Tomcat with SSL/secure="false"

[Martin Dubuc]

I am having problems with using SSL on Tomcat. When I
add an SSL connector to my server.xml, Tomcat hangs on
startup. I have been able to identify what causes it
to hang, but I still can't figure out why this is
happening. Here are the connectors I have defined in
server.xml:




  


If I set the secure attribute to false in the SSL
connector, then Tomcat starts without problems. But if
it is set to true, then Tomcat hangs when it loads the
SSL connector. Has someone experienced this problem
before?

I am worried of implication of setting secure to false
with regards to SSL connector.

The version of Tomcat I use is 5.0.19. I am running
Tomcat on FreeBSD 4.10 (I may be experiencing a
limitation of the J2SDK FreeBSD port). Anybody else
running Tomcat with SSL of FreeBSD?

Martin



__
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: AW: Tomcat with ssl

[Alvin Antony]

hi 
  you can implement it through a servlet filter. As far as i can remember there is 
a standard valve implementaion for Tomcat, which implements it for you.

HTH,
Alvin


Alvin Antony
Software Engineer

Ludwig-Maximilians-Universitaet München
Zentrale Universitaetsverwaltung
Referat IIIA 3 (Anwendungs Entwicklung)
Theresienstr. 37 / 2. Stock  Zi. 249
80333 Muenchen

phone  +49 (089) 2180 - 4005

mail  [EMAIL PROTECTED] 
web http://informationstechnik.verwaltung.uni-muenchen.de 

>>> [EMAIL PROTECTED] 07/05/04 1:56 PM >>>
Thanks for the answer.

But I have read this. I have a problem with redirect from port 80 to 443. I use tomcat 
4.1.29.

My server.xml contains this code:

 

 
 


It doesn't redirect if I will use http://www.myDomain.de/.

https://www.myDomain.de functions.

I have no idea.


Regards,

Frank

> -Ursprüngliche Nachricht-
> Von: Thilo Krawietz [mailto:[EMAIL PROTECTED]
> Gesendet: Montag, 5. Juli 2004 13:36
> An: Tomcat Users List
> Betreff: Re: Tomcat with ssl
> 
> 
> Hello,
> 
> in the official tomcat docu there is a good chapter about how to 
> configure Tomcat with ssl.
> 
> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
> 
> Check it out!
> 
> Regards,
> 
> Thilo
> 
> >Hi,
> > 
> >I search a good description to configure tomcat with ssl on 
> port 443 and redirect from port 80.
> > 
> >Has anyone a good solution?
> > 
> > 
> >Regards,
> > 
> >Frank
> >
> >  
> >
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: Tomcat with ssl

[Otto, Frank]

Thanks for the answer.

But I have read this. I have a problem with redirect from port 80 to 443. I use tomcat 
4.1.29.

My server.xml contains this code:

 

 
 


It doesn't redirect if I will use http://www.myDomain.de/.

https://www.myDomain.de functions.

I have no idea.


Regards,

Frank

> -Ursprüngliche Nachricht-
> Von: Thilo Krawietz [mailto:[EMAIL PROTECTED]
> Gesendet: Montag, 5. Juli 2004 13:36
> An: Tomcat Users List
> Betreff: Re: Tomcat with ssl
> 
> 
> Hello,
> 
> in the official tomcat docu there is a good chapter about how to 
> configure Tomcat with ssl.
> 
> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
> 
> Check it out!
> 
> Regards,
> 
> Thilo
> 
> >Hi,
> > 
> >I search a good description to configure tomcat with ssl on 
> port 443 and redirect from port 80.
> > 
> >Has anyone a good solution?
> > 
> > 
> >Regards,
> > 
> >Frank
> >
> >  
> >
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat with ssl

[Thilo Krawietz]

Hello,
in the official tomcat docu there is a good chapter about how to 
configure Tomcat with ssl.

http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
Check it out!
Regards,
Thilo
Hi,
I search a good description to configure tomcat with ssl on port 443 and redirect from 
port 80.
Has anyone a good solution?
Regards,
Frank
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat with ssl

[Otto, Frank]

Hi,
 
I search a good description to configure tomcat with ssl on port 443 and redirect from 
port 80.
 
Has anyone a good solution?
 
 
Regards,
 
Frank

Apache/jk2/Tomcat with SSL

[Ghanakota, Vishu]

Hi,
We are planning to move a XML/HTTP B2B app from ASP/IIS to
JSP/Apache+Tomcat. To make the migration easy, I decided to run this on
Windows 2000. We use SSL (with client authentication) for securing the
transactions.
I plan to have the following configuration
Windows 2000
Apache 2.x
jk2
Tomcat 4.1.x
mod_ssl

This should be highly scalable, supporting upto 100 concurrent requests. 
Did you work with above configuration? Do you see any issues?

thank you,
Vishu 

"MMS " made the following
 annotations on 05/19/2004 03:06:26 PM
--
"THIS E-MAIL MESSAGE AND ANY FILES TRANSMITTED HEREWITH, ARE INTENDED SOLELY FOR THE 
USE OF THE INDIVIDUAL(S) ADDRESSED AND MAY CONTAIN CONFIDENTIAL, PROPRIETARY OR 
PRIVILEGED INFORMATION.  IF YOU ARE NOT THE ADDRESSEE INDICATED IN THIS MESSAGE (OR 
RESPONSIBLE FOR DELIVERY OF THIS MESSAGE TO SUCH PERSON) YOU MAY NOT REVIEW, USE, 
DISCLOSE OR DISTRIBUTE THIS MESSAGE OR ANY FILES TRANSMITTED HEREWITH.  IF YOU RECEIVE 
THIS MESSAGE IN ERROR, PLEASE CONTACT THE SENDER BY REPLY E-MAIL AND DELETE THIS 
MESSAGE AND ALL COPIES OF IT FROM YOUR SYSTEM."
==


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat with SSL

[Jason Palmatier]

It looks like you are using WebSphere and may be
getting tangled up in IBM's version of Sun's JSSE.  I
ran into a similar problem on an IBM iSeries server
and posted my eventual soultion here:

http://www-106.ibm.com/developerworks/forums/dw_thread.jsp?forum=178&thread=26188&message=2377519&cat=10&q=%22IBM+JSSE%22+%2B%22iSeries%22#2377519

(Let me know if the link doesn't work)

If you are not on the iSeries then the important point
of the initial part about the provider is to have the
IBM provider com.ibm.jsse.IBMJSSEProvider in front of
Sun's provider.  The rest should apply without any
change.  Note the inclusion of algorithm="IbmX509" in
the server.xml HTTPS connector tag.  It's case
sensitive which can be tricky.  I hope this helps!

Jason

--- "Hiemer, Bernhard" <[EMAIL PROTECTED]> wrote:
> 
> 
> Thanks for your reply!
> 
> I configured my server.xml like this:
> 
className="org.apache.coyote.tomcat4.CoyoteConnector"
>port="8443" minProcessors="5"
> maxProcessors="75"
>enableLookups="true"
>  acceptCount="10" debug="0" scheme="https"
> secure="true"
>useURIValidationHack="false">
>   
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
>clientAuth="false" protocol="TLS" 
>   
> keystoreFile="C:\Programme\IBM\WebSphere
> Studio\Application
>
Developer\v5.1\runtimes\base_v5\java\jre\lib\security\test"
> 
>        keystorePass="changeit" />
> 
> 
> But there are the same effects ...
> 
> 
> 
> 
> 
> 
> -Ursprüngliche Nachricht-
> Von: Bill Barker [mailto:[EMAIL PROTECTED]
> Gesendet: Donnerstag, 22. April 2004 08:38
> An: [EMAIL PROTECTED]
> Betreff: Re: Tomcat with SSL
> 
> 
> I believe that you can't use IBM's JSSE with the
> HttpConnector.  You have to
> use the CoyoteConnector.
> 
> "Hiemer, Bernhard" <[EMAIL PROTECTED]> wrote in message
>
news:[EMAIL PROTECTED]
> 
> Hi Tomcat-Users,
> 
> I found out, that my problem depends on the
> configuration of the security
> providers in the java.security file.
> (On my machine is installed jsse from IBM and Sun).
> 
> If the configuration is
> security.provider.1=sun.security.provider.Sun
> security.provider.2=com.ibm.jsse.JSSEProvider
>
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
> 
> I get the following Exception
> Catalina.start: LifecycleException:  null.open:
> java.security.NoSuchAlgorithmException: Class
> com.ibm.jsse.ba configured for
> SSLContext not a SSLContext
> at com.sun.net.ssl.SunJSSE_b.a(DashoA6275)
> at
> com.sun.net.ssl.SSLContext.getInstance(DashoA6275)
> at
>
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocContext
> not a SSLContext
> at com.sun.net.ssl.SunJSSE_b.a(DashoA6275)
> at
> com.sun.net.ssl.SSLContext.getInstance(DashoA6275)
> ...
> 
> 
> In the other case, when the configuration-file looks
> like
> security.provider.1=sun.security.provider.Sun
>
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
> security.provider.3=com.ibm.jsse.JSSEProvider
> 
> this error message occurs:
> java.lang.reflect.InvocationTargetException:
> java.lang.OutOfMemoryError
> 
> 
> 
> 
> The relevant part of the server.xml file is:
> 
className="org.apache.catalina.connector.http.HttpConnector"
>port="8443" minProcessors="5"
> maxProcessors="75"
>enableLookups="true"
>acceptCount="10" debug="0" scheme="https"
> secure="true"
>useURIValidationHack="false">
>   
className="org.apache.catalina.net.SSLServerSocketFactory"
>clientAuth="false" protocol="TLS"
>   
> keystoreFile="C:\Programme\IBM\WebSphere
> Studio\Application
>
Developer\v5.1\runtimes\base_v5\java\jre\lib\security\test"
>keystorePass="changeit" />
> 
> 
> 
> 
> In the first case it looks like the two different
> jsse implementations cause
> the problem. But how to configure it right?
> 
> Can anyone give me any suggestions?
> 
> Thanks
> Bernhard
> 
> 
> 
> 
> 
> 
> -Ursprüngliche Nachricht-
> Von: Hiemer, Bernhard
> Gesendet: Freitag, 16. April 2004 08:00
> An: '[EMAIL PROTECTED]'
> Betreff: Tomcat with SSL
> 
&g

Re: Tomcat with SSL

[Hiemer, Bernhard]

Thanks for your reply!

I configured my server.xml like this:

  


But there are the same effects ...






-Ursprüngliche Nachricht-
Von: Bill Barker [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 22. April 2004 08:38
An: [EMAIL PROTECTED]
Betreff: Re: Tomcat with SSL


I believe that you can't use IBM's JSSE with the HttpConnector.  You have to
use the CoyoteConnector.

"Hiemer, Bernhard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]

Hi Tomcat-Users,

I found out, that my problem depends on the configuration of the security
providers in the java.security file.
(On my machine is installed jsse from IBM and Sun).

If the configuration is
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.jsse.JSSEProvider
security.provider.3=com.sun.net.ssl.internal.ssl.Provider

I get the following Exception
Catalina.start: LifecycleException:  null.open:
java.security.NoSuchAlgorithmException: Class com.ibm.jsse.ba configured for
SSLContext not a SSLContext
at com.sun.net.ssl.SunJSSE_b.a(DashoA6275)
at com.sun.net.ssl.SSLContext.getInstance(DashoA6275)
at
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocContext
not a SSLContext
at com.sun.net.ssl.SunJSSE_b.a(DashoA6275)
at com.sun.net.ssl.SSLContext.getInstance(DashoA6275)
...


In the other case, when the configuration-file looks like
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.ibm.jsse.JSSEProvider

this error message occurs:
java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError




The relevant part of the server.xml file is:

  




In the first case it looks like the two different jsse implementations cause
the problem. But how to configure it right?

Can anyone give me any suggestions?

Thanks
Bernhard






-Ursprüngliche Nachricht-
Von: Hiemer, Bernhard
Gesendet: Freitag, 16. April 2004 08:00
An: '[EMAIL PROTECTED]'
Betreff: Tomcat with SSL


Hi at all!

I´m trying to configure my Tomcat-Standalone for SSL-Support. I use Win XP,
JRE 1.3.1 and JSSE 1.0.3_02.
The Tomcat-Versions I tried are 4.1.30 and 5.0.19.

I worked along the HOW-TO on the Jakarta-Website:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

BUT I receive the following error on startup of Tomcat:
java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError

I have already tried the Options -Xmx512m -Xms128m to give the VM more
memory.

What´s to do now?
Thanks in advance for each little help!
Bernhard




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat with SSL

[Bill Barker]

I believe that you can't use IBM's JSSE with the HttpConnector.  You have to
use the CoyoteConnector.

"Hiemer, Bernhard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]

Hi Tomcat-Users,

I found out, that my problem depends on the configuration of the security
providers in the java.security file.
(On my machine is installed jsse from IBM and Sun).

If the configuration is
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.jsse.JSSEProvider
security.provider.3=com.sun.net.ssl.internal.ssl.Provider

I get the following Exception
Catalina.start: LifecycleException:  null.open:
java.security.NoSuchAlgorithmException: Class com.ibm.jsse.ba configured for
SSLContext not a SSLContext
at com.sun.net.ssl.SunJSSE_b.a(DashoA6275)
at com.sun.net.ssl.SSLContext.getInstance(DashoA6275)
at
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocContext
not a SSLContext
at com.sun.net.ssl.SunJSSE_b.a(DashoA6275)
at com.sun.net.ssl.SSLContext.getInstance(DashoA6275)
...


In the other case, when the configuration-file looks like
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.ibm.jsse.JSSEProvider

this error message occurs:
java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError




The relevant part of the server.xml file is:

  




In the first case it looks like the two different jsse implementations cause
the problem. But how to configure it right?

Can anyone give me any suggestions?

Thanks
Bernhard






-Ursprüngliche Nachricht-
Von: Hiemer, Bernhard
Gesendet: Freitag, 16. April 2004 08:00
An: '[EMAIL PROTECTED]'
Betreff: Tomcat with SSL


Hi at all!

I´m trying to configure my Tomcat-Standalone for SSL-Support. I use Win XP,
JRE 1.3.1 and JSSE 1.0.3_02.
The Tomcat-Versions I tried are 4.1.30 and 5.0.19.

I worked along the HOW-TO on the Jakarta-Website:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

BUT I receive the following error on startup of Tomcat:
java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError

I have already tried the Options -Xmx512m -Xms128m to give the VM more
memory.

What´s to do now?
Thanks in advance for each little help!
Bernhard




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat with SSL

[Hiemer, Bernhard]

Hi Tomcat-Users,

I found out, that my problem depends on the configuration of the security
providers in the java.security file.
(On my machine is installed jsse from IBM and Sun).

If the configuration is
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.jsse.JSSEProvider
security.provider.3=com.sun.net.ssl.internal.ssl.Provider

I get the following Exception
Catalina.start: LifecycleException:  null.open:
java.security.NoSuchAlgorithmException: Class com.ibm.jsse.ba configured for
SSLContext not a SSLContext
at com.sun.net.ssl.SunJSSE_b.a(DashoA6275)
at com.sun.net.ssl.SSLContext.getInstance(DashoA6275)
at
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocContext
not a SSLContext
at com.sun.net.ssl.SunJSSE_b.a(DashoA6275)
at com.sun.net.ssl.SSLContext.getInstance(DashoA6275)
...


In the other case, when the configuration-file looks like
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.ibm.jsse.JSSEProvider

this error message occurs:
java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError




The relevant part of the server.xml file is:

  




In the first case it looks like the two different jsse implementations cause
the problem. But how to configure it right?

Can anyone give me any suggestions?

Thanks 
Bernhard






-Ursprüngliche Nachricht-
Von: Hiemer, Bernhard 
Gesendet: Freitag, 16. April 2004 08:00
An: '[EMAIL PROTECTED]'
Betreff: Tomcat with SSL


Hi at all!

I´m trying to configure my Tomcat-Standalone for SSL-Support. I use Win XP,
JRE 1.3.1 and JSSE 1.0.3_02.
The Tomcat-Versions I tried are 4.1.30 and 5.0.19.

I worked along the HOW-TO on the Jakarta-Website:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

BUT I receive the following error on startup of Tomcat:
java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError

I have already tried the Options -Xmx512m -Xms128m to give the VM more
memory.

What´s to do now?
Thanks in advance for each little help!
Bernhard



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat with SSL

[Hiemer, Bernhard]

Hi at all!

I´m trying to configure my Tomcat-Standalone for SSL-Support. I use Win XP,
JRE 1.3.1 and JSSE 1.0.3_02.
The Tomcat-Versions I tried are 4.1.30 and 5.0.19.

I worked along the HOW-TO on the Jakarta-Website:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

BUT I receive the following error on startup of Tomcat:
java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError

I have already tried the Options -Xmx512m -Xms128m to give the VM more
memory.

What´s to do now?
Thanks in advance for each little help!
Bernhard



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat with SSL

[Ralf Schneider]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am Freitag, 23. Januar 2004 18:49 schrieb Ralf Schneider:
> Hi,
>
> I want to try out SSL connections with Tomcat 5.0.16. I followed the
> instructions in the docs and generated a certificate with keytool which is
> stored under /root/.keystore and uncommented the SSL connector in
> server.xml:

Sorry, the server is behind a firewall and I had to enable port 8443 first. 
After that, everything worked fine.

Ralf.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAEpTD7YyyfykA0YkRAoRnAJ9Lb1Ei4MvrhOdvP7LRb5xknvPlmwCgjcEa
mGqCaljrinV//2eqPo4PnB4=
=Mk/v
-END PGP SIGNATURE-


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat with SSL

[Ralf Schneider]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

I want to try out SSL connections with Tomcat 5.0.16. I followed the 
instructions in the docs and generated a certificate with keytool which is 
stored under /root/.keystore and uncommented the SSL connector in server.xml:



After that I restarted tomcat and tried to access my application via 
https://..:8443/index.jsp but nothing happens. After some time I get a 
timeout, but nothing appears in the logfile.

What can I do to get some information about what's going wrong?

BTW: Normal access via http and port 8080 still works fine.

Ralf.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAEV607YyyfykA0YkRAiLPAJwLFg+94nxPCNt3Mgf4llO5LPw0cQCgk6tp
7jAWmcMwUukUPlG6yHI6j34=
=fGUj
-END PGP SIGNATURE-


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Mufaddal Khumri]

When you create a public and a private key ... you make a request to  a 
CA to sign your public key ...  You never reveal to the CA your private 
key. Your private key as the name implies is always with you and nobody 
else.

You send the CA your public key and some other information.

The CA creates a certificate.
Any certificate has :
1. The public key
2. expiration date
3 algorithm
4. etc.
The certificate information is hashed and the hash of that is signed by 
the private key of the Certificate Issuing Authority (CA) .. like 
Verisign, or in your case your "little java app".

When you get back this certificate from the CA ... in your case you are 
using keytool to import it into your keystore. Your keystore does not 
have your private key yet.
SSL handshake requires you to have your private key in the keystore as 
well. I think that is what your problem is .. get your private key into 
keystore too.

thanks.

On Saturday, March 15, 2003, at 02:40  AM, Mark Liu wrote:

I think I got a little idea after I re-read the
keytool doc.
You see, when we generate the cert using keytool, both
the private key and the public key are stored in the
keystore.  And when we import the cert reply from the
CA, keystore will associate the private key with the
cert that wraps up the corresponding public key,
right?
However, in my project, I have the browser IE generate
the pkcs10 request and submit the request to the CA.
Apparently IE does not use the SUN keystore facility.
Thus, when I get the cert reply from the CA and import
it into the SUN keystore, the SUN keystore has no way
of matching the cert with a private key because the
the private key does not exist in the SUN keystore, it
is stored in the keystore that IE maintains, although
the SUN keystore still imports the cert.
Does my conjecture sound reasonable?

Thank you for your continued education.

Mark

--- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
I suggest that you try using your certificate with
other applications
for instance send yourself a digitally signed email
using your
certificate. If your certificate works with another
app then probably
there is something wrong with the way tomcat is
handling certificates.
If not (which is most probably the case) then there
is something
missing from the certificate. So I would strongly
recommend you to try
using your "little java application" generated
certificate with some
other app other than tomcat and see how it works.
Thanks.

On Saturday, March 15, 2003, at 12:39  AM, Mark Liu
wrote:
Well, I've never tried any other application.  I
only
know that I can import it into the keystore, I can
also import it into the browser (IE).
--- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
Do your certificates work with other applications
in
other scenarios ?

On Saturday, March 15, 2003, at 12:28  AM, Mark
Liu
wrote:

I am not sure if they are of the same format.  I
only
know that I am able to import the certificate
generated by my "little Java program" into the
keystore as alias tomcat.
Anywhere I can check the format of the
keytool-generated certificate?
--- Mufaddal Khumri <[EMAIL PROTECTED]>
wrote:
Is your certificate format  generated by your
"little java program"
exactly like the keytool generated certificate
?
Have you tested your
certificates with other applications to see if
you
are producing them
correctly ?
thanks.
On Friday, March 14, 2003, at 09:21  AM, Mark
Liu
wrote:

I know you guys have your great strategies in
balancing Apache and Tomcat.
But, my project isn't really so picky about
efficiency, so I simply run Tomcat with SSL
all
the
time.  It simplifies my project a little bit.

But then I do need to be able to run Tomcat
SSL
with
the certificated generated by my little Java
program.


--- mike jackson <[EMAIL PROTECTED]> wrote:
I've always run tomcat as a backend to
apache.
Apache may or may not
implement ssl.  That said, every time I've
implemented ssl I've done it
at the apache level, never at the tomcat
level.
In
fact the few times
that I've wanted ssl at the tomcat level
(usually
because I'm not
running apache) I've ended up setting up
apache
to
run as the front end.

But that's just me.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 13, 2003 6:44 PM
To: Tomcat Users List
Subject: Do you run Tomcat with SSL?
I am able to run Tomcat SSL with the
keytool-generated
certificate, but not the certificate my
little
Java
program generates.

I've been asking this question for a while in
this
list.  But it seems nobody has an answer to
it.
So
you guys never run Tomcat in SSL mode?  Or
you
guys
always use the keytool-generated certificate
for
the
SSL?




__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business
online
http://webhosting.yahoo.com

Re: Do you run Tomcat with SSL?

[Mark Liu]

I think I got a little idea after I re-read the
keytool doc.

You see, when we generate the cert using keytool, both
the private key and the public key are stored in the
keystore.  And when we import the cert reply from the
CA, keystore will associate the private key with the
cert that wraps up the corresponding public key,
right?

However, in my project, I have the browser IE generate
the pkcs10 request and submit the request to the CA.
Apparently IE does not use the SUN keystore facility.

Thus, when I get the cert reply from the CA and import
it into the SUN keystore, the SUN keystore has no way
of matching the cert with a private key because the
the private key does not exist in the SUN keystore, it
is stored in the keystore that IE maintains, although
the SUN keystore still imports the cert.

Does my conjecture sound reasonable?

Thank you for your continued education.

Mark


--- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
> I suggest that you try using your certificate with
> other applications 
> for instance send yourself a digitally signed email
> using your 
> certificate. If your certificate works with another
> app then probably 
> there is something wrong with the way tomcat is
> handling certificates. 
> If not (which is most probably the case) then there
> is something 
> missing from the certificate. So I would strongly
> recommend you to try 
> using your "little java application" generated
> certificate with some 
> other app other than tomcat and see how it works.
> 
> Thanks.
> 
> On Saturday, March 15, 2003, at 12:39  AM, Mark Liu
> wrote:
> 
> > Well, I've never tried any other application.  I
> only
> > know that I can import it into the keystore, I can
> > also import it into the browser (IE).
> >
> >
> > --- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
> >> Do your certificates work with other applications
> in
> >> other scenarios ?
> >>
> >> On Saturday, March 15, 2003, at 12:28  AM, Mark
> Liu
> >> wrote:
> >>
> >>> I am not sure if they are of the same format.  I
> >> only
> >>> know that I am able to import the certificate
> >>> generated by my "little Java program" into the
> >>> keystore as alias tomcat.
> >>>
> >>> Anywhere I can check the format of the
> >>> keytool-generated certificate?
> >>>
> >>> --- Mufaddal Khumri <[EMAIL PROTECTED]>
> wrote:
> >>>> Is your certificate format  generated by your
> >>>> "little java program"
> >>>> exactly like the keytool generated certificate
> ?
> >>>> Have you tested your
> >>>> certificates with other applications to see if
> >> you
> >>>> are producing them
> >>>> correctly ?
> >>>>
> >>>> thanks.
> >>>> On Friday, March 14, 2003, at 09:21  AM, Mark
> Liu
> >>>> wrote:
> >>>>
> >>>>> I know you guys have your great strategies in
> >>>>> balancing Apache and Tomcat.
> >>>>>
> >>>>> But, my project isn't really so picky about
> >>>>> efficiency, so I simply run Tomcat with SSL
> all
> >>>> the
> >>>>> time.  It simplifies my project a little bit.
> >>>>>
> >>>>> But then I do need to be able to run Tomcat
> SSL
> >>>> with
> >>>>> the certificated generated by my little Java
> >>>> program.
> >>>>>
> >>>>>
> >>>>> --- mike jackson <[EMAIL PROTECTED]> wrote:
> >>>>>> I've always run tomcat as a backend to
> apache.
> >>>>>> Apache may or may not
> >>>>>> implement ssl.  That said, every time I've
> >>>>>> implemented ssl I've done it
> >>>>>> at the apache level, never at the tomcat
> level.
> >>>> In
> >>>>>> fact the few times
> >>>>>> that I've wanted ssl at the tomcat level
> >> (usually
> >>>>>> because I'm not
> >>>>>> running apache) I've ended up setting up
> apache
> >>>> to
> >>>>>> run as the front end.
> >>>>>>
> >>>>>> But that's just me.
> >>>>>>
> >>>>>> --mikej
> >>>>>> -=-
> 

Re: Do you run Tomcat with SSL?

[Mufaddal Khumri]

I suggest that you try using your certificate with other applications 
for instance send yourself a digitally signed email using your 
certificate. If your certificate works with another app then probably 
there is something wrong with the way tomcat is handling certificates. 
If not (which is most probably the case) then there is something 
missing from the certificate. So I would strongly recommend you to try 
using your "little java application" generated certificate with some 
other app other than tomcat and see how it works.

Thanks.

On Saturday, March 15, 2003, at 12:39  AM, Mark Liu wrote:

Well, I've never tried any other application.  I only
know that I can import it into the keystore, I can
also import it into the browser (IE).
--- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
Do your certificates work with other applications in
other scenarios ?
On Saturday, March 15, 2003, at 12:28  AM, Mark Liu
wrote:
I am not sure if they are of the same format.  I
only
know that I am able to import the certificate
generated by my "little Java program" into the
keystore as alias tomcat.
Anywhere I can check the format of the
keytool-generated certificate?
--- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
Is your certificate format  generated by your
"little java program"
exactly like the keytool generated certificate ?
Have you tested your
certificates with other applications to see if
you
are producing them
correctly ?
thanks.
On Friday, March 14, 2003, at 09:21  AM, Mark Liu
wrote:
I know you guys have your great strategies in
balancing Apache and Tomcat.
But, my project isn't really so picky about
efficiency, so I simply run Tomcat with SSL all
the
time.  It simplifies my project a little bit.

But then I do need to be able to run Tomcat SSL
with
the certificated generated by my little Java
program.


--- mike jackson <[EMAIL PROTECTED]> wrote:
I've always run tomcat as a backend to apache.
Apache may or may not
implement ssl.  That said, every time I've
implemented ssl I've done it
at the apache level, never at the tomcat level.
In
fact the few times
that I've wanted ssl at the tomcat level
(usually
because I'm not
running apache) I've ended up setting up apache
to
run as the front end.

But that's just me.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 13, 2003 6:44 PM
To: Tomcat Users List
Subject: Do you run Tomcat with SSL?
I am able to run Tomcat SSL with the
keytool-generated
certificate, but not the certificate my little
Java
program generates.

I've been asking this question for a while in
this
list.  But it seems nobody has an answer to it.
So
you guys never run Tomcat in SSL mode?  Or you
guys
always use the keytool-generated certificate
for
the
SSL?



__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business
online
http://webhosting.yahoo.com






-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]







-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]



__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business
online
http://webhosting.yahoo.com





-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]






-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business
online
http://webhosting.yahoo.com



-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]




-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Do you run Tomcat with SSL?

[Jonathan Archer]

> Man, it's not that I don't know how to run Tomcat with
> SSL.  I know how to do that with the keytool-generated
> certificate.
>
> What I don't understand is why I can't run Tomcat SSL
> with the certificate generated by my little Java
> program.  And it is a valid certificate which I can
> successfully import into the keystore as alias tomcat.
>
> Any idea?

Have you had a read of
http://java.sun.com/j2se/1.4/docs/tooldocs/windows/keytool.html ?

Specifically, at the end under "Examples" you will find "Requesting a Signed
Certificate from a Certification Authority" and "Importing the Certificate
Reply from the CA" which may help.

Cheers,
Jon


>
> __
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://webhosting.yahoo.com
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Mark Liu]

Well, I've never tried any other application.  I only
know that I can import it into the keystore, I can
also import it into the browser (IE).


--- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
> Do your certificates work with other applications in
> other scenarios ?
> 
> On Saturday, March 15, 2003, at 12:28  AM, Mark Liu
> wrote:
> 
> > I am not sure if they are of the same format.  I
> only
> > know that I am able to import the certificate
> > generated by my "little Java program" into the
> > keystore as alias tomcat.
> >
> > Anywhere I can check the format of the
> > keytool-generated certificate?
> >
> > --- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
> >> Is your certificate format  generated by your
> >> "little java program"
> >> exactly like the keytool generated certificate ?
> >> Have you tested your
> >> certificates with other applications to see if
> you
> >> are producing them
> >> correctly ?
> >>
> >> thanks.
> >> On Friday, March 14, 2003, at 09:21  AM, Mark Liu
> >> wrote:
> >>
> >>> I know you guys have your great strategies in
> >>> balancing Apache and Tomcat.
> >>>
> >>> But, my project isn't really so picky about
> >>> efficiency, so I simply run Tomcat with SSL all
> >> the
> >>> time.  It simplifies my project a little bit.
> >>>
> >>> But then I do need to be able to run Tomcat SSL
> >> with
> >>> the certificated generated by my little Java
> >> program.
> >>>
> >>>
> >>> --- mike jackson <[EMAIL PROTECTED]> wrote:
> >>>> I've always run tomcat as a backend to apache.
> >>>> Apache may or may not
> >>>> implement ssl.  That said, every time I've
> >>>> implemented ssl I've done it
> >>>> at the apache level, never at the tomcat level.
> >> In
> >>>> fact the few times
> >>>> that I've wanted ssl at the tomcat level
> (usually
> >>>> because I'm not
> >>>> running apache) I've ended up setting up apache
> >> to
> >>>> run as the front end.
> >>>>
> >>>> But that's just me.
> >>>>
> >>>> --mikej
> >>>> -=-
> >>>> mike jackson
> >>>> [EMAIL PROTECTED]
> >>>>
> >>>> -Original Message-
> >>>> From: Mark Liu [mailto:[EMAIL PROTECTED]
> >>>> Sent: Thursday, March 13, 2003 6:44 PM
> >>>> To: Tomcat Users List
> >>>> Subject: Do you run Tomcat with SSL?
> >>>>
> >>>> I am able to run Tomcat SSL with the
> >>>> keytool-generated
> >>>> certificate, but not the certificate my little
> >> Java
> >>>> program generates.
> >>>>
> >>>> I've been asking this question for a while in
> >> this
> >>>> list.  But it seems nobody has an answer to it.
> >> So
> >>>> you guys never run Tomcat in SSL mode?  Or you
> >> guys
> >>>> always use the keytool-generated certificate
> for
> >> the
> >>>> SSL?
> >>>>
> >>>>
> >>
> __
> >>>> Do you Yahoo!?
> >>>> Yahoo! Web Hosting - establish your business
> >> online
> >>>> http://webhosting.yahoo.com
> >>>>
> >>>>
> >>>
> >>
> >
>
-
> >>>> To unsubscribe, e-mail:
> >>>> [EMAIL PROTECTED]
> >>>> For additional commands, e-mail:
> >>>> [EMAIL PROTECTED]
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>
> >
>
-
> >>>> To unsubscribe, e-mail:
> >>>> [EMAIL PROTECTED]
> >>>> For additional commands, e-mail:
> >>>> [EMAIL PROTECTED]
> >>>>
> >>>
> >>>
> >>>
> __
> >>> Do you Yahoo!?
> >>> Yahoo! Web Hosting - establish your business
> >> online
> >>> http://webhosting.yahoo.com
> >>>
> >>>
> >>
> >
>
-
> >>> To unsubscribe, e-mail:
> >> [EMAIL PROTECTED]
> >>> For additional commands, e-mail:
> >> [EMAIL PROTECTED]
> >>>
> >>
> >>
> >>
> >
>
-
> >> To unsubscribe, e-mail:
> >> [EMAIL PROTECTED]
> >> For additional commands, e-mail:
> >> [EMAIL PROTECTED]
> >>
> >
> >
> > __
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http://webhosting.yahoo.com
> >
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Mufaddal Khumri]

Do your certificates work with other applications in other scenarios ?

On Saturday, March 15, 2003, at 12:28  AM, Mark Liu wrote:

I am not sure if they are of the same format.  I only
know that I am able to import the certificate
generated by my "little Java program" into the
keystore as alias tomcat.
Anywhere I can check the format of the
keytool-generated certificate?
--- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
Is your certificate format  generated by your
"little java program"
exactly like the keytool generated certificate ?
Have you tested your
certificates with other applications to see if you
are producing them
correctly ?
thanks.
On Friday, March 14, 2003, at 09:21  AM, Mark Liu
wrote:
I know you guys have your great strategies in
balancing Apache and Tomcat.
But, my project isn't really so picky about
efficiency, so I simply run Tomcat with SSL all
the
time.  It simplifies my project a little bit.

But then I do need to be able to run Tomcat SSL
with
the certificated generated by my little Java
program.


--- mike jackson <[EMAIL PROTECTED]> wrote:
I've always run tomcat as a backend to apache.
Apache may or may not
implement ssl.  That said, every time I've
implemented ssl I've done it
at the apache level, never at the tomcat level.
In
fact the few times
that I've wanted ssl at the tomcat level (usually
because I'm not
running apache) I've ended up setting up apache
to
run as the front end.

But that's just me.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 13, 2003 6:44 PM
To: Tomcat Users List
Subject: Do you run Tomcat with SSL?
I am able to run Tomcat SSL with the
keytool-generated
certificate, but not the certificate my little
Java
program generates.

I've been asking this question for a while in
this
list.  But it seems nobody has an answer to it.
So
you guys never run Tomcat in SSL mode?  Or you
guys
always use the keytool-generated certificate for
the
SSL?


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business
online
http://webhosting.yahoo.com




-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]





-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business
online
http://webhosting.yahoo.com



-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]




-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Mark Liu]

--- Gabriel Santonja <[EMAIL PROTECTED]> wrote:
> On Thu, 13 Mar 2003 19:51:57 -0800 (PST)
> Mark Liu <[EMAIL PROTECTED]> wrote:
> 
> > I know you guys have your great strategies in
> > balancing Apache and Tomcat.
> > 
> > But, my project isn't really so picky about
> > efficiency, so I simply run Tomcat with SSL all
> the
> > time.  It simplifies my project a little bit.
> > 
> > But then I do need to be able to run Tomcat SSL
> with
> > the certificated generated by my little Java
> program.

> Why don't you use the SSL HOwto in tomcat?. I'am not
> sure on windows but
> on linux it work fine with SSL on the 8443 port
> 
> Actually my own problem is to use SSL only in realm
> login page but it's
> visibly difficult.
> Goodbye.

Man, it's not that I don't know how to run Tomcat with
SSL.  I know how to do that with the keytool-generated
certificate.

What I don't understand is why I can't run Tomcat SSL
with the certificate generated by my little Java
program.  And it is a valid certificate which I can
successfully import into the keystore as alias tomcat.

Any idea?

__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Mark Liu]

I am not sure if they are of the same format.  I only
know that I am able to import the certificate
generated by my "little Java program" into the
keystore as alias tomcat.

Anywhere I can check the format of the
keytool-generated certificate?

--- Mufaddal Khumri <[EMAIL PROTECTED]> wrote:
> Is your certificate format  generated by your
> "little java program" 
> exactly like the keytool generated certificate ?
> Have you tested your 
> certificates with other applications to see if you
> are producing them 
> correctly ?
> 
> thanks.
> On Friday, March 14, 2003, at 09:21  AM, Mark Liu
> wrote:
> 
> > I know you guys have your great strategies in
> > balancing Apache and Tomcat.
> >
> > But, my project isn't really so picky about
> > efficiency, so I simply run Tomcat with SSL all
> the
> > time.  It simplifies my project a little bit.
> >
> > But then I do need to be able to run Tomcat SSL
> with
> > the certificated generated by my little Java
> program.
> >
> >
> > --- mike jackson <[EMAIL PROTECTED]> wrote:
> >> I've always run tomcat as a backend to apache.
> >> Apache may or may not
> >> implement ssl.  That said, every time I've
> >> implemented ssl I've done it
> >> at the apache level, never at the tomcat level. 
> In
> >> fact the few times
> >> that I've wanted ssl at the tomcat level (usually
> >> because I'm not
> >> running apache) I've ended up setting up apache
> to
> >> run as the front end.
> >>
> >> But that's just me.
> >>
> >> --mikej
> >> -=-
> >> mike jackson
> >> [EMAIL PROTECTED]
> >>
> >> -Original Message-
> >> From: Mark Liu [mailto:[EMAIL PROTECTED]
> >> Sent: Thursday, March 13, 2003 6:44 PM
> >> To: Tomcat Users List
> >> Subject: Do you run Tomcat with SSL?
> >>
> >> I am able to run Tomcat SSL with the
> >> keytool-generated
> >> certificate, but not the certificate my little
> Java
> >> program generates.
> >>
> >> I've been asking this question for a while in
> this
> >> list.  But it seems nobody has an answer to it. 
> So
> >> you guys never run Tomcat in SSL mode?  Or you
> guys
> >> always use the keytool-generated certificate for
> the
> >> SSL?
> >>
> >>
> __
> >> Do you Yahoo!?
> >> Yahoo! Web Hosting - establish your business
> online
> >> http://webhosting.yahoo.com
> >>
> >>
> >
>
-
> >> To unsubscribe, e-mail:
> >> [EMAIL PROTECTED]
> >> For additional commands, e-mail:
> >> [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
> >
>
-
> >> To unsubscribe, e-mail:
> >> [EMAIL PROTECTED]
> >> For additional commands, e-mail:
> >> [EMAIL PROTECTED]
> >>
> >
> >
> > __
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http://webhosting.yahoo.com
> >
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Mufaddal Khumri]

Is your certificate format  generated by your "little java program" 
exactly like the keytool generated certificate ? Have you tested your 
certificates with other applications to see if you are producing them 
correctly ?

thanks.
On Friday, March 14, 2003, at 09:21  AM, Mark Liu wrote:
I know you guys have your great strategies in
balancing Apache and Tomcat.
But, my project isn't really so picky about
efficiency, so I simply run Tomcat with SSL all the
time.  It simplifies my project a little bit.
But then I do need to be able to run Tomcat SSL with
the certificated generated by my little Java program.
--- mike jackson <[EMAIL PROTECTED]> wrote:
I've always run tomcat as a backend to apache.
Apache may or may not
implement ssl.  That said, every time I've
implemented ssl I've done it
at the apache level, never at the tomcat level.  In
fact the few times
that I've wanted ssl at the tomcat level (usually
because I'm not
running apache) I've ended up setting up apache to
run as the front end.
But that's just me.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]
-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 13, 2003 6:44 PM
To: Tomcat Users List
Subject: Do you run Tomcat with SSL?
I am able to run Tomcat SSL with the
keytool-generated
certificate, but not the certificate my little Java
program generates.
I've been asking this question for a while in this
list.  But it seems nobody has an answer to it.  So
you guys never run Tomcat in SSL mode?  Or you guys
always use the keytool-generated certificate for the
SSL?
__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]



-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Josef Templ]

With Tomcat 4.1.18 there is an (undocumented??) attribute in the request,
which holds the certificate trust chain as an X509Certificate[].

request.getAttribute("javax.servlet.request.X509Certificate")

I have seen exceptions under Tomcat 4.1.12 (some SSL HANDSHAKE problem)
in the log, which explain why there was no such attribute in the request.

- Josef




- Original Message -
From: "Bodycombe, Andrew" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Friday, March 14, 2003 12:19 PM
Subject: RE: Do you run Tomcat with SSL?


You can write a class that implements the X509TrustManager interface.
Then initialize your SSLContext with this TrustManager.
Get a SocketFactory for your SSLContext.
Finally, set this as the default SocketFactory for all HttpsUrlConnections.

The code in your checkClientTrusted method will execute every time someone
tries
to make a connection via HTTPS. This method takes an array of
X509Certificates
as a parameter (the whole certificate chain, not just the supplied client
certificate)

HTH
Andy

-Original Message-
From: Josef Templ [mailto:[EMAIL PROTECTED]
Sent: 14 March 2003 11:10
To: Tomcat Users List
Subject: Re: Do you run Tomcat with SSL?


I can confirm that it works. I am using tomcat 4.1.12.

The only point I have not solved so far is how to get
access to the client certificate in my servlet or JSP.

I would like to do programmatic security, i.e. store
users in a database and verify the authenticated user
in a JSP or servlet.

Does anybody know if this is possible at all?

- Josef Templ



- Original Message -
From: "Gabriel Santonja" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 14, 2003 11:56 AM
Subject: Re: Do you run Tomcat with SSL?


> On Thu, 13 Mar 2003 19:51:57 -0800 (PST)
> Mark Liu <[EMAIL PROTECTED]> wrote:
>
> > I know you guys have your great strategies in
> > balancing Apache and Tomcat.
> >
> > But, my project isn't really so picky about
> > efficiency, so I simply run Tomcat with SSL all the
> > time.  It simplifies my project a little bit.
> >
> > But then I do need to be able to run Tomcat SSL with
> > the certificated generated by my little Java program.
> Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but
> on linux it work fine with SSL on the 8443 port
>
> Actually my own problem is to use SSL only in realm login page but it's
> visibly difficult.
> Goodbye.
> ___
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Josef Templ]

Hmm, I actually don't want to check the trust chain myself.
There is no need to do anything special.

All I want is to access the content of the client certificate,
which should be checkd as usual.

Isn't this a very common situation for a web application,
which uses certificates as a straight forward replacemnet for passwords?

- Josef


- Original Message -
From: "Bodycombe, Andrew" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Friday, March 14, 2003 12:19 PM
Subject: RE: Do you run Tomcat with SSL?


You can write a class that implements the X509TrustManager interface.
Then initialize your SSLContext with this TrustManager.
Get a SocketFactory for your SSLContext.
Finally, set this as the default SocketFactory for all HttpsUrlConnections.

The code in your checkClientTrusted method will execute every time someone
tries
to make a connection via HTTPS. This method takes an array of
X509Certificates
as a parameter (the whole certificate chain, not just the supplied client
certificate)

HTH
Andy

-Original Message-
From: Josef Templ [mailto:[EMAIL PROTECTED]
Sent: 14 March 2003 11:10
To: Tomcat Users List
Subject: Re: Do you run Tomcat with SSL?


I can confirm that it works. I am using tomcat 4.1.12.

The only point I have not solved so far is how to get
access to the client certificate in my servlet or JSP.

I would like to do programmatic security, i.e. store
users in a database and verify the authenticated user
in a JSP or servlet.

Does anybody know if this is possible at all?

- Josef Templ



- Original Message -
From: "Gabriel Santonja" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 14, 2003 11:56 AM
Subject: Re: Do you run Tomcat with SSL?


> On Thu, 13 Mar 2003 19:51:57 -0800 (PST)
> Mark Liu <[EMAIL PROTECTED]> wrote:
>
> > I know you guys have your great strategies in
> > balancing Apache and Tomcat.
> >
> > But, my project isn't really so picky about
> > efficiency, so I simply run Tomcat with SSL all the
> > time.  It simplifies my project a little bit.
> >
> > But then I do need to be able to run Tomcat SSL with
> > the certificated generated by my little Java program.
> Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but
> on linux it work fine with SSL on the 8443 port
>
> Actually my own problem is to use SSL only in realm login page but it's
> visibly difficult.
> Goodbye.
> ___
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Do you run Tomcat with SSL?

[Bodycombe, Andrew]

You can write a class that implements the X509TrustManager interface.
Then initialize your SSLContext with this TrustManager.
Get a SocketFactory for your SSLContext.
Finally, set this as the default SocketFactory for all HttpsUrlConnections.

The code in your checkClientTrusted method will execute every time someone
tries
to make a connection via HTTPS. This method takes an array of
X509Certificates
as a parameter (the whole certificate chain, not just the supplied client
certificate)

HTH
Andy

-Original Message-
From: Josef Templ [mailto:[EMAIL PROTECTED]
Sent: 14 March 2003 11:10
To: Tomcat Users List
Subject: Re: Do you run Tomcat with SSL?


I can confirm that it works. I am using tomcat 4.1.12.

The only point I have not solved so far is how to get
access to the client certificate in my servlet or JSP.

I would like to do programmatic security, i.e. store
users in a database and verify the authenticated user
in a JSP or servlet.

Does anybody know if this is possible at all?

- Josef Templ



- Original Message -
From: "Gabriel Santonja" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 14, 2003 11:56 AM
Subject: Re: Do you run Tomcat with SSL?


> On Thu, 13 Mar 2003 19:51:57 -0800 (PST)
> Mark Liu <[EMAIL PROTECTED]> wrote:
>
> > I know you guys have your great strategies in
> > balancing Apache and Tomcat.
> >
> > But, my project isn't really so picky about
> > efficiency, so I simply run Tomcat with SSL all the
> > time.  It simplifies my project a little bit.
> >
> > But then I do need to be able to run Tomcat SSL with
> > the certificated generated by my little Java program.
> Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but
> on linux it work fine with SSL on the 8443 port
>
> Actually my own problem is to use SSL only in realm login page but it's
> visibly difficult.
> Goodbye.
> ___
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Josef Templ]

I can confirm that it works. I am using tomcat 4.1.12.

The only point I have not solved so far is how to get
access to the client certificate in my servlet or JSP.

I would like to do programmatic security, i.e. store
users in a database and verify the authenticated user
in a JSP or servlet.

Does anybody know if this is possible at all?

- Josef Templ



- Original Message -
From: "Gabriel Santonja" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 14, 2003 11:56 AM
Subject: Re: Do you run Tomcat with SSL?


> On Thu, 13 Mar 2003 19:51:57 -0800 (PST)
> Mark Liu <[EMAIL PROTECTED]> wrote:
>
> > I know you guys have your great strategies in
> > balancing Apache and Tomcat.
> >
> > But, my project isn't really so picky about
> > efficiency, so I simply run Tomcat with SSL all the
> > time.  It simplifies my project a little bit.
> >
> > But then I do need to be able to run Tomcat SSL with
> > the certificated generated by my little Java program.
> Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but
> on linux it work fine with SSL on the 8443 port
>
> Actually my own problem is to use SSL only in realm login page but it's
> visibly difficult.
> Goodbye.
> ___
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Gabriel Santonja]

On Thu, 13 Mar 2003 19:51:57 -0800 (PST)
Mark Liu <[EMAIL PROTECTED]> wrote:

> I know you guys have your great strategies in
> balancing Apache and Tomcat.
> 
> But, my project isn't really so picky about
> efficiency, so I simply run Tomcat with SSL all the
> time.  It simplifies my project a little bit.
> 
> But then I do need to be able to run Tomcat SSL with
> the certificated generated by my little Java program.
Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but
on linux it work fine with SSL on the 8443 port

Actually my own problem is to use SSL only in realm login page but it's
visibly difficult.
Goodbye.
___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Do you run Tomcat with SSL?

[Mark Liu]

I know you guys have your great strategies in
balancing Apache and Tomcat.

But, my project isn't really so picky about
efficiency, so I simply run Tomcat with SSL all the
time.  It simplifies my project a little bit.

But then I do need to be able to run Tomcat SSL with
the certificated generated by my little Java program.


--- mike jackson <[EMAIL PROTECTED]> wrote:
> I've always run tomcat as a backend to apache. 
> Apache may or may not
> implement ssl.  That said, every time I've
> implemented ssl I've done it
> at the apache level, never at the tomcat level.  In
> fact the few times
> that I've wanted ssl at the tomcat level (usually
> because I'm not
> running apache) I've ended up setting up apache to
> run as the front end.
> 
> But that's just me.
> 
> --mikej
> -=-
> mike jackson
> [EMAIL PROTECTED]
> 
> -Original Message-
> From: Mark Liu [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, March 13, 2003 6:44 PM
> To: Tomcat Users List
> Subject: Do you run Tomcat with SSL?
> 
> I am able to run Tomcat SSL with the
> keytool-generated
> certificate, but not the certificate my little Java
> program generates.
> 
> I've been asking this question for a while in this
> list.  But it seems nobody has an answer to it.  So
> you guys never run Tomcat in SSL mode?  Or you guys
> always use the keytool-generated certificate for the
> SSL?
> 
> __
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://webhosting.yahoo.com
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Do you run Tomcat with SSL?

[mike jackson]

I've always run tomcat as a backend to apache.  Apache may or may not
implement ssl.  That said, every time I've implemented ssl I've done it
at the apache level, never at the tomcat level.  In fact the few times
that I've wanted ssl at the tomcat level (usually because I'm not
running apache) I've ended up setting up apache to run as the front end.

But that's just me.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

-Original Message-
From: Mark Liu [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 13, 2003 6:44 PM
To: Tomcat Users List
Subject: Do you run Tomcat with SSL?

I am able to run Tomcat SSL with the keytool-generated
certificate, but not the certificate my little Java
program generates.

I've been asking this question for a while in this
list.  But it seems nobody has an answer to it.  So
you guys never run Tomcat in SSL mode?  Or you guys
always use the keytool-generated certificate for the SSL?

__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[Mark Liu]

That means I still won't get any answer from this
list, right?

Does the keytool-generated certificate have something
special in it?

Check the attached certificate which is generated by
my little Java program.  It *is* a valid certificate,
and can be successfully imported into the keystore. 
But then how come I just can't run Tomcat SSL with
this certificate?  There are no exception messages
from the Tomcat Console.

Is this a really tough problem and even gurus, if we
have a few here, don't have an answer to it?



--- p niemandt <[EMAIL PROTECTED]> wrote:
> My guess would be that most people only use SSL on
> the web front end:
> Apache listens on port 443, does all the SSL layer
> stuff, with Tomcat
> usually behind the firewall, and the Tomcat <--> Web
> Server (Apache /
> IIS) unencrypted.
> 
> just my 2c
> 
> Regards,
> Paul
> 
> On Fri, 2003-03-14 at 02:43, Mark Liu wrote:
> > I am able to run Tomcat SSL with the
> keytool-generated
> > certificate, but not the certificate my little
> Java
> > program generates.
> > 
> > I've been asking this question for a while in this
> > list.  But it seems nobody has an answer to it. 
> So
> > you guys never run Tomcat in SSL mode?  Or you
> guys
> > always use the keytool-generated certificate for
> the SSL?
> > 
> > __
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http://webhosting.yahoo.com
> > 
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> -- 
> p niemandt <[EMAIL PROTECTED]>
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

cert4ca.cer
Description: cert4ca.cer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Do you run Tomcat with SSL?

[p niemandt]

My guess would be that most people only use SSL on the web front end:
Apache listens on port 443, does all the SSL layer stuff, with Tomcat
usually behind the firewall, and the Tomcat <--> Web Server (Apache /
IIS) unencrypted.

just my 2c

Regards,
Paul

On Fri, 2003-03-14 at 02:43, Mark Liu wrote:
> I am able to run Tomcat SSL with the keytool-generated
> certificate, but not the certificate my little Java
> program generates.
> 
> I've been asking this question for a while in this
> list.  But it seems nobody has an answer to it.  So
> you guys never run Tomcat in SSL mode?  Or you guys
> always use the keytool-generated certificate for the SSL?
> 
> __
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://webhosting.yahoo.com
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-- 
p niemandt <[EMAIL PROTECTED]>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Do you run Tomcat with SSL?

[Mark Liu]

I am able to run Tomcat SSL with the keytool-generated
certificate, but not the certificate my little Java
program generates.

I've been asking this question for a while in this
list.  But it seems nobody has an answer to it.  So
you guys never run Tomcat in SSL mode?  Or you guys
always use the keytool-generated certificate for the SSL?

__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

How to use a 3rd party certificate to run tomcat with SSL?

[Mark Liu]

I use Tomcat 4.1.12.

I am writing my own Certification Authority (CA)
called Demo CA, and want to give it a shot.

I read the tomcat SSL-HOWTO doc and did it like this:

1. Create a local Certificate like this: 
   
keytool -genkey -alias tomcat -keyalg RSA -keystore

I used John Doe as my name for this certificate.

2. I visited the website of my own CA through HTTPS,
and got the CA's certificate, which I saved on hard
drive as cacert.cer.

3. I requested an certificate from this CA and got a 
valid X509 certificate of version 3 from it shortly,
this I saved on hard drive and named it webcert.cer,
because i am going to run a demo banking web service. 
By default, certificates issued by my CA are valid for
12 months.

4. I did not create a local Certificate Signing
Request (CSR), since I am not getting a certificate
from a real CA like Verisign or Thawte.

5. I imported the CA certificate like this:

keytool -import -alias root -keystore -trustcacerts
-file cacert.cer.

and this was successful.

6.  Finally I imported my new Certificate which I got
from the CA like so:
   
keytool -import -alias tomcat -keystore -trustcacerts
-file webcert.cer.

and this was also successful.

Then I was able to run the demo banking web server
with SSL at https://www.mockbank.com.

When I visit https://www.mockbank.com from a client
machine with Internet Explorer(IE), as I expected, IE
presents me with the Security Alert about the
certificate of my mockbank.

The security alert says 3 things:

1. The certificate was issued by a company you have
not chosen to trust, view the certificate and decide
if you wanna trust the CA.

2. The certificate date is valid.

3. The name on the certificate is invalid or does not
match the name of the site.

When I view the certificate, I see that the
certificate was issued to John Doe and was issued by
John Doe, and it is valid for only 6 months, and it is
of version 1 instead of version 3!

Obviously, this is the self-signed certificate that I
created by keytool.  It is not the certificate that I
obtained from my CA.

Then does this mean that I should have used my domain
name www.mockbank.com instead of john doe as my name
when I requested the certificate from my CA?

Besides this, did I do anything wrong?

Thanks a lot in advance.


__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Apache+Tomcat with SSL?

[Turner, John]

http://www.modssl.org/

John


> -Original Message-
> From: Manoj Kithany [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 18, 2003 12:32 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Apache+Tomcat with SSL?
> 
> 
> Hi Lajos,
> 
> I have Apache 1.3.26 on IBM AIX 5.1L
> I also have mod_ssl 2.8.11-1.3.27
> 
> When I configure my APache (REF: Your Web article) as:
> -
> ./configure --with-layout=Apache --prefix=/opt --enable-module=ssl 
> --enable-shared=ssl --enable-module=so
> -
> 
> 
> I get following ERROR:
> -
> Configuring for Apache 1.3.26
> configure:Error: No Such module named 'ssl'
> -
> 
> wher can I find mod_ssl for Apache 1.3.26 running on IBM AIX 5.1L OS?
> 
> THANKS!
> 
> 
> >From: Lajos <[EMAIL PROTECTED]>
> >Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]>
> >To: Tomcat Users List <[EMAIL PROTECTED]>
> >Subject: Re: Apache+Tomcat with SSL?
> >Date: Tue, 18 Feb 2003 09:08:04 -0700
> >
> >Hi Manoj -
> >
> >You'll want to compile Apache with mod_ssl in it. I have several 
> >FlashGuides on my site which will help you - 
> >http://www.galatea.com/flashguides/apache-ssl-win32.xml or 
> >http://www.galatea.com/flashguides/apache-ssl-unix.xml, 
> depending on your 
> >OS. Let me know if something doesn't work.
> >
> >Regards,
> >
> >Lajos
> >
> >
> >Manoj Kithany wrote:
> >>Hi:
> >>
> >>I am using Apache 1.3.26 with JBoss ... it is working fine.
> >>
> >>Now I have installed SSL Certificates on my Servers and 
> wondering how to 
> >>configure Apache for SSL?
> >>Should I install mod_ssl or Apache-SSL? Are both these same 
> ? which one is 
> >>recommended?
> >>
> >>Thanks!
> 
> _
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
> http://join.msn.com/?page=features/junkmail
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache+Tomcat with SSL?

[Manoj Kithany]

Hi Lajos,

I have Apache 1.3.26 on IBM AIX 5.1L
I also have mod_ssl 2.8.11-1.3.27

When I configure my APache (REF: Your Web article) as:
-
./configure --with-layout=Apache --prefix=/opt --enable-module=ssl 
--enable-shared=ssl --enable-module=so
-


I get following ERROR:
-
Configuring for Apache 1.3.26
configure:Error: No Such module named 'ssl'
-

wher can I find mod_ssl for Apache 1.3.26 running on IBM AIX 5.1L OS?

THANKS!


From: Lajos <[EMAIL PROTECTED]>
Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]>
To: Tomcat Users List <[EMAIL PROTECTED]>
Subject: Re: Apache+Tomcat with SSL?
Date: Tue, 18 Feb 2003 09:08:04 -0700

Hi Manoj -

You'll want to compile Apache with mod_ssl in it. I have several 
FlashGuides on my site which will help you - 
http://www.galatea.com/flashguides/apache-ssl-win32.xml or 
http://www.galatea.com/flashguides/apache-ssl-unix.xml, depending on your 
OS. Let me know if something doesn't work.

Regards,

Lajos


Manoj Kithany wrote:
Hi:

I am using Apache 1.3.26 with JBoss ... it is working fine.

Now I have installed SSL Certificates on my Servers and wondering how to 
configure Apache for SSL?
Should I install mod_ssl or Apache-SSL? Are both these same ? which one is 
recommended?

Thanks!

_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache+Tomcat with SSL?

[Lajos]

Hi Manoj -

You'll want to compile Apache with mod_ssl in it. I have several 
FlashGuides on my site which will help you - 
http://www.galatea.com/flashguides/apache-ssl-win32.xml or 
http://www.galatea.com/flashguides/apache-ssl-unix.xml, depending on 
your OS. Let me know if something doesn't work.

Regards,

Lajos


Manoj Kithany wrote:
Hi:

I am using Apache 1.3.26 with JBoss ... it is working fine.

Now I have installed SSL Certificates on my Servers and wondering how to 
configure Apache for SSL?
Should I install mod_ssl or Apache-SSL? Are both these same ? which one 
is recommended?

Thanks!






_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




--



   Lajos Moczar
  
Open Source Support, Consulting and Training
  
Cocoon Developer's Handbook
 (www.amazon.com/exec/obidos/tg/detail/-/0672322579)

   _  _
  / \ /
 /___\  /
/ \   /

 http://www.galatea.com -- powered by AzSSL


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Apache+Tomcat with SSL?

[Manoj Kithany]

Hi:

I am using Apache 1.3.26 with JBoss ... it is working fine.

Now I have installed SSL Certificates on my Servers and wondering how to 
configure Apache for SSL?
Should I install mod_ssl or Apache-SSL? Are both these same ? which one is 
recommended?

Thanks!






_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat with SSL and Client certificate

[Mehmet Birgi]

Frédéric LE MAISTRE wrote:

are you sure of the syntax?
Because startup -Djavax.net.debug=all  didn't do anything


try: -Djavax.net.debug=ssl (to see all sll related stuff)
or: -Djavax.net.debug=help (to see your options)



- Original Message -
From: "Wolfgang Stein" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 17, 2002 9:40 AM
Subject: Re: Tomcat with SSL and Client certificate



Start Tomcat with the additional option
   -Djavax.net.debug=all
and watch the console. Although you will get a lot
of output, it might help you in identifying the problem.

Good luck,
Wolfgang Stein



-Original Message-
From: Frédéric LE MAISTRE [mailto:be.info@;lafon.fr]
Sent: Thursday, October 17, 2002 8:39 AM
To: Tomcat Users List
Subject: Tomcat with SSL and Client certificate


I made an SSL connection between Tomcat server and IE client.
It seems to
work, but by the way Tomcat get an exception :
Handshake failed
javax.net.ssl.SSLException: error while writing to socket
, although the client certificate is well recognized and SSL
is enabled.
Somebody knows what"s wrong?

Thanks

Fredd



--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@;jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>





--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>

Re: Tomcat with SSL and Client certificate

[Wolfgang Stein]

No i am not. It was a while ago when i used
the option successfully for debugging SSL
on Tomcat 3.2.X. at least. 

Not sure whether i were running on jdk 1.3 or 1.2

It triggered a lot of output about the SSL-handshake
into the WinNT console window. 

Don't have the Catalina startup scripts at hand,
but you might try setting the option in ctatlina.bat
resp. in the environment var CATALINA_OPTS or so.

Cheers,
Wolfgang Stein


> -Original Message-
> From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 17, 2002 9:45 AM
> To: Tomcat Users List
> Subject: Re: Tomcat with SSL and Client certificate
> 
> 
> are you sure of the syntax?
> Because startup -Djavax.net.debug=all  didn't do anything


> - Original Message -
> From: "Wolfgang Stein" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, October 17, 2002 9:40 AM
> Subject: Re: Tomcat with SSL and Client certificate
> 
> 
> 
> Start Tomcat with the additional option
>-Djavax.net.debug=all
> and watch the console. Although you will get a lot
> of output, it might help you in identifying the problem.
> 
> Good luck,
> Wolfgang Stein
> 
> > -Original Message-
> > From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, October 17, 2002 8:39 AM
> > To: Tomcat Users List
> > Subject: Tomcat with SSL and Client certificate
> >
> >
> > I made an SSL connection between Tomcat server and IE client.
> > It seems to
> > work, but by the way Tomcat get an exception :
> > Handshake failed
> > javax.net.ssl.SSLException: error while writing to socket
> > , although the client certificate is well recognized and SSL
> > is enabled.
> > Somebody knows what"s wrong?
> >
> > Thanks
> >
> > Fredd
> 
> --
>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Tomcat with SSL and Client certificate

[Frédéric LE MAISTRE]

are you sure of the syntax?
Because startup -Djavax.net.debug=all  didn't do anything
- Original Message -
From: "Wolfgang Stein" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 17, 2002 9:40 AM
Subject: Re: Tomcat with SSL and Client certificate



Start Tomcat with the additional option
   -Djavax.net.debug=all
and watch the console. Although you will get a lot
of output, it might help you in identifying the problem.

Good luck,
Wolfgang Stein

> -Original Message-
> From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 17, 2002 8:39 AM
> To: Tomcat Users List
> Subject: Tomcat with SSL and Client certificate
>
>
> I made an SSL connection between Tomcat server and IE client.
> It seems to
> work, but by the way Tomcat get an exception :
> Handshake failed
> javax.net.ssl.SSLException: error while writing to socket
> , although the client certificate is well recognized and SSL
> is enabled.
> Somebody knows what"s wrong?
>
> Thanks
>
> Fredd

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Tomcat with SSL and Client certificate

[Wolfgang Stein]

Start Tomcat with the additional option
   -Djavax.net.debug=all  
and watch the console. Although you will get a lot
of output, it might help you in identifying the problem.

Good luck,
Wolfgang Stein

> -Original Message-
> From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 17, 2002 8:39 AM
> To: Tomcat Users List
> Subject: Tomcat with SSL and Client certificate
> 
> 
> I made an SSL connection between Tomcat server and IE client. 
> It seems to
> work, but by the way Tomcat get an exception :
> Handshake failed
> javax.net.ssl.SSLException: error while writing to socket
> , although the client certificate is well recognized and SSL 
> is enabled.
> Somebody knows what"s wrong?
> 
> Thanks
> 
> Fredd

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Tomcat with SSL and Client certificate

[Frédéric LE MAISTRE]

because if I delete the client certificate for example, I have the same
error but my browser didn't show nothing. In my case, I see my page and the
little padlock in the bottom right of the browser

Strange isn't it?
- Original Message -
From: "Mehmet Birgi" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, October 17, 2002 9:24 AM
Subject: Re: Tomcat with SSL and Client certificate


> how do you know the client certificate is "well recognized"? This error
> usually means that the client authentication is not working, you can
> check this by setting ClientAuth="false" and retrying.
>
> cheers,
>
> memo
>
>
> Frédéric LE MAISTRE wrote:
> > I made an SSL connection between Tomcat server and IE client. It seems
to
> > work, but by the way Tomcat get an exception :
> > Handshake failed
> > javax.net.ssl.SSLException: error while writing to socket
> > , although the client certificate is well recognized and SSL is enabled.
> > Somebody knows what"s wrong?
> >
> > Thanks
> >
> > Fredd
> >
> >
> > --
> > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
> >
> >
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Tomcat with SSL and Client certificate

[Mehmet Birgi]

how do you know the client certificate is "well recognized"? This error 
usually means that the client authentication is not working, you can 
check this by setting ClientAuth="false" and retrying.

cheers,

memo


Frédéric LE MAISTRE wrote:
> I made an SSL connection between Tomcat server and IE client. It seems to
> work, but by the way Tomcat get an exception :
> Handshake failed
> javax.net.ssl.SSLException: error while writing to socket
> , although the client certificate is well recognized and SSL is enabled.
> Somebody knows what"s wrong?
> 
> Thanks
> 
> Fredd
> 
> 
> --
> To unsubscribe, e-mail:   
> For additional commands, e-mail: 
> 
> 


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Tomcat with SSL and Client certificate

[Frédéric LE MAISTRE]

I made an SSL connection between Tomcat server and IE client. It seems to
work, but by the way Tomcat get an exception :
Handshake failed
javax.net.ssl.SSLException: error while writing to socket
, although the client certificate is well recognized and SSL is enabled.
Somebody knows what"s wrong?

Thanks

Fredd


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Problem in Confiure Tomcat with SSL

[Raja Reddy]

Sir,

I downloaded JSSE and i installed as given in the "SSL Configuration 
HOW-TO".

I created the Certificate Store by using "keytool" as givien in that 
HOW-TO.

I uncomment the "SSL HTTP/1.1 Connector" entry in the Server.xml file.

I restarted the Webserver. It is giving the following errors. Please 
tell me the way to configure it properly.

 

initProxy:  java.security.UnrecoverableKeyException: Cannot recover key
java.security.UnrecoverableKeyException: Cannot recover key
at 
sun.security.provider.KeyProtector.recover(KeyProtector.java:304)

 

Catalina.start: LifecycleException:  null.open:  java.io.IOException: 
java.secur
ity.UnrecoverableKeyException: Cannot recover key
LifecycleException:  null.open:  java.io.IOException: 
java.security.Unrecoverabl
eKeyException: Cannot recover key

 

and few more. Please tell me the way to rectify it.

Thanking you Sir.

 



-
Do You Yahoo!?
Yahoo! Health - Feel better, live better

Urgent !!! Cannot start tomcat with SSL

[Ann]

Dear all,

  I have installed SSL for the tomcat 4.0 . It cannot start with the 
startup program. When I use the catalina run, I find that it has 
java.lang.NoSuchMethod Exception. Can anybody help?

Thanks 

Ann Bruisy

RE: tomcat with ssl

[Tomasz . Ciolek]

I have noticed that there is no SSL keystore specified in the factory...
that will kill the SSL on startup, as it will try to laod SSL certificates
it wants to use...

regards
TMC


--
Tomasz M. Ciolek
Systems Administrator - CSIRO Entomology
Phone: 02-62464391 * Fax: 02-62464000
 

> -Original Message-
> From: Lawlor, Frank [mailto:[EMAIL PROTECTED]] 
> Sent: Wednesday, 03 April 2002 13:39 
> To: 'Tomcat Users List'
> Subject: RE: tomcat with ssl
> 
> 
> How are you trying to connect?
> What is the URL you are using?
> Is there anything in the logs?
> I assume you followed all the 
> directions in the How-to?
> 
> Frank Lawlor
> Athens Group, Inc.
> (512) 345-0600 x151
> Athens Group, an employee-owned consulting firm integrating technology
> strategy and software solutions.
> 
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Sunday, March 31, 2002 11:46 PM
> > To: Tomcat Users List
> > Subject: tomcat with ssl
> > 
> > 
> > I am configuring Tomcat with ssl.
> > 
> > my system is;
> > 
> > jakarta-tomcat-4.0.1
> > jsse-1_0_2-gl
> > j2sdk-1_3_1_03
> > 
> > 
> > I put  jcert.jar  jnet.jar  jsse.jar in $JAVA_HOME/jre/lib/ext.
> > My apache is OK with ssl, and also Tomcat without ssl.
> > 
> > When I take away <--- and --> from text below,
> > 
> > 
> > 
> > Tomcat seems ok to bootup, But can not connect from web 
> browser, just
> > keeping
> > timeout.
> > 
> > Wnen I coment out the text below;
> > 
> > 
> > 
> > Tomcat works, but not with SSL.
> > 
> > Please someone help me?
> > 
> > Akihiro
> > 
> > 
> > --
> > To unsubscribe:   
> <mailto:tomcat-user-> [EMAIL PROTECTED]>
> > For 
> additional commands: 
> <mailto:[EMAIL PROTECTED]>
> > Troubles with the list: 
> <mailto:tomcat-user-> [EMAIL PROTECTED]>
> > 
> > 
> 
> --
> To 
> unsubscribe:   
> <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
> 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

RE: tomcat with ssl

[Lawlor, Frank]

How are you trying to connect?
What is the URL you are using?
Is there anything in the logs?
I assume you followed all the 
directions in the How-to?

Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, March 31, 2002 11:46 PM
> To: Tomcat Users List
> Subject: tomcat with ssl
> 
> 
> I am configuring Tomcat with ssl.
> 
> my system is;
> 
> jakarta-tomcat-4.0.1
> jsse-1_0_2-gl
> j2sdk-1_3_1_03
> 
> 
> I put  jcert.jar  jnet.jar  jsse.jar in $JAVA_HOME/jre/lib/ext.
> My apache is OK with ssl, and also Tomcat without ssl.
> 
> When I take away <--- and --> from text below,
> 
> 
> 
> Tomcat seems ok to bootup, But can not connect from web browser, just
> keeping
> timeout.
> 
> Wnen I coment out the text below;
> 
> 
> 
> Tomcat works, but not with SSL.
> 
> Please someone help me?
> 
> Akihiro
> 
> 
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
> 
> 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

tomcat with ssl

[aki]

I am configuring Tomcat with ssl.

my system is;

jakarta-tomcat-4.0.1
jsse-1_0_2-gl
j2sdk-1_3_1_03


I put  jcert.jar  jnet.jar  jsse.jar in $JAVA_HOME/jre/lib/ext.
My apache is OK with ssl, and also Tomcat without ssl.

When I take away <--- and --> from text below,



Tomcat seems ok to bootup, But can not connect from web browser, just
keeping
timeout.

Wnen I coment out the text below;



Tomcat works, but not with SSL.

Please someone help me?

Akihiro


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Re: Getting my Java application to run on Tomcat with SSL

[elmo]

Hi again,

I resolved the problem in my previous email but I am stuck on a new one. Whenever I am 
using SOAP requests in my web
application, I get the following exception:

javax.net.ssl.SSLException : untrusted server cert chain

Otherwise, it seems things are working like a charm. I appreciate any help...

Elias S. Mouchantaf
Corniche El-Nahr,
Beirut - Lebanon.
Tel. +961-1-613958/9
[EMAIL PROTECTED]
www.triloggroup.com



   

elmo@triloggr  

oup.com  To: [EMAIL PROTECTED]

 cc:   

03/20/2002   Subject: Getting my Java application to 
run on Tomcat with SSL
10:41 AM   

Please 

respond to 

"Tomcat Users  

List"  

   

   




Hi,

I am new with Tomcat. I have this web application which was working well on Tomcat 
when I called it with:
http://127.0.0.1:8080/mywebapp

I added the following line to the server.xml file in the tomcat conf directory to have 
the above run properly:



Recently, I configured Tomcat to work with SSL. When I try to access 
https://127.0.0.1:8443 I get the default Tomcat
page. Unfortunately when I enter: https://127.0.0.1:8443/mywebapp I get an error: 
"Cannot find /mywebapp".

Can someone tell me what extra settings I have to do in order to have my application 
run with SSL and Tomcat?

Thanks,

Elias S. Mouchantaf
Corniche El-Nahr,
Beirut - Lebanon.
Tel. +961-1-613958/9
[EMAIL PROTECTED]
www.triloggroup.com


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>






--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Getting my Java application to run on Tomcat with SSL

[elmo]

Hi,

I am new with Tomcat. I have this web application which was working well on Tomcat 
when I called it with:
http://127.0.0.1:8080/mywebapp

I added the following line to the server.xml file in the tomcat conf directory to have 
the above run properly:



Recently, I configured Tomcat to work with SSL. When I try to access 
https://127.0.0.1:8443 I get the default Tomcat
page. Unfortunately when I enter: https://127.0.0.1:8443/mywebapp I get an error: 
"Cannot find /mywebapp".

Can someone tell me what extra settings I have to do in order to have my application 
run with SSL and Tomcat?

Thanks,

Elias S. Mouchantaf
Corniche El-Nahr,
Beirut - Lebanon.
Tel. +961-1-613958/9
[EMAIL PROTECTED]
www.triloggroup.com


--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

Trying to run Tomcat with SSL

[Micky Kwik]

I installed JSSE 1.0.2 according to the instructions on the Tomcat website.
All seemed fine. However when I try  to start Tomcat with SSL, I get the
next Exception:

Exception during startup processing
java.lang.reflect.InvocationTargetException: java.lang.NoClassDefFoundError:
jav
ax/net/ServerSocketFactory

It looks like classes can't be found, but I checked CLASSPATH several times
and the JSSE packages are included. What else can it be?

Re: How to I build Tomcat with SSL?

[Eoin Woods]

> Date: Mon, 13 Aug 2001 09:04:50 -0400
> From: "Peter Markowsky" <[EMAIL PROTECTED]>
> Subject: How to I build Tomcat with SSL?
> I've looked at the documentation, downloaded the classes and xerces 1.4.1.
> But am now faced with the actual how do I rebuild Tomcat. I'm very new at
> this.
I've just had to do this myself.

The first thing is that if you just want SSL support then, with Tomcat 3.2.3
at least, you don't seem to need to rebuild it.   Just put the JSSE JAR
files in $TOMCAT_HOME/lib and configure the SSL HttpConnector in server.xml
(there is an example there commented out).

If you *do* need to rebuild it (for other reasons) the you'll find an
explanation in the README file supplied with jakarta-tomcat-3.2.2.tar.gz.
Basically, you need to download Ant, the "servletapi" package, Xerces, JAXP
and JSSE and put them in a directory structure like:


jakarta-tomcat
jakarta-servletapi
jakarta-ant
jaxp-1.0.1

You also need to put xerces.jar and the JSSE JARs in your CLASSPATH before
doing the build.

Eoin.

How to I build Tomcat with SSL?

[Peter Markowsky]

I've looked at the documentation, downloaded the classes and xerces 1.4.1.
But am now faced with the actual how do I rebuild Tomcat. I'm very new at
this.
Thanks for the help,
Peter M.

Setting standalone Tomcat with ssl for https

[Robert De Niro]

Hello!
I have installet Tomcat standalone for testing my jsp on my machine,
now I need Tomcat to support ssl for serving https request.
I am running Windows NT, and Tomcat is installed in C:\TOMCAT (TOMCAT_HOME=C:\TOMCAT)
I read the document 
http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html
and the jGuru Faq
But it still doesn't work properly.

- I have installed the JSSE jars to the CLASSPATH
- I have edited the %java_home%\jre\lib\security\java.security
- In the C:\TOMCAT\CONF\SERVER.XML
I have added :









The trouble is that I have been given two files by my company:
- a certificate called "ct.pem"
- a rsa private key called "ct.cert.key"
I don't have more information about these.
I put these files in my C:\TOMCAT\CONF directory

- Then I think that the parameter named "keystore" may point on the wrong location, 
but as I am with Windows NT I don't know if "/tomcat/conf/ct.cert.key" really points 
on my "ct.cert.key" file in my C:\TOMCAT\CONF directory. (slash and backslash problem?)
- I don't know either what to do with my certificate "ct.pem"
- I don't know if I am right of using the parameter named "keypass" with a "changeit" 
value
- Finally, I don't know how can I test if it is not working for real, as if I put any 
URL https://localhost/blablabla.../bla.jsp, it just goes on a blank page. If I can I 
access to a page like "http://localhost/blablabla.../bla.jsp"; which is NON secure 
(http), can I access it when I just replace http by https ? Or do I have to install my 
jsp in another place?

Hey that's a lot of questions, but if you can help me clear these doubts, I'd be 
grateful, 
thanks in advance!
Bob
-- 

___
FREE Personalized E-mail at Mail.com 
http://www.mail.com/?sr=signup 

Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free! 
http://www.net2phone.com/cgi-bin/link.cgi?143 

Re: Hi Pete, help regarding running Tomcat with SSL

[Alberto Torna Jr.]

Please excuse the error Manjunath & Pete, I see you're running IIS and not Apache.  

>From: "Manjunath BHat" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED] 
>To: [EMAIL PROTECTED] 
>Subject: Hi Pete, help regarding running Tomcat with SSL 
>Date: Tue, 10 Jul 2001 16:17:32 +0530 
> 
>Hi Pete, 
> 
>U've said that u r running Tomcat with SSL. R u using CA cert or 
>Self 
>signed cert. 
> 
>Please help me. My environment is NT+IIS+Tomcat 
> 
>Thanks in advance 
> 
>Manjunath 
>_ 
>Get Your Private, Free E-mail from MSN Hotmail at 
>http://www.hotmail.com. 
> 
Get your FREE download of MSN Explorer at http://explorer.msn.com

Re: Hi Pete, help regarding running Tomcat with SSL

[Alberto Torna Jr.]

You might have a problem with NT.  Verisign, for instance, does not support Mod_SSL.  It only supports Apache-SSL.  Apache-SSL only has a Unix implementaiton.  SSL, by the way, is only supported by tomcat if you integrate it with Apache.  

>From: "Manjunath BHat" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED] 
>To: [EMAIL PROTECTED] 
>Subject: Hi Pete, help regarding running Tomcat with SSL 
>Date: Tue, 10 Jul 2001 16:17:32 +0530 
> 
>Hi Pete, 
> 
>U've said that u r running Tomcat with SSL. R u using CA cert or 
>Self 
>signed cert. 
> 
>Please help me. My environment is NT+IIS+Tomcat 
> 
>Thanks in advance 
> 
>Manjunath 
>_ 
>Get Your Private, Free E-mail from MSN Hotmail at 
>http://www.hotmail.com. 
> 
Get your FREE download of MSN Explorer at http://explorer.msn.com

Re: Hi Pete, help regarding running Tomcat with SSL

[pete]

Manjunath,

I am running a Self-signed certificate with Tomcat on Linux (Mandrake 
8.0, kernel 2.4.5)

As i said before you need to build tomcat from source, with jsse.jar, 
jcert.jar etc. (the file i got from Sun that contains these is 
jsse-1_0_2-gl.zip ) in your classpath.

The Ant build process will automatically SSL-enable tomcat during the 
build process if jsse.jar is found.

For more detail on  building and configuring an SSL-enabled tomcat, you 
need to follow the instructions at:

http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html

After you have built, you need to use 'keytool' to create and install a  
certificate.

I have only installed a certificate that i created myself with OpenSSL - 
Not sure if this is available on Windows.

If you need to use a 3rd party certificate, you may have to convert it 
to the correct format required by keytool. There is a utility to do this 
available on the net, but i can't find it right now.

If you follow the instructions in the docs, you should get a working 
SSL-tomcat.

-Pete



> Hi Pete,
> 
> U've said that u r running Tomcat with SSL. R u  using CA cert or Self 
> signed cert.
> 
> Please help me. My environment is NT+IIS+Tomcat
> 
> Thanks in advance
> 
> Manjunath
> _
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Hi Pete, help regarding running Tomcat with SSL

[Manjunath BHat]

Hi Pete,

U've said that u r running Tomcat with SSL. R u  using CA cert or Self 
signed cert.

Please help me. My environment is NT+IIS+Tomcat

Thanks in advance

Manjunath
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Re: imp - Tomcat with SSL

[pete]

Tomcat does support SSL, but you will have to recompile it from source, 
after downloading the JSSE jars from Sun.

If the JSSE jars are in your classpath, (i put mine in 
$JAVA_HOME/jre/lib/ext/) then tomcat will automatically build with SSL 
support.

Once you have an SSL-enabled build, you will have to modify server.xml 
so that it will accept SSL connections on port 443.

You may have to jump through some hoops to use Verisign certificates 
with the java SSL key management tools.

All this is covered in docs available on the web, but if you have 
specific troubles, i can help you out with them, since i have 
successfully built and deployed SSL-enabled tomcat.

-Pete

> Does Tomcat supports SSL
> 
> If yes then which version supports it.
> 
>  
> 
> Please let me know immediatly
> 
>  
> 
> Thanking you in advance.
> 
> parag
> 

RE: imp - Tomcat with SSL

[Mandar Joshi]

I guess it does not 
support digest based (SSL) client 
authentication though.
 
cheers,
Mandar

  -Original Message-From: Rams 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, July 05, 2001 11:24 
  PMTo: [EMAIL PROTECTED]Subject: RE: imp - 
  Tomcat with SSL
  Tomcat does 
  support SSL..
  Ver 3.2.1 or 
  above.
   
  Rams 
  +91-040-3000401 x 2162 
  (O) +91-040-6313447 
  (R) 
  
-Original Message-From: Parag S 
[mailto:[EMAIL PROTECTED]]Sent: Friday, July 06, 2001 11:33 
AMTo: [EMAIL PROTECTED]Subject: imp - 
Tomcat with SSL
Does Tomcat supports SSL
If yes then which version supports it.
 
Please let me know immediatly
 
Thanking you in advance.
parag

RE: imp - Tomcat with SSL

[Rams]

Tomcat does 
support SSL..
Ver 3.2.1 or 
above.
 
Rams 
+91-040-3000401 x 2162 
(O) +91-040-6313447 
(R) 

  -Original Message-From: Parag S 
  [mailto:[EMAIL PROTECTED]]Sent: Friday, July 06, 2001 11:33 
  AMTo: [EMAIL PROTECTED]Subject: imp - 
  Tomcat with SSL
  Does Tomcat supports SSL
  If yes then which version supports it.
   
  Please let me know immediatly
   
  Thanking you in advance.
  parag

RE: imp - Tomcat with SSL

[Lakshminarayanan Ramakrishnan]

I THINK TOMCAT 3.2 SUPPORTS SSL, YOU CAN GO THRU 
THE DOCUMENTATION PROVIDED.
 
LAX

  -Original Message-From: Parag S 
  [mailto:[EMAIL PROTECTED]]Sent: Friday, July 06, 2001 11:33 
  AMTo: [EMAIL PROTECTED]Subject: imp - 
  Tomcat with SSL
  Does Tomcat supports SSL
  If yes then which version supports it.
   
  Please let me know immediatly
   
  Thanking you in advance.
  parag

Re: imp - Tomcat with SSL

[Dmitri Colebatch]

On Fri,  6 Jul 2001 16:03, Parag S wrote:
> Does Tomcat supports SSL
yes it does.  download it - look in $TOMCAT_HOME/doc/tomcat-ssl-howto.html

> If yes then which version supports it.
thats from 3.2

> Please let me know immediatly
hmmm, its a mailing list - we'll answer your query when we have time...

> Thanking you in advance.
no problem

cheesr
dim

imp - Tomcat with SSL

[Parag S]

Does Tomcat supports SSL
If yes then which version supports it.
 
Please let me know immediatly
 
Thanking you in advance.
parag

tomcat with ssl difficulty

[Wei Luo]

environment: tomcat 3.2.1, window 2000

setup: installed jsse 1.02 (tested, ok), uncomment ssl connector in 
server.xml (keystore and password ok), generate key pairs and self-signed 
certificate

problem: try to do https put upload through cURL v7.7. tomcat start ok with 
port 8443 ready for direct ssl. however, security shakehand always failed 
with self-signed certicate generated either by java keytool or openssl. I 
tested with openssl s_client and it failed too.

Question:
1. does tomcat support self-signed certificate? if yes, how can i set it up 
correctly?
2. i have a valid verisign certificate with iis 4.0, and i try to use it 
with tomcat. problem is: i don't know the format of iis key manager export 
(.key), and can not import it into keystore with java keytool. i also tried 
to convert it with openssl with pkcs7, pkcs12, etc. but fail once again. 
does anybody have some good suggestion?

thanks.

-Wei Luo
_
Get your FREE download of MSN Explorer at http://explorer.msn.com

More on tomcat with SSL problem

[Mandar Joshi]

I created a java client communicating over https and used it with the same
URL it throws following exception:

javax.net.ssl.SSLException: Received fatal alert: handshake_failure (no
cipher suites in common)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.b([DashoPro-V1.2-120198])
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
at java.io.OutputStream.write(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120
198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-
V1.2-120198])

at
com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoP
ro-V1.2-120198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-1201
98])
at
com.sun.net.ssl.internal.www.protocol.https.HttpClient.([DashoPro-V1.2
-120198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.([DashoPro-V1.
2-120198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120
198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120
198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([Dash
oPro-V1.2-120198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getOutputStre
am([DashoPro-V1.2-120198])
at TestMessage.main(TestMessage.java:116)

The tomcat consol still dumps
2001-02-24 04:48:53 - Ctx(  ): 400 R( /) null
2001-02-24 04:48:53 - Ctx(  ): IOException in: R( /) Socket closed

There has to be a common Cipher Suite since both the programs are running on
same machine and sharing same environment.

Any help appritiated

Mandar

> -Original Message-
> From: Mandar Joshi [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, February 24, 2001 6:27 PM
> To: [EMAIL PROTECTED]
> Subject: tomcat with SSL
>
>
> Hi,
>
> I am using tomcat V3.2. I am trying to configure SSL for stand alone
tomcat.
> I have following entry in the server.xml file
> 
> 
> value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
>  value="8443"/>
>  value="org.apache.tomcat.net.SSLSocketFactory" />
> 
> 
>  
> 
>
> When I start tomcat it shows me that it has started listening to port 8443
> however When I type https://myserv:8443/, it gives me 'The page cannot be
> displayed' error
>
> Tomcat consol dumps following lines
> 2001-02-24 04:18:13 - Ctx(  ): 400 R( /) null
> 2001-02-24 04:18:13 - Ctx(  ): IOException in: R( /) Socket closed
>
> Any ideas why is this happening ?
>
> Thanks in advance
> Mandar
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

RE: tomcat with SSL

[Adam Fowler]

cancel that last one, was assuming you were using apache for some bizarre
brain-lack-of sleep reason.

8o)

Adam.


Adam Fowler
Second year Computer Science undergraduate
University of Wales, Aberystwyth
Carroll College, WI, USA(2000-2001)
web: http://gucciboy.dyndns.org/aff9
e-mail: [EMAIL PROTECTED]
"Every new beginning comes from some other beginning's end"



-Original Message-
From: Mandar Joshi [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 24, 2001 6:27 PM
To: [EMAIL PROTECTED]
Subject: tomcat with SSL


Hi,

I am using tomcat V3.2. I am trying to configure SSL for stand alone tomcat.
I have following entry in the server.xml file






 


When I start tomcat it shows me that it has started listening to port 8443
however When I type https://myserv:8443/, it gives me 'The page cannot be
displayed' error

Tomcat consol dumps following lines
2001-02-24 04:18:13 - Ctx(  ): 400 R( /) null
2001-02-24 04:18:13 - Ctx(  ): IOException in: R( /) Socket closed

Any ideas why is this happening ?

Thanks in advance
Mandar


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

RE: tomcat with SSL

[Adam Fowler]

Hi,

I thought SSL listener on port 443, not 8443? If so then does SSL know that
you're using 8443 instead?

Regards,
Adam.


Adam Fowler
Second year Computer Science undergraduate
University of Wales, Aberystwyth
Carroll College, WI, USA(2000-2001)
web: http://gucciboy.dyndns.org/aff9
e-mail: [EMAIL PROTECTED]
"Every new beginning comes from some other beginning's end"



-Original Message-
From: Mandar Joshi [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 24, 2001 6:27 PM
To: [EMAIL PROTECTED]
Subject: tomcat with SSL


Hi,

I am using tomcat V3.2. I am trying to configure SSL for stand alone tomcat.
I have following entry in the server.xml file






 


When I start tomcat it shows me that it has started listening to port 8443
however When I type https://myserv:8443/, it gives me 'The page cannot be
displayed' error

Tomcat consol dumps following lines
2001-02-24 04:18:13 - Ctx(  ): 400 R( /) null
2001-02-24 04:18:13 - Ctx(  ): IOException in: R( /) Socket closed

Any ideas why is this happening ?

Thanks in advance
Mandar


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

tomcat with SSL

[Mandar Joshi]

Hi,

I am using tomcat V3.2. I am trying to configure SSL for stand alone tomcat.
I have following entry in the server.xml file






 


When I start tomcat it shows me that it has started listening to port 8443
however When I type https://myserv:8443/, it gives me 'The page cannot be
displayed' error

Tomcat consol dumps following lines
2001-02-24 04:18:13 - Ctx(  ): 400 R( /) null
2001-02-24 04:18:13 - Ctx(  ): IOException in: R( /) Socket closed

Any ideas why is this happening ?

Thanks in advance
Mandar


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: How set a 128bits key for Tomcat with SSL direct

[Loïc Courtois]

Yes, I'am talking about the informations displayed in the browser...

But, who knows the difference between the key length, and the information in
the browser?

How could I get a 128bit SSL information in the browser with tomcat?

Thanks a lot.

Loic
- Original Message -
From: "John Golubenko" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 07, 2001 5:12 PM
Subject: Re: How set a 128bits key for Tomcat with SSL direct


Not really. It's 128bit, but if you talking about info after clicking
lock icon in the browser, it's not that.

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 2/7/01, 4:21:53 AM, "Loïc Courtois" <[EMAIL PROTECTED]> wrote
regarding How set a 128bits key for Tomcat with SSL direct:


> I'am trying to have a 128bits key for Tomcat (configure with SSL direct),
> but I can't do it.

> For the moment, the SSL certification is a 40bits one.

> Thanks

> Loic


> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]

NOTICE:  This communication may contain confidential or other privileged
information.  If you are not the intended recipient, or believe that you
have received this communication in error, please do not print, copy,
retransmit, disseminate, or otherwise use the information.  Also, please
indicate to the sender that you have received this email in error, and
delete the copy you received.  Any communication that does not relate to
official Columbia business is that of the sender and is neither given nor
endorsed by Columbia.  Thank you.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: How set a 128bits key for Tomcat with SSL direct

[John Golubenko]

Not really. It's 128bit, but if you talking about info after clicking 
lock icon in the browser, it's not that.

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 2/7/01, 4:21:53 AM, "Loïc Courtois" <[EMAIL PROTECTED]> wrote 
regarding How set a 128bits key for Tomcat with SSL direct:


> I'am trying to have a 128bits key for Tomcat (configure with SSL direct),
> but I can't do it.

> For the moment, the SSL certification is a 40bits one.

> Thanks

> Loic


> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]

NOTICE:  This communication may contain confidential or other privileged information.  
If you are not the intended recipient, or believe that you have received this 
communication in error, please do not print, copy, retransmit, disseminate, or 
otherwise use the information.  Also, please indicate to the sender that you have 
received this email in error, and delete the copy you received.  Any communication 
that does not relate to official Columbia business is that of the sender and is 
neither given nor endorsed by Columbia.  Thank you.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

How set a 128bits key for Tomcat with SSL direct

[Loïc Courtois]

I'am trying to have a 128bits key for Tomcat (configure with SSL direct),
but I can't do it.

For the moment, the SSL certification is a 40bits one.

Thanks

Loic


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: tomcat with ssl

[Dave Smith]

sun,

Start by reading the documentation for keytool,
which explains this in great detail.

BTW keytool is not a part of j2ee. The docs are
in the standard version.

Dave
- Original Message -
From: "sun" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 10, 2001 2:22 PM
Subject: tomcat with ssl


> hi, there,
> I am trying to use ssl on tomcat, and use keytool from j2ee to generate
key,
> but I don't know where is my generated key pair after running keytool, and
> where to put them, who can help me? thanks a lot.
>
> rgds
> brent
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

tomcat with ssl

[sun]

hi, there,
I am trying to use ssl on tomcat, and use keytool from j2ee to generate key,
but I don't know where is my generated key pair after running keytool, and
where to put them, who can help me? thanks a lot.

rgds
brent



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]