RE: SSL config

[Warron French]

I figured it out after all.  The documentation was a little misleading that's 
all.


Warron French
Sr. Network Engineer
Xtria, LLC
8045 Leesburg Pike #400
Vienna, VA 22182
Desk: 703-821-6110
Main: 703-821-6000
Fax:  703-827-0374


-Original Message-
From: Warron French 
Sent: Wednesday, February 16, 2005 6:26 PM
To: User Tomcat (E-mail)
Subject: SSL config


Somehow I have an Apache-2.0.40 server running in conjunction with Jboss-3.2.5.
 
I don't know anything about JBoss really, but it appears that JBoss is doing 
the securing of the socket layer (SSL stuff) for this website.
 
There is not reference to 443 or SSLCertificate or the like in my httpd.conf 
file anywhere, but the site is secured.  I do a netstat -anp find that 
0.0.0.0:443 is being used with a pid value of 7399/java.
 
That pid value comes from the /usr/local/j2sdk1.4.1_04/bin/java (with lots of 
arguments) in the response to my ps -ef | grep 7399.
 
Can someone tell me where I would find the certificate for this website since 
it is apparently not in an apache directory?  I need to renew it soon, and I am 
also not an SSL expert.
 
If I can FIND the certificate I can take care of it from there because the 
documentation seems straightforward.
 
 
Thanks,
Warron French 
Sr. Network Engineer 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

SSL config

[Warron French]

Somehow I have an Apache-2.0.40 server running in conjunction with Jboss-3.2.5.
 
I don't know anything about JBoss really, but it appears that JBoss is doing 
the securing of the socket layer (SSL stuff) for this website.
 
There is not reference to 443 or SSLCertificate or the like in my httpd.conf 
file anywhere, but the site is secured.  I do a netstat -anp find that 
0.0.0.0:443 is being used with a pid value of 7399/java.
 
That pid value comes from the /usr/local/j2sdk1.4.1_04/bin/java (with lots of 
arguments) in the response to my ps -ef | grep 7399.
 
Can someone tell me where I would find the certificate for this website since 
it is apparently not in an apache directory?  I need to renew it soon, and I am 
also not an SSL expert.
 
If I can FIND the certificate I can take care of it from there because the 
documentation seems straightforward.
 
 
Thanks,
Warron French 
Sr. Network Engineer 

Re: Tomcat 5.X & SSL config

[Bill Barker]

You haven't specified a Trust Store, so you only get to choose a few cert
issuers (e.g. Verisign, Thawte) for your client cert.

"POLO ARAUJO, JAVIER" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> Hi! I have a problem when triying to configure Tomcat 5.X (under windows
XP) to handle SSL and digital certificate. I have a server certificate (it's
valid), so I just import it to my keystore and follow the instructions to
modify the file server.xml (just change the keystoreFile, keystorePass and
clientAuth). The problem is that, when I access to http://localhost:8443,
the box where I can choose my client certificate pops up empty (I have a
valid client certificate in my browser) so I can't choose my client browser.
>
> First, I though it was a browser's config problem but using mozilla
happends the same thing. The most curious thing is that, with the same
keystore and using other app-server (Oracle's OC4J) it works fine (I can
choose my client certificate), so I think it's a Tomcat problem, but I don't
know what!
>
> Thanks a lot,
>
> Javier Polo.
>




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat 5.X & SSL config

[POLO ARAUJO, JAVIER]

Hello!

Of course, here you are. If you can find the problem, please tell me.

Regards,

Javier Polo.

-









  
  
  
  

  
  








  
factory
org.apache.catalina.users.MemoryUserDatabaseFactory
  
  
pathname
conf/tomcat-users.xml
  


  

  

  
  





















 
 



  
  

  
  

  

  
  

  
  

  

  

  

  

  
  

 















  



  



-


-Original Message-
From: Stephan KÃhn [mailto:[EMAIL PROTECTED]
Sent: vie 30/07/2004 10:42
To: Tomcat Users List
Subject: RE: Tomcat 5.X & SSL config
 
HI,

i similar the same problem, I whant to setup server based ssl auth, but when i try to 
configure vew the webgui the hhtps conntector, tomcat will not start anymore.  Can cou 
give me your server.xml file, so ican compair eit whith my one ?



-Original Message-
From: POLO ARAUJO, JAVIER [mailto:[EMAIL PROTECTED] 
Sent: Freitag, 30. Juli 2004 10:26
To: [EMAIL PROTECTED]
Subject: Tomcat 5.X & SSL config


Hi! I have a problem when triying to configure Tomcat 5.X (under windows XP) to handle 
SSL and digital certificate. I have a server certificate (it's valid), so I just 
import it to my keystore and follow the instructions to modify the file server.xml 
(just change the keystoreFile, keystorePass and clientAuth). The problem is that, when 
I access to http://localhost:8443, the box where I can choose my client certificate 
pops up empty (I have a valid client certificate in my browser) so I can't choose my 
client browser. 

First, I though it was a browser's config problem but using mozilla happends the same 
thing. The most curious thing is that, with the same keystore and using other 
app-server (Oracle's OC4J) it works fine (I can choose my client certificate), so I 
think it's a Tomcat problem, but I don't know what!

Thanks a lot,

Javier Polo.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat 5.X & SSL config

[Stephan Kühn]

HI,

i similar the same problem, I whant to setup server based ssl auth, but when i try to 
configure vew the webgui the hhtps conntector, tomcat will not start anymore.  Can cou 
give me your server.xml file, so ican compair eit whith my one ?



-Original Message-
From: POLO ARAUJO, JAVIER [mailto:[EMAIL PROTECTED] 
Sent: Freitag, 30. Juli 2004 10:26
To: [EMAIL PROTECTED]
Subject: Tomcat 5.X & SSL config


Hi! I have a problem when triying to configure Tomcat 5.X (under windows XP) to handle 
SSL and digital certificate. I have a server certificate (it's valid), so I just 
import it to my keystore and follow the instructions to modify the file server.xml 
(just change the keystoreFile, keystorePass and clientAuth). The problem is that, when 
I access to http://localhost:8443, the box where I can choose my client certificate 
pops up empty (I have a valid client certificate in my browser) so I can't choose my 
client browser. 

First, I though it was a browser's config problem but using mozilla happends the same 
thing. The most curious thing is that, with the same keystore and using other 
app-server (Oracle's OC4J) it works fine (I can choose my client certificate), so I 
think it's a Tomcat problem, but I don't know what!

Thanks a lot,

Javier Polo.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat 5.X & SSL config

[POLO ARAUJO, JAVIER]

Hi! I have a problem when triying to configure Tomcat 5.X (under windows XP) to handle 
SSL and digital certificate. I have a server certificate (it's valid), so I just 
import it to my keystore and follow the instructions to modify the file server.xml 
(just change the keystoreFile, keystorePass and clientAuth). The problem is that, when 
I access to http://localhost:8443, the box where I can choose my client certificate 
pops up empty (I have a valid client certificate in my browser) so I can't choose my 
client browser. 

First, I though it was a browser's config problem but using mozilla happends the same 
thing. The most curious thing is that, with the same keystore and using other 
app-server (Oracle's OC4J) it works fine (I can choose my client certificate), so I 
think it's a Tomcat problem, but I don't know what!

Thanks a lot,

Javier Polo.

SSL Config Issue

[pradeep pasupuleti]

Hi, 
I did the SSL configuration with Tomcat Successfully.
I saw the opening page when I entered the URL
https://localhost:8443. But when I ran my application
I ran into an exception
"org.apache.jasper.JasperException: Framework binding
failed". 

1. I counter the same problem when I run my
application on 8080 with http (after I configured SSL)
2. But my application works perfectly fine (with http
and 8080) if I disable the SSL configuration.(set the
server.xml back to the default).

Please assist me on how o get around with this
problem.

Thank you,
Pradeep





__
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

SSL Config on Tomcat (Error)

[Manoj Kithany]

Hi:
Here is the transcripts of my SERVER.XML file:
---

	
	




	


	
   
	   
	  
		
		
	  
	


---




-Original Message-
From: Peter Romianowski [mailto:megapero@;gmx.de]
Sent: Wednesday, November 13, 2002 11:53 AM
To: 'Tomcat Users List'
Subject: RE: SSL Config on Tomcat (Error)


The error message you got indicates that there is already a service
listening on that port. Please send your server.xml for further
investigation and try to figure out what listens on which port and if
you have other software running (like apache) that might listen to a
port specified in your server.xml.

Peter

> -Original Message-
> From: Manoj Kithany [mailto:manojkithany108@;hotmail.com]
> Sent: Wednesday, November 13, 2002 5:23 PM
> To: [EMAIL PROTECTED]
> Subject: SSL Config on Tomcat (Error)
>
>
> Hi Experts:
>
> I want to Configure my TOMCAT for SSL and was reading the SSL
> Config How-To
> posted at
> "http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.htm
> l#Edit%20the%20Tomcat%20Configuration%20File"
>
> I made all the changes as was mentioned above and when excute
> Catalina I get
> following error--->
> --
> ---
> # ./catalina.sh run
> Using CATALINA_BASE:   /tom
> Using CATALINA_HOME:   /tom
> Using CATALINA_TMPDIR: /tom/temp
> Using JAVA_HOME:   /usr/java130
> Starting service Tomcat-Standalone
> Apache Tomcat/4.0.4
> Error unable to create jar cache in /tmp directory :
> java.util.zip.ZipException: error in opening zip file
> Error unable to create jar cache in /tmp directory :
> java.util.zip.ZipException: error in opening zip file
> Starting service Tomcat-Apache
> Apache Tomcat/4.0.4
> StandardServer.await: create[8005]: java.net.BindException:
> The socket name
> is already in use.
> java.net.BindException: The socket name is already in use.
> at java.net.PlainSocketImpl.socketBind(Native Method)
> at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:414)
> at java.net.ServerSocket.(ServerSocket.java:182)
> at
> org.apache.catalina.core.StandardServer.await(StandardServer.java:277)
> at
> org.apache.catalina.startup.Catalina.start(Catalina.java:794)
> at
> org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
> at
> org.apache.catalina.startup.Catalina.process(Catalina.java:179)
> at java.lang.reflect.Method.invoke(Native Method)
> at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
> --
> ---
>
> Thanks!



_
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>

RE: SSL Config on Tomcat (Error)

[Peter Romianowski]

  first, please don't send messages to the list with the list-address in
bcc
(this breaks filtering in most email-clients).


  The error message you got indicates that there is already a service
listening on that port. Please send your server.xml for further
investigation and try to figure out what listens on which port and if
you have other software running (like apache) that might listen to a
port specified in your server.xml.

Peter

> -Original Message-
> From: Manoj Kithany [mailto:manojkithany108@;hotmail.com] 
> Sent: Wednesday, November 13, 2002 5:23 PM
> To: [EMAIL PROTECTED]
> Subject: SSL Config on Tomcat (Error)
> 
> 
> Hi Experts:
> 
> I want to Configure my TOMCAT for SSL and was reading the SSL 
> Config How-To 
> posted at 
> "http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.htm
> l#Edit%20the%20Tomcat%20Configuration%20File"
> 
> I made all the changes as was mentioned above and when excute 
> Catalina I get 
> following error--->
> --
> ---
> # ./catalina.sh run
> Using CATALINA_BASE:   /tom
> Using CATALINA_HOME:   /tom
> Using CATALINA_TMPDIR: /tom/temp
> Using JAVA_HOME:   /usr/java130
> Starting service Tomcat-Standalone
> Apache Tomcat/4.0.4
> Error unable to create jar cache in /tmp directory : 
> java.util.zip.ZipException: error in opening zip file
> Error unable to create jar cache in /tmp directory : 
> java.util.zip.ZipException: error in opening zip file
> Starting service Tomcat-Apache
> Apache Tomcat/4.0.4
> StandardServer.await: create[8005]: java.net.BindException: 
> The socket name 
> is already in use.
> java.net.BindException: The socket name is already in use.
> at java.net.PlainSocketImpl.socketBind(Native Method)
> at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:414)
> at java.net.ServerSocket.(ServerSocket.java:182)
> at 
> org.apache.catalina.core.StandardServer.await(StandardServer.java:277)
> at 
> org.apache.catalina.startup.Catalina.start(Catalina.java:794)
> at 
> org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
> at 
> org.apache.catalina.startup.Catalina.process(Catalina.java:179)
> at java.lang.reflect.Method.invoke(Native Method)
> at 
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
> --
> ---
> 
> Thanks!
> 
> 
> 
> 
> 
> 
> _
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
> http://join.msn.com/?page=features/virus
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:tomcat-user-> [EMAIL PROTECTED]>
> For 
> additional commands, 
> e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
> 


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>

SSL Config on Tomcat (Error)

[Manoj Kithany]

Hi Experts:

I want to Configure my TOMCAT for SSL and was reading the SSL Config How-To 
posted at 
"http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File";

I made all the changes as was mentioned above and when excute Catalina I get 
following error--->
-
# ./catalina.sh run
Using CATALINA_BASE:   /tom
Using CATALINA_HOME:   /tom
Using CATALINA_TMPDIR: /tom/temp
Using JAVA_HOME:   /usr/java130
Starting service Tomcat-Standalone
Apache Tomcat/4.0.4
Error unable to create jar cache in /tmp directory : 
java.util.zip.ZipException: error in opening zip file
Error unable to create jar cache in /tmp directory : 
java.util.zip.ZipException: error in opening zip file
Starting service Tomcat-Apache
Apache Tomcat/4.0.4
StandardServer.await: create[8005]: java.net.BindException: The socket name 
is already in use.
java.net.BindException: The socket name is already in use.
   at java.net.PlainSocketImpl.socketBind(Native Method)
   at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:414)
   at java.net.ServerSocket.(ServerSocket.java:182)
   at 
org.apache.catalina.core.StandardServer.await(StandardServer.java:277)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:794)
   at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
   at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
   at java.lang.reflect.Method.invoke(Native Method)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
-

Thanks!






_
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>

RE: ssl config question

[Steven Garrett]

ok, so this is what I see in the logs.  It looks to me like the app gets
loaded but can't accept requests.  Is this a fair assessment or am I totally
wrong (which is the more likely case).  All suggestions/help are
appreciated.  

To recap the problem.  I can see the application using port 8080, but cannot
see the appliation over port 8443.  I've installed jsse, and have followed
the SSL config directions on the tomcat website. 

Thanks,

Steve

Localhost log

2002-09-03 14:46:34 invoker: init
2002-09-03 14:46:34 jsp: init
2002-09-03 14:46:35 StandardHost[localhost]: Installing web application at
context path /pps from URL file:/usr/local/jakarta-
tomcat-4.0.3/webapps/pps
2002-09-03 14:46:35 WebappLoader[/pps]: Deploying class repositories to work
directory /usr/local/jakarta-tomcat-4.0.3/work/lo
calhost/pps
2002-09-03 14:46:35 StandardManager[/pps]: Seeding random number generator
class java.security.SecureRandom
2002-09-03 14:46:35 StandardManager[/pps]: Seeding of random number
generator has been completed
2002-09-03 14:46:35 ContextConfig[/pps]: Added certificates -> request
attribute Valve
2002-09-03 14:46:35 StandardWrapper[/pps:default]: Loading container servlet
default
2002-09-03 14:46:35 default: init
2002-09-03 14:46:35 StandardWrapper[/pps:invoker]: Loading container servlet
invoker
2002-09-03 14:46:35 invoker: init
2002-09-03 14:46:35 jsp: init

>From Catalina_log.2002-09-03.txt

2002-09-03 15:20:20 HttpProcessor[8443][4]  An incoming request is being
assigned
2002-09-03 15:20:20 HttpProcessor[8443][4]   The incoming request has been
awaited
2002-09-03 15:20:20 HttpProcessor[8443][4]   parseConnection:
address=/64.24.66.53, port=8443
2002-09-03 15:20:28 HttpProcessor[8443][4]  An incoming request is being
assigned
2002-09-03 15:20:28 HttpProcessor[8443][4]   The incoming request has been
awaited
2002-09-03 15:20:28 HttpProcessor[8443][4]   parseConnection:
address=/64.24.66.53, port=8443
2002-09-03 15:20:29 HttpProcessor[8443][4]  An incoming request is being
assigned
2002-09-03 15:20:29 HttpProcessor[8443][4]   The incoming request has been
awaited
2002-09-03 15:20:29 HttpProcessor[8443][4]   parseConnection:
address=/64.24.66.53, port=8443
2002-09-03 15:20:31 HttpProcessor[8443][4]  An incoming request is being
assigned
2002-09-03 15:20:31 HttpProcessor[8443][4]   The incoming request has been
awaited
2002-09-03 15:20:31 HttpProcessor[8443][4]   parseConnection:
address=/64.24.66.53, port=8443
2002-09-03 15:20:32 HttpProcessor[8443][4]  An incoming request is being
assigned
2002-09-03 15:20:32 HttpProcessor[8443][4]   The incoming request has been
awaited
2002-09-03 15:20:32 HttpProcessor[8443][4]   parseConnection:
address=/64.24.66.53, port=8443
2002-09-03 15:21:30 HttpProcessor[8443][4]  An incoming request is being
assigned
2002-09-03 15:21:30 HttpProcessor[8443][4]   The incoming request has been
awaited
2002-09-03 15:21:30 HttpProcessor[8443][4]   parseConnection:
address=/64.24.66.53, port=8443
2002-09-03 15:21:31 HttpProcessor[8443][4]  An incoming request is being
assigned
2002-09-03 15:21:31 HttpProcessor[8443][4]   The incoming request has been
awaited
2002-09-03 15:21:31 HttpProcessor[8443][4]   parseConnection:
address=/64.24.66.53, port=8443

-Original Message-
From: Steven Garrett [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 03, 2002 12:52 PM
To: 'Tomcat Users List'
Subject: RE: ssl config question


Yes, I did install jsse and I did follow the directions on the tomcat
homepage for configuring ssl.  I'll turn the logging on and see what comes
of it...I'll be back :)

Steve

-Original Message-
From: Turner, John [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 03, 2002 12:49 PM
To: 'Tomcat Users List'
Subject: RE: ssl config question



Oops, that's a typo.  It should say running Tomcat as root is unwise for
production. :)  That's what I get for trying to increase my Project Dolphin
average! LOL

John

> -Original Message-
> From: Turner, John [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 03, 2002 12:46 PM
> To: 'Tomcat Users List'
> Subject: RE: ssl config question
> 
> 
> 
> Well, you definitely won't find your application on 443, 
> unless you are
> running Tomcat as root (ok for development, I guess, but not wise for
> development).  Applications need root to bind to ports under 1024.
> 
> So, that leaves 8443.  Just for confirmation's sake, did you 
> follow the SSL
> HOWTO?  Did you install JSSE?  The HOWTO is here:
> http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html
> 
> For logging, you can add "debug" to your Context/Engine/Host 
> container in
> server.xml and give it a high number like "10".  The default 
> is "0", as
> described here:
> http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html
> 
> John
> 

--
To un

RE: ssl config question

[Steven Garrett]

Yes, I did install jsse and I did follow the directions on the tomcat
homepage for configuring ssl.  I'll turn the logging on and see what comes
of it...I'll be back :)

Steve

-Original Message-
From: Turner, John [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 03, 2002 12:49 PM
To: 'Tomcat Users List'
Subject: RE: ssl config question



Oops, that's a typo.  It should say running Tomcat as root is unwise for
production. :)  That's what I get for trying to increase my Project Dolphin
average! LOL

John

> -Original Message-
> From: Turner, John [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 03, 2002 12:46 PM
> To: 'Tomcat Users List'
> Subject: RE: ssl config question
> 
> 
> 
> Well, you definitely won't find your application on 443, 
> unless you are
> running Tomcat as root (ok for development, I guess, but not wise for
> development).  Applications need root to bind to ports under 1024.
> 
> So, that leaves 8443.  Just for confirmation's sake, did you 
> follow the SSL
> HOWTO?  Did you install JSSE?  The HOWTO is here:
> http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html
> 
> For logging, you can add "debug" to your Context/Engine/Host 
> container in
> server.xml and give it a high number like "10".  The default 
> is "0", as
> described here:
> http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html
> 
> John
> 

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: ssl config question

[Turner, John]

Oops, that's a typo.  It should say running Tomcat as root is unwise for
production. :)  That's what I get for trying to increase my Project Dolphin
average! LOL

John

> -Original Message-
> From: Turner, John [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 03, 2002 12:46 PM
> To: 'Tomcat Users List'
> Subject: RE: ssl config question
> 
> 
> 
> Well, you definitely won't find your application on 443, 
> unless you are
> running Tomcat as root (ok for development, I guess, but not wise for
> development).  Applications need root to bind to ports under 1024.
> 
> So, that leaves 8443.  Just for confirmation's sake, did you 
> follow the SSL
> HOWTO?  Did you install JSSE?  The HOWTO is here:
> http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html
> 
> For logging, you can add "debug" to your Context/Engine/Host 
> container in
> server.xml and give it a high number like "10".  The default 
> is "0", as
> described here:
> http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html
> 
> John
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: ssl config question

[Turner, John]

Well, you definitely won't find your application on 443, unless you are
running Tomcat as root (ok for development, I guess, but not wise for
development).  Applications need root to bind to ports under 1024.

So, that leaves 8443.  Just for confirmation's sake, did you follow the SSL
HOWTO?  Did you install JSSE?  The HOWTO is here:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html

For logging, you can add "debug" to your Context/Engine/Host container in
server.xml and give it a high number like "10".  The default is "0", as
described here:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html

John

> -Original Message-
> From: Steven Garrett [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 03, 2002 12:38 PM
> To: 'Tomcat Users List'
> Subject: RE: ssl config question
> 
> 
> Sorry, I'm using IE version 6.0  All it's saying is my page can't be
> displayed.  And there isn't anything significant in the log 
> files, as far as
> I can tell.  Is there a way to start Tomcat with more verbose 
> logging?  All
> it says is starting background thread.
> 
> I hope this is more helpful, although I'm sure it isn't.
> 
> thanks,
> 
> Steve
> 
> -Original Message-
> From: Turner, John [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 03, 2002 12:33 PM
> To: 'Tomcat Users List'
> Subject: RE: ssl config question
> 
> 
> 
> Please be more specific.  Error messages?  Anything in the 
> log files?  What
> happens, exactly, when you try to access your application?
> 
> John Turner
> [EMAIL PROTECTED]
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: ssl config question

[Steven Garrett]

Sorry, I'm using IE version 6.0  All it's saying is my page can't be
displayed.  And there isn't anything significant in the log files, as far as
I can tell.  Is there a way to start Tomcat with more verbose logging?  All
it says is starting background thread.

I hope this is more helpful, although I'm sure it isn't.

thanks,

Steve

-Original Message-
From: Turner, John [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 03, 2002 12:33 PM
To: 'Tomcat Users List'
Subject: RE: ssl config question



Please be more specific.  Error messages?  Anything in the log files?  What
happens, exactly, when you try to access your application?

John Turner
[EMAIL PROTECTED]

> -Original Message-
> From: Steven Garrett [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 03, 2002 12:31 PM
> To: 'Tomcat Users List'
> Subject: ssl config question
> 
> 
> Hi All,
> 
> I'm relatively new to administering Tomcat.  I'm trying to get my
> application to work over SSL.  I've uncommented all the appropriate
> connectors, created a key using keytool.  However, I still 
> can't get to my
> application over port 443 or 8443.  Am I missing something?  Thanks in
> advance for your help.
> 
> Steve
> 
> --
> To unsubscribe, e-mail:   
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: 
> <mailto:[EMAIL PROTECTED]>
> 

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: ssl config question

[Turner, John]

Please be more specific.  Error messages?  Anything in the log files?  What
happens, exactly, when you try to access your application?

John Turner
[EMAIL PROTECTED]

> -Original Message-
> From: Steven Garrett [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 03, 2002 12:31 PM
> To: 'Tomcat Users List'
> Subject: ssl config question
> 
> 
> Hi All,
> 
> I'm relatively new to administering Tomcat.  I'm trying to get my
> application to work over SSL.  I've uncommented all the appropriate
> connectors, created a key using keytool.  However, I still 
> can't get to my
> application over port 443 or 8443.  Am I missing something?  Thanks in
> advance for your help.
> 
> Steve
> 
> --
> To unsubscribe, e-mail:   
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: 
> <mailto:[EMAIL PROTECTED]>
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

ssl config question

[Steven Garrett]

Hi All,

I'm relatively new to administering Tomcat.  I'm trying to get my
application to work over SSL.  I've uncommented all the appropriate
connectors, created a key using keytool.  However, I still can't get to my
application over port 443 or 8443.  Am I missing something?  Thanks in
advance for your help.

Steve

--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: tomcat ssl config and apache

[Brett W . McCoy]

On 2001.03.07 21:36 mikhail malamud wrote:

> Do I need to configure anything on Tomcat for SSL if I already have SSL
> working on Apache and Apache  works together with Tomcat. Why?

There's very little you need to configure, actually.  You will probably want to
capture some of the SSL session variables that Apache uses.  See

http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/tomcat-ssl-howto.html#s3

for the full details.  It's actually quite simple, just a couple of directives
in the mod_jk.conf file.

Note that you *must* use Ajp13 and mod_jk to be able to do this.

-- Brett

http://www.chapelperilous.net/~bmccoy/

Any stone in your boot always migrates against the pressure gradient to
exactly the point of most pressure.
-- Milt Barber

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: tomcat ssl config and apachey

[Jan Labanowski]

On Wed, 7 Mar 2001, mikhail malamud wrote:

> Do I need to configure anything on Tomcat for SSL if I already have SSL
> working on Apache and Apache  works together with Tomcat. Why?
> 
> 
> Thanks,
> 
> MIkhail
> 

You do not only need, but you actually cannot configure SSL in Tomcat
if your requests are handled by Apache. The SSL in Tomcat is only
used when you use Tomcat as a web server. If you use Tomcat as a servlet/JSP
container which talks to apache via mod_jk, you have to configure SSL
in Apache. 
Things to remember is that if you want to serve your servlets/JSP ONLY
via HTTPS you must incluse all the mod_jk context mounting stuff
within the virtual host, e.g., 


 
Include /full/path/to/mod_jk.conf


in your httpd.conf, but you must comment out/delete the

LoadModule jk_module  libexec/mod_jk.so
AddModule mod_jk.c

within mod_jk.conf file and add them in the Load/Add/Module block at the
beginning of your httpd.conf

If you want to do HTTP and HTTPS with identical contexts, you just
include your /full/path/to/mod_jk.conf in httpd.conf before the 
SSL virtural host, though it will also work if you include it at the
very end of httpd.conf

Jan


> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
> 

Jan K. Labanowski|phone: 614-292-9279,  FAX: 614-292-7168
Ohio Supercomputer Center|Internet: [EMAIL PROTECTED] 
1224 Kinnear Rd, |http://www.ccl.net/chemistry.html
Columbus, OH 43212-1163  |http://www.osc.edu/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: tomcat ssl config and apache

[Milt Epstein]

On Wed, 7 Mar 2001, mikhail malamud wrote:

> Do I need to configure anything on Tomcat for SSL if I already have
> SSL working on Apache and Apache works together with Tomcat. Why?

I don't believe so -- that's how I have it set up (i.e. Apache with
SSL), and I didn't have to set anything extra up (i.e. to get Tomcat
working with it).  If you're using Tomcat standalone, I believe there
are some extra steps involved (check the comments in the server.xml
file).

Milt Epstein
Research Programmer
Software/Systems Development Group
Computing and Communications Services Office (CCSO)
University of Illinois at Urbana-Champaign (UIUC)
[EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

tomcat ssl config and apache

[mikhail malamud]

Do I need to configure anything on Tomcat for SSL if I already have SSL
working on Apache and Apache  works together with Tomcat. Why?


Thanks,

MIkhail


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]