang [EMAIL PROTECTED] wrote:
It looks that I get some prograss.
I made a new .keystore in the default dir, as you
mentioned.
This time I didn't see the new error message in log
file, but the page still The page cannot be
displayed.
Any more suggestions.
--- Scott Shorter [EMAIL PROTECTED] wrote:
In my experience, Tomcat cannot actually rely on
any
keystore except the
default one, which on W2K seems to appear as
C:\\Documents and
Settings\\YOURUSERNAME\\.keystore
HTH,
Scott
-Original Message-
From: Xue-Feng Yang [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 2:25 PM
To: Tomcat Users List
Subject: SSL problem with tomcat 4.0.2
Hi,
OS: win2k
JDK: 1.3.1
TOMCAT: 4.0.2
server.xml
Connector
className=org.apache.catalina.connector.http.HttpConnector
port=8443 minProcessors=5
maxProcessors=75
enableLookups=true
acceptCount=10 debug=0
scheme=https
secure=true
Factory
className=org.apache.catalina.net.SSLServerSocketFactory
clientAuth=false
keystoreFile=C:/_work/jsse1.0.2/samples/jssecacerts
keystorePass=eontecStorePasswd
protocol=TLS/
/Connector
After startup and look at https://localhost:8443
The page cannot be displayed. There are no
prints
out.
But in the apache_log.2002-02-20 file, I find
2002-02-20 13:59:22
[org.apache.catalina.connector.warp.WarpConnector]
Error accepting requests
java.net.SocketException: socket closed
at java.net.PlainSocketImpl.socketAccept(Native
Method)
at
java.net.PlainSocketImpl.accept(PlainSocketImpl.java:424)
at
java.net.ServerSocket.implAccept(ServerSocket.java:246)
at
java.net.ServerSocket.accept(ServerSocket.java:225)
at
org.apache.catalina.connector.warp.WarpConnector.run(WarpConne
ctor.java:590)
at java.lang.Thread.run(Thread.java:484)
Any idea?
Thanks
__
Web-hosting solutions for home and business!
http://website.yahoo.ca
--
To unsubscribe:
mailto:[EMAIL PROTECTED]
For additional commands:
mailto:[EMAIL PROTECTED]
Troubles with the list:
mailto:[EMAIL PROTECTED]
--
To unsubscribe:
mailto:[EMAIL PROTECTED]
For additional commands:
mailto:[EMAIL PROTECTED]
Troubles with the list:
mailto:[EMAIL PROTECTED]
__
Web-hosting solutions for home and business!
http://website.yahoo.ca
--
To unsubscribe:
mailto:[EMAIL PROTECTED]
For additional commands:
mailto:[EMAIL PROTECTED]
Troubles with the list:
mailto:[EMAIL PROTECTED]
__
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
servlet to servlet SSL problem - MalformedURLException
I am running Tomcat3.2 and IIS using the isapi_redirector. I have a class for sending Https messages called HttpsMessage. (This class sets up the com.sun.net.ssl.internal.www.protocol provider into the Java Security class so that URL classes with https can be constructed without getting an MalformedURLException. ) If I use this HttpsMessage class to access a servlet directly from a client program, the request is served properly. BUT if this class is used by one servlet to contact the very same servlet that the client program accessed, a MalformedURLException is thrown complaining about unknown protocol: https I suspect that this is because in the first instance, IIS is handling the SSL hand shaking before the request is forwarded to the servlet whereas in the second case Tomcat needs to provide the SSL support. I am correct? If so, would configuring Tomcat for SSL support fix the problem? Thanks, Keith
SSL problem
Hi, l've a problem regarding SSL. l'm using Tomcat 3.2 server. Different clients'll be contacting this server thinking as if they are contacting their respective merchant sites, wherein all sites' server certs are stored in the same Tomcat server in different keystores l mean, each merchant has his own server cert..but all merchants are configured at one webserver. How can l do my Tomcat webserver work on behalf of many merchant sites ? So How can l configure my Tomcat dynamically in changing its Keystore according to the request obtained? Shall l go for Apache? which SSL package can l adapt with apache? l'm grateful if anyone has a solution.. Thanq Rams winmail.dat Description: application/ms-tnef -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
IIS SSL problem - pls help
Hi, I configured my IIS 5 on Win2k to work with tomcat without any problem. However, I am getting problems once I configured IIS to use server certificate. IIS works fine by itself, but not when tomcat is started. I read thru the archive relating to this subject, but without much success in finding a solution. Pls help. The problem: when entering the URL: https://server/... Using getRequestURL, I get: http://server:443/... All the links I have are also pointing to this address, which results in nothing works. Am I missing some configuration? Thanks, Bill
More on tomcat with SSL problem
I created a java client communicating over https and used it with the same URL it throws following exception: javax.net.ssl.SSLException: Received fatal alert: handshake_failure (no cipher suites in common) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b([DashoPro-V1.2-120198]) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198]) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198]) at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198]) at java.io.OutputStream.write(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120 198]) at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro- V1.2-120198]) at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoP ro-V1.2-120198]) at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-1201 98]) at com.sun.net.ssl.internal.www.protocol.https.HttpClient.init([DashoPro-V1.2 -120198]) at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.init([DashoPro-V1. 2-120198]) at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120 198]) at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120 198]) at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([Dash oPro-V1.2-120198]) at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getOutputStre am([DashoPro-V1.2-120198]) at TestMessage.main(TestMessage.java:116) The tomcat consol still dumps 2001-02-24 04:48:53 - Ctx( ): 400 R( /) null 2001-02-24 04:48:53 - Ctx( ): IOException in: R( /) Socket closed There has to be a common Cipher Suite since both the programs are running on same machine and sharing same environment. Any help appritiated Mandar -Original Message- From: Mandar Joshi [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 24, 2001 6:27 PM To: [EMAIL PROTECTED] Subject: tomcat with SSL Hi, I am using tomcat V3.2. I am trying to configure SSL for stand alone tomcat. I have following entry in the server.xml file Connector className="org.apache.tomcat.service.PoolTcpConnector" Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/ Parameter name="port" value="8443"/ Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory" / Parameter name="keystore" value="tomCertStore" / Parameter name="keypass" value="mypass"/ Parameter name="clientAuth" value="false"/ /Connector When I start tomcat it shows me that it has started listening to port 8443 however When I type https://myserv:8443/, it gives me 'The page cannot be displayed' error Tomcat consol dumps following lines 2001-02-24 04:18:13 - Ctx( ): 400 R( /) null 2001-02-24 04:18:13 - Ctx( ): IOException in: R( /) Socket closed Any ideas why is this happening ? Thanks in advance Mandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
SSL problem causes Apache to crash
Hello, I am currently having problems SSL that cause Apache to crash. I am running mod_ssl 2.7.2, Apache 1.3.14, jdk1.3, Windows 2000, and Tomcat 3.2. Perhaps this would be more appropriate for the Apache forum... but I suspect this has something to do with the communication between Apache and Tomcat; BTW - I am using mod_jk, rather than mod_jserv. I would greatly value any input to find a resolution to this problem. I have been tasked to set up SSL with Apache and Tomcat for my company's application. Ever since I have installed SSL, Apache intermittedly crashes somewhat randomly. I suspected it related to the ajp13 support... but now I am not so sure. The only way I can reproduce this application error consistently is with Internet Explorer as follows: There is a page in our application that uses JavaScript to call another servlet with window.open() and fill in the opener windows' form values. Now, the very first time a user logs into the system using Internet Explorer while running in SSL mode (i.e. - https://...) and executes this JavaScript, Apache causes a program error and I am told to restart Apache. Now, if I just close the browser, or just wait for a little while and try to execute the Javascript that calls the servlet, it works fine. But the first time I re-login to the system, this application error returns. This same test does not cause the error on Netscape. But, Apache does eventually crash with Netscape as well. I suspect this may be due to the fact that IE delivers the pages a good deal faster than Netscape does... especially the window.open part. I believe this problem has something to do with our application seeming to go from secure pages to pages containing non-secure items. I say "seeming" b/c all references to URLs within our application are in the form of "/servets/..." rather than "http://servername/servlets", so I would expect them to inherit SSL if the parent page is displayed in the format. Any ideas or suggestions to get to the root of this would be greatly appreciated. Thanks, ---Tom Davies - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
session tracking and SSL problem
Hi, I use apache 1.3.14 + SSL and tomcat 3.2.1 (ajp12 and mod_jk). I use a servlet to show my pages. When I switch from http to https, a new session is created ! I have a session for http and a session for https...How can I share session between them (I use virtualHost _default_:443 in httpd.conf to define https) Thanks Olivier Tourdes E-mail: [EMAIL PROTECTED] Site: http://www.i-tipi.fr
