Problem with SSL / JSSE in Tomcat using a PKCS12_truststore_ - a curly one

[Nigel Smith]

Hi there,

I'm having trouble with an interesting problem.

I have a keystore and a truststore setup, both as pkcs12 stores. I'm 
telling tomcat about the keystore by something like the following code 
(I actually do it in spring, and so I've translated it into plain java 
code here for simplicity)


connector.setAttribute("keystoreFile", "c:\tomcatEmbedded\keystore.p12");
connector.setAttribute("keystorePass", "secret");
connector.setAttribute("keystoreType", "PKCS12");

and similarly to setup the trust store, I'm doing the following:

connector.setAttribute("truststoreFile", 
"c:\tomcatEmbedded\truststore.p12");

connector.setAttribute("truststorePass", "secret");
connector.setAttribute("truststoreType", "PKCS12");

The problem I have here is that Tomcat (I suspect it's not tomcat, but 
something in J2SE, or the way tomcat uses JSSE, or even the way I've got 
my env setup - I'll explain in a minute) loves the keystore, but is a 
right snob about the truststore. It simply refuses to acknowledge its 
existence.


Actually, I've lied - I have setup a different type of truststore. It's 
a JKS store, and when I use the following code to initialise the 
truststore, things start to work again:


connector.setAttribute("truststoreFile", 
"c:\tomcatEmbedded\truststore.jks");

connector.setAttribute("truststorePass", "changeit");
connector.setAttribute("truststoreType", "JKS");

they key point here is that intitialising the truststore as a PKCS12 
store simply does not work.


Some more information: if I set a system property as such: 
-Djavax.net.debug=all, I can actually see the trusted certificates being 
loaded up as tomcat starts up. I mean, I can see all the certs in the 
trust store being loaded up when it's a JKS store. When its a PKCS12 
store, it ignores them. Very rude.


Further, if I set the trust store through the javax.net.ssl.trustStore* 
properties (JKS or PKCS12), things go a bit wrong with a message like 
"java.io.IOException: DerInputStream.getLength(): length Tag=109"  - I 
don't know what the hell this means, but from what I have been able to 
glean from a bit of googling, this happens because of the Tomcat 
classloader hierarchy - I think. Which is probably why we have the 
setAttribute() method on the connector.


I'm initerested in knowing if anyone has had a similar problem / 
experience, and knows of any way I can use a PKCS12 store as a trust store.


I'm using Java 1.5.0_03, Tomcat 5.5.9 embedded.

Many thanks,
Nigel

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SSL

[Mark Thomas]

The resource you are looking for is the relevant servlet specification.
See http://java.sun.com/products/servlet/reference/api/index.html
The spec is *required* reading for anyone developing with servlets.
Be aware that INTEGRAL does not require the data to be encrypted, only 
that the integrity of the content is maintained.

Mark
[EMAIL PROTECTED] wrote:
Hey it works! Thank you for enlightening me. But i
would like to know why it works. If you can point me
to some resources to explain this.
 
I think in order for the client server to communicate
over SSL the crucial setting is 
INTEGRAL
NONE will mean no SSL. 
 is just to specify how we want to
athenticate the client right?

Actually what i want to achieve is just for the client
and server to communicate over SSL for the login
screen. No need for the client to prove that he is who
he is.
Am i right about the issue?
Thanks again, you have been a great help :)

--- Mark Thomas <[EMAIL PROTECTED]> wrote:

If you don't want the clients to have to provide a
client certificate, 
don't specify CLIENT-CERT in your web.xml

Mark
[EMAIL PROTECTED] wrote:
I tried setting it to true and it still does not
work.
--- Mark Thomas <[EMAIL PROTECTED]> wrote:

From the Tomcat documentation:

clientAuth
Set to true if you want the SSL stack to require a
valid certificate 
chain from the client before accepting a
connection.
A false value 
(which is the default) will not require a
certificate chain unless the 
client requests a resource protected by a security
constraint that uses 
CLIENT-CERT authentication.


[EMAIL PROTECTED] wrote:

By right the client should not be asked to
present
a

cert because my server.xml setting is set to
clientAuth="false"
--- Mark Thomas <[EMAIL PROTECTED]> wrote:


The problem appears to be that no client
certificate

is presented by 
your client. Do you get prompted by your browser
to

specify a client 
certificate?

Browsers may be configured not to prompt for a
certificate in any or all 
of the following cases:
- No client certs have been imported into the
browser
- No compatible client certs have been imported
into

the browser
- Only one suitable cert was found so it was
returned (unlikely in your 
case)

Check your browser/cert configuration.
Mark
[EMAIL PROTECTED] wrote:

web.xml: 

 

PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN"
"http://localhost/dtd/web-app_2_3.dtd";>
	
	
		driverClassName
	
com.mysql.jdbc.Driver
	
	
		dbUsername
		root
	
	
		dbPassword
		sql4dm1n2003
	
	
	
		
			MyListener
		
	
	
	
	
		ErrorServlet 
	


chapter04.ErrorServlet
	
	
		LoginServlet 
	


chapter04.LoginServlet

dburl


jdbc:mysql://localhost/test




LoginServlet
/login


ErrorServlet
/error



/login.html



403
/login.html




login
servlet
/login>
POST



manager





INTEGRAL





CLIENT-CERT
sales




manager




=== message truncated ===

		
__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SSL

[bar_rin]

Hey it works! Thank you for enlightening me. But i
would like to know why it works. If you can point me
to some resources to explain this.
 
I think in order for the client server to communicate
over SSL the crucial setting is 
INTEGRAL
NONE will mean no SSL. 
 is just to specify how we want to
athenticate the client right?

Actually what i want to achieve is just for the client
and server to communicate over SSL for the login
screen. No need for the client to prove that he is who
he is.

Am i right about the issue?

Thanks again, you have been a great help :)




--- Mark Thomas <[EMAIL PROTECTED]> wrote:

> If you don't want the clients to have to provide a
> client certificate, 
> don't specify CLIENT-CERT in your web.xml
> 
> Mark
> 
> [EMAIL PROTECTED] wrote:
> > I tried setting it to true and it still does not
> work.
> > 
> > --- Mark Thomas <[EMAIL PROTECTED]> wrote:
> > 
> > 
> >> From the Tomcat documentation:
> >>
> >>clientAuth
> >>Set to true if you want the SSL stack to require a
> >>valid certificate 
> >>chain from the client before accepting a
> connection.
> >>A false value 
> >>(which is the default) will not require a
> >>certificate chain unless the 
> >>client requests a resource protected by a security
> >>constraint that uses 
> >>CLIENT-CERT authentication.
> >>
> >>
> >>[EMAIL PROTECTED] wrote:
> >>
> >>>By right the client should not be asked to
> present
> >>
> >>a
> >>
> >>>cert because my server.xml setting is set to
> >>>clientAuth="false"
> >>>
> >>>--- Mark Thomas <[EMAIL PROTECTED]> wrote:
> >>>
> >>>
> >>>
> The problem appears to be that no client
> >>
> >>certificate
> >>
> is presented by 
> your client. Do you get prompted by your browser
> >>
> >>to
> >>
> specify a client 
> certificate?
> 
> Browsers may be configured not to prompt for a
> certificate in any or all 
> of the following cases:
> - No client certs have been imported into the
> browser
> - No compatible client certs have been imported
> >>
> >>into
> >>
> the browser
> - Only one suitable cert was found so it was
> returned (unlikely in your 
> case)
> 
> Check your browser/cert configuration.
> 
> Mark
> 
> [EMAIL PROTECTED] wrote:
> 
> 
> >web.xml: 
> >
> > 
> > >  PUBLIC "-//Sun Microsystems, Inc.//DTD Web
> >Application 2.3//EN"
> >  "http://localhost/dtd/web-app_2_3.dtd";>
> >
> > 
> > driverClassName
> > 
> >>
> >>com.mysql.jdbc.Driver
> >>
> > 
> > 
> > dbUsername
> > root
> > 
> > 
> > dbPassword
> > sql4dm1n2003
> > 
> > 
> > 
> > 
> > MyListener
> > 
> > 
> > 
> > 
> > 
> > ErrorServlet 
> > 
> >
> 
> >
>
chapter04.ErrorServlet
> > 
> > 
> > 
> > LoginServlet 
> > 
> >
> 
> >
>
chapter04.LoginServlet
> > 
> > 
> > dburl
> > 
> >
> 
> >
>
jdbc:mysql://localhost/test
> > 
> > 
> > 
> > 
> > 
> > LoginServlet
> > /login
> > 
> > 
> > ErrorServlet
> > /error
> > 
> > 
> > 
> > /login.html
> > 
> > 
> > 
> > 403
> > /login.html
> > 
> > 
> > 
> > 
> > login
> >servlet
> > /login>
> > POST
> > 
> > 
> > 
> > manager
> > 
> > 
> > 
> > 
> 
>
>>>INTEGRAL
> >>>
> > 
> > 
> > 
> > 
> > 
> > CLIENT-CERT
> > sales
> > 
> > 
> > 
> > 
> > manager
> > 
> > 
> >
> 
=== message truncated ===




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SSL

[Mark Thomas]

If you don't want the clients to have to provide a client certificate, 
don't specify CLIENT-CERT in your web.xml

Mark
[EMAIL PROTECTED] wrote:
I tried setting it to true and it still does not work.
--- Mark Thomas <[EMAIL PROTECTED]> wrote:

From the Tomcat documentation:

clientAuth
Set to true if you want the SSL stack to require a
valid certificate 
chain from the client before accepting a connection.
A false value 
(which is the default) will not require a
certificate chain unless the 
client requests a resource protected by a security
constraint that uses 
CLIENT-CERT authentication.


[EMAIL PROTECTED] wrote:
By right the client should not be asked to present
a
cert because my server.xml setting is set to
clientAuth="false"
--- Mark Thomas <[EMAIL PROTECTED]> wrote:

The problem appears to be that no client
certificate
is presented by 
your client. Do you get prompted by your browser
to
specify a client 
certificate?

Browsers may be configured not to prompt for a
certificate in any or all 
of the following cases:
- No client certs have been imported into the
browser
- No compatible client certs have been imported
into
the browser
- Only one suitable cert was found so it was
returned (unlikely in your 
case)

Check your browser/cert configuration.
Mark
[EMAIL PROTECTED] wrote:

web.xml: 

 

 PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN"
 "http://localhost/dtd/web-app_2_3.dtd";>
	
	
		driverClassName
	
com.mysql.jdbc.Driver
	
	
		dbUsername
		root
	
	
		dbPassword
		sql4dm1n2003
	
	
	
		
			MyListener
		
	
	
	
	
		ErrorServlet 
	


chapter04.ErrorServlet
	
	
		LoginServlet 
	


chapter04.LoginServlet

dburl


jdbc:mysql://localhost/test




LoginServlet
/login


ErrorServlet
/error



/login.html



403
/login.html




login
servlet
/login>
POST



manager





INTEGRAL





CLIENT-CERT
sales




manager



server.xml: (the part that matters)
minSpareThreads="25"

maxSpareThreads="75"
 enableLookups="false"
disableUploadTimeout="true"
 acceptCount="100" scheme="https"
secure="true"
 clientAuth="false"
sslProtocol="TLS" />
I have a simple login page that access
LoginServlet. I

get this error:
WARNING: Exception getting SSL Cert
java.net.SocketException: Socket Closed
INFO: SSL Error getting client Certs
javax.net.ssl.SSLProtocolException: handshake
alert:

no_certificate

=== message truncated ===

		
__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SSL

[bar_rin]

I tried setting it to true and it still does not work.

--- Mark Thomas <[EMAIL PROTECTED]> wrote:

>  From the Tomcat documentation:
> 
> clientAuth
> Set to true if you want the SSL stack to require a
> valid certificate 
> chain from the client before accepting a connection.
> A false value 
> (which is the default) will not require a
> certificate chain unless the 
> client requests a resource protected by a security
> constraint that uses 
> CLIENT-CERT authentication.
> 
> 
> [EMAIL PROTECTED] wrote:
> > By right the client should not be asked to present
> a
> > cert because my server.xml setting is set to
> > clientAuth="false"
> > 
> > --- Mark Thomas <[EMAIL PROTECTED]> wrote:
> > 
> > 
> >>The problem appears to be that no client
> certificate
> >>is presented by 
> >>your client. Do you get prompted by your browser
> to
> >>specify a client 
> >>certificate?
> >>
> >>Browsers may be configured not to prompt for a
> >>certificate in any or all 
> >>of the following cases:
> >>- No client certs have been imported into the
> >>browser
> >>- No compatible client certs have been imported
> into
> >>the browser
> >>- Only one suitable cert was found so it was
> >>returned (unlikely in your 
> >>case)
> >>
> >>Check your browser/cert configuration.
> >>
> >>Mark
> >>
> >>[EMAIL PROTECTED] wrote:
> >>
> >>>web.xml: 
> >>>
> >>> 
> >>> >>>   PUBLIC "-//Sun Microsystems, Inc.//DTD Web
> >>>Application 2.3//EN"
> >>>   "http://localhost/dtd/web-app_2_3.dtd";>
> >>>  
> >>>   
> >>>   driverClassName
> >>>   
> com.mysql.jdbc.Driver
> >>>   
> >>>   
> >>>   dbUsername
> >>>   root
> >>>   
> >>>   
> >>>   dbPassword
> >>>   sql4dm1n2003
> >>>   
> >>>   
> >>>   
> >>>   
> >>>   MyListener
> >>>   
> >>>   
> >>>   
> >>>   
> >>>   
> >>>   ErrorServlet 
> >>>   
> >>>
> >>
> >
>
chapter04.ErrorServlet
> > 
> >>>   
> >>>   
> >>>   LoginServlet 
> >>>   
> >>>
> >>
> >
>
chapter04.LoginServlet
> > 
> >>>   
> >>>   dburl
> >>>   
> >>>
> >>
> >
>
jdbc:mysql://localhost/test
> > 
> >>>   
> >>>   
> >>>   
> >>>   
> >>>   LoginServlet
> >>>   /login
> >>>   
> >>>   
> >>>   ErrorServlet
> >>>   /error
> >>>   
> >>>   
> >>>   
> >>>   /login.html
> >>>   
> >>>   
> >>>   
> >>>   403
> >>>   /login.html
> >>>   
> >>>   
> >>>   
> >>>   
> >>>   login
> >>>servlet
> >>>   /login>
> >>>   POST
> >>>   
> >>>   
> >>>   
> >>>   manager
> >>>   
> >>>   
> >>>   
> >>>   
> >>
>
>>INTEGRAL
> >>
> >>>   
> >>>   
> >>>   
> >>>   
> >>>   
> >>>   CLIENT-CERT
> >>>   sales
> >>>   
> >>>   
> >>>   
> >>>   
> >>>   manager
> >>>   
> >>>   
> >>>
> >>>
> >>>server.xml: (the part that matters)
> >>> >>>   maxThreads="150"
> >>
> >>minSpareThreads="25"
> >>
> >>>maxSpareThreads="75"
> >>>   enableLookups="false"
> >>>disableUploadTimeout="true"
> >>>   acceptCount="100" scheme="https"
> >>>secure="true"
> >>>   clientAuth="false"
> >>
> >>sslProtocol="TLS" />
> >>
> >>>I have a simple login page that access
> >>
> >>LoginServlet. I
> >>
> >>>get this error:
> >>>
> >>>WARNING: Exception getting SSL Cert
> >>>java.net.SocketException: Socket Closed
> >>>INFO: SSL Error getting client Certs
> >>>javax.net.ssl.SSLProtocolException: handshake
> >>
> >>alert:
> >>
> >>>no_certificate
> 
=== message truncated ===




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SSL

[Mark Thomas]

From the Tomcat documentation:

clientAuth
Set to true if you want the SSL stack to require a valid certificate 
chain from the client before accepting a connection. A false value 
(which is the default) will not require a certificate chain unless the 
client requests a resource protected by a security constraint that uses 
CLIENT-CERT authentication.


[EMAIL PROTECTED] wrote:
By right the client should not be asked to present a
cert because my server.xml setting is set to
clientAuth="false"
--- Mark Thomas <[EMAIL PROTECTED]> wrote:

The problem appears to be that no client certificate
is presented by 
your client. Do you get prompted by your browser to
specify a client 
certificate?

Browsers may be configured not to prompt for a
certificate in any or all 
of the following cases:
- No client certs have been imported into the
browser
- No compatible client certs have been imported into
the browser
- Only one suitable cert was found so it was
returned (unlikely in your 
case)

Check your browser/cert configuration.
Mark
[EMAIL PROTECTED] wrote:
web.xml: 

 

  PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN"
  "http://localhost/dtd/web-app_2_3.dtd";>
	
	
		driverClassName
		com.mysql.jdbc.Driver
	
	
		dbUsername
		root
	
	
		dbPassword
		sql4dm1n2003
	
	
	
		
			MyListener
		
	
	
	
	
		ErrorServlet 
	


chapter04.ErrorServlet
	
	
		LoginServlet 
	


chapter04.LoginServlet

dburl


jdbc:mysql://localhost/test




LoginServlet
/login


ErrorServlet
/error



/login.html



403
/login.html




login
servlet
/login>
POST



manager




INTEGRAL





CLIENT-CERT
sales




manager



server.xml: (the part that matters)
minSpareThreads="25"
maxSpareThreads="75"
  enableLookups="false"
disableUploadTimeout="true"
  acceptCount="100" scheme="https"
secure="true"
  clientAuth="false"
sslProtocol="TLS" />
I have a simple login page that access
LoginServlet. I
get this error:
WARNING: Exception getting SSL Cert
java.net.SocketException: Socket Closed
INFO: SSL Error getting client Certs
javax.net.ssl.SSLProtocolException: handshake
alert:
no_certificate
WARNING: Exception getting SSL Cert
javax.net.ssl.SSLProtocolException: handshake
alert:
no_certificate
My tomcat SSL setup should be working fine because
i
can access https://localhost:8443 and when i
deploy my
war i do not see any problems with regards to my
keystore file. Can someone shed some light on this
issue?
__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 

http://mail.yahoo.com 



-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]


-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]



		
__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SSL

[bar_rin]

By right the client should not be asked to present a
cert because my server.xml setting is set to
clientAuth="false"

--- Mark Thomas <[EMAIL PROTECTED]> wrote:

> The problem appears to be that no client certificate
> is presented by 
> your client. Do you get prompted by your browser to
> specify a client 
> certificate?
> 
> Browsers may be configured not to prompt for a
> certificate in any or all 
> of the following cases:
> - No client certs have been imported into the
> browser
> - No compatible client certs have been imported into
> the browser
> - Only one suitable cert was found so it was
> returned (unlikely in your 
> case)
> 
> Check your browser/cert configuration.
> 
> Mark
> 
> [EMAIL PROTECTED] wrote:
> > web.xml: 
> > 
> >  
> >  >PUBLIC "-//Sun Microsystems, Inc.//DTD Web
> > Application 2.3//EN"
> >"http://localhost/dtd/web-app_2_3.dtd";>
> >
> > 
> > driverClassName
> > com.mysql.jdbc.Driver
> > 
> > 
> > dbUsername
> > root
> > 
> > 
> > dbPassword
> > sql4dm1n2003
> > 
> > 
> > 
> > 
> > MyListener
> > 
> > 
> > 
> > 
> > 
> > ErrorServlet 
> > 
> >
>
chapter04.ErrorServlet
> 
> > 
> > 
> > 
> > LoginServlet 
> > 
> >
>
chapter04.LoginServlet
> > 
> > dburl
> > 
> >
>
jdbc:mysql://localhost/test
> > 
> > 
> > 
> > 
> > LoginServlet
> > /login
> > 
> > 
> > ErrorServlet
> > /error
> > 
> > 
> > 
> > /login.html
> > 
> > 
> > 
> > 403
> > /login.html
> > 
> > 
> > 
> > 
> > login
> > servlet
> > /login>
> > POST
> > 
> > 
> > 
> > manager
> > 
> > 
> > 
> > 
> INTEGRAL
> > 
> > 
> > 
> > 
> > 
> > CLIENT-CERT
> > sales
> > 
> > 
> > 
> > 
> > manager
> > 
> > 
> > 
> > 
> > server.xml: (the part that matters)
> >  >maxThreads="150"
> minSpareThreads="25"
> > maxSpareThreads="75"
> >enableLookups="false"
> > disableUploadTimeout="true"
> >acceptCount="100" scheme="https"
> > secure="true"
> >clientAuth="false"
> sslProtocol="TLS" />
> > 
> > I have a simple login page that access
> LoginServlet. I
> > get this error:
> > 
> > WARNING: Exception getting SSL Cert
> > java.net.SocketException: Socket Closed
> > INFO: SSL Error getting client Certs
> > javax.net.ssl.SSLProtocolException: handshake
> alert:
> > no_certificate
> > WARNING: Exception getting SSL Cert
> > javax.net.ssl.SSLProtocolException: handshake
> alert:
> > no_certificate
> > 
> > My tomcat SSL setup should be working fine because
> i
> > can access https://localhost:8443 and when i
> deploy my
> > war i do not see any problems with regards to my
> > keystore file. Can someone shed some light on this
> > issue?
> > 
> > 
> > __
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> > http://mail.yahoo.com 
> > 
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > 
> > 
> > 
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 




__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SSL

[Mark Thomas]

The problem appears to be that no client certificate is presented by 
your client. Do you get prompted by your browser to specify a client 
certificate?

Browsers may be configured not to prompt for a certificate in any or all 
of the following cases:
- No client certs have been imported into the browser
- No compatible client certs have been imported into the browser
- Only one suitable cert was found so it was returned (unlikely in your 
case)

Check your browser/cert configuration.
Mark
[EMAIL PROTECTED] wrote:
web.xml: 

 

   PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN"
   "http://localhost/dtd/web-app_2_3.dtd";>
	
	
		driverClassName
		com.mysql.jdbc.Driver
	
	
		dbUsername
		root
	
	
		dbPassword
		sql4dm1n2003
	
	
	
		
			MyListener
		
	
	
	
	
		ErrorServlet 
	
chapter04.ErrorServlet	

	
	
		LoginServlet 
	
chapter04.LoginServlet
		
			dburl
		
jdbc:mysql://localhost/test
		
	
	
	
		LoginServlet
		/login
	
	
		ErrorServlet
		/error
	
	
	
		/login.html
	
	
	
		403
		/login.html
	
	
	
		
			login
servlet
			/login>
			POST
		
		
		
			manager
		
		
		
			INTEGRAL
		
		
	
	
	
		CLIENT-CERT
		sales
		
	
	
	
		manager
	
		


server.xml: (the part that matters)

maxSpareThreads="75"
   enableLookups="false"
disableUploadTimeout="true"
   acceptCount="100" scheme="https"
secure="true"
   clientAuth="false" sslProtocol="TLS" />

I have a simple login page that access LoginServlet. I
get this error:
WARNING: Exception getting SSL Cert
java.net.SocketException: Socket Closed
INFO: SSL Error getting client Certs
javax.net.ssl.SSLProtocolException: handshake alert:
no_certificate
WARNING: Exception getting SSL Cert
javax.net.ssl.SSLProtocolException: handshake alert:
no_certificate
My tomcat SSL setup should be working fine because i
can access https://localhost:8443 and when i deploy my
war i do not see any problems with regards to my
keystore file. Can someone shed some light on this
issue?
__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Problem with SSL

[bar_rin]

web.xml: 

 
http://localhost/dtd/web-app_2_3.dtd";>
   

driverClassName
com.mysql.jdbc.Driver


dbUsername
root


dbPassword
sql4dm1n2003




MyListener





ErrorServlet 

chapter04.ErrorServlet   



LoginServlet 

chapter04.LoginServlet

dburl

jdbc:mysql://localhost/test




LoginServlet
/login


ErrorServlet
/error



/login.html



403
/login.html




login
servlet
/login>
POST



manager



INTEGRAL





CLIENT-CERT
sales




manager




server.xml: (the part that matters)


I have a simple login page that access LoginServlet. I
get this error:

WARNING: Exception getting SSL Cert
java.net.SocketException: Socket Closed
INFO: SSL Error getting client Certs
javax.net.ssl.SSLProtocolException: handshake alert:
no_certificate
WARNING: Exception getting SSL Cert
javax.net.ssl.SSLProtocolException: handshake alert:
no_certificate

My tomcat SSL setup should be working fine because i
can access https://localhost:8443 and when i deploy my
war i do not see any problems with regards to my
keystore file. Can someone shed some light on this
issue?


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: problem with ssl

[Antony Paul]

You can check whether the keystore is properly created using the
following command

keytool -list -alias tomcat

rgds
Antony Paul


On 22 Feb 2005 12:24:05 +0600, Thavarajah Kurinchikumaran
<[EMAIL PROTECTED]> wrote:
> Hi all,
> 
> I am using tomcat as my local server.
> I removed some keystore files which I created earlier using the "keytool
> delete" command . Then I created new keystore file using the command
> below
> 
>  keytool -genkey -keyalg RSA -alias tomcat -keystore .keystore
> 
> But when I browse the secure page via the web it throws an error message
> "mozilla and localhost cannot communicate securely because they have no
> common encryption algorithms"
> 
> what should i do to eliminate this problem?
> 
> Thanks for any help
> 
> Regards
> Kumaran
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

problem with ssl

[Thavarajah Kurinchikumaran]

Hi all,

I am using tomcat as my local server.
I removed some keystore files which I created earlier using the "keytool
delete" command . Then I created new keystore file using the command
below

 keytool -genkey -keyalg RSA -alias tomcat -keystore .keystore

But when I browse the secure page via the web it throws an error message
"mozilla and localhost cannot communicate securely because they have no
common encryption algorithms"

what should i do to eliminate this problem?

Thanks for any help

Regards
Kumaran



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Problem with ssl

[Carl Olivier]

Hi.

Thanks.

Just cannot seem to see that attribute in the docs?  Maybe I am just blind!

:)

Carl 

-Original Message-
From: Bill Barker [mailto:[EMAIL PROTECTED] 
Sent: Saturday, November 20, 2004 9:42 PM
To: [EMAIL PROTECTED]
Subject: Re: Problem with ssl


"Carl Olivier" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Greetings.
>
> Where is this specified?  In which element?

The Connector (where all of the other SSL attributes are :).

>
> Thanks!
>
> Carl
>
> -Original Message-
> From: Bill Barker [mailto:[EMAIL PROTECTED]
> Sent: Saturday, November 20, 2004 4:42 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Problem with ssl
>
>
> <[EMAIL PROTECTED]> wrote in message 
> news:[EMAIL PROTECTED]
>> I'm using ssl with tomcat 5.0.28
>> I use a keystore that contains several certificates How can I tell 
>> tomcat which one to use for SSL transaction ?
>> Is there a parameter like "alias" ?
>>
>
> The correct attribute is 'keyAlias' to specify which cert Tomcat 
> should use.
>
>> Valerie
>
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with ssl

[Bill Barker]

"Carl Olivier" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> Greetings.
>
> Where is this specified?  In which element?

The Connector (where all of the other SSL attributes are :).

>
> Thanks!
>
> Carl
>
> -Original Message-
> From: Bill Barker [mailto:[EMAIL PROTECTED]
> Sent: Saturday, November 20, 2004 4:42 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Problem with ssl
>
>
> <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>> I'm using ssl with tomcat 5.0.28
>> I use a keystore that contains several certificates How can I tell
>> tomcat which one to use for SSL transaction ?
>> Is there a parameter like "alias" ?
>>
>
> The correct attribute is 'keyAlias' to specify which cert Tomcat should 
> use.
>
>> Valerie
>
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED] 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Problem with ssl

[Carl Olivier]

Greetings.

Where is this specified?  In which element?

Thanks!

Carl

-Original Message-
From: Bill Barker [mailto:[EMAIL PROTECTED] 
Sent: Saturday, November 20, 2004 4:42 AM
To: [EMAIL PROTECTED]
Subject: Re: Problem with ssl


<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> I'm using ssl with tomcat 5.0.28
> I use a keystore that contains several certificates How can I tell 
> tomcat which one to use for SSL transaction ?
> Is there a parameter like "alias" ?
>

The correct attribute is 'keyAlias' to specify which cert Tomcat should use.

> Valerie




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with ssl

[Bill Barker]

<[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> I'm using ssl with tomcat 5.0.28
> I use a keystore that contains several certificates
> How can I tell tomcat which one to use for SSL transaction ?
> Is there a parameter like "alias" ?
>

The correct attribute is 'keyAlias' to specify which cert Tomcat should use.

> Valerie 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with ssl

[Sailing Cai]

You can config SSL with Tomcat5.0.28 by read these:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html


On Fri, 19 Nov 2004 15:52:58 +0100, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> I'm using ssl with tomcat 5.0.28
> I use a keystore that contains several certificates
> How can I tell tomcat which one to use for SSL transaction ?
> Is there a parameter like "alias" ?
> 
> Valerie
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Problem with ssl

[valerie . bauche]

I'm using ssl with tomcat 5.0.28
I use a keystore that contains several certificates
How can I tell tomcat which one to use for SSL transaction ?
Is there a parameter like "alias" ?

Valerie



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Problem with SSL configuration

[binoy.patrick]

Yes I tried that, still I get the same error.


Binoy



-Original Message-
From: Dennis Dai [mailto:[EMAIL PROTECTED] 
Sent: 06 August 2004 09:12
To: Tomcat Users List
Subject: Re: Problem with SSL configuration

On 8/6/2004 1:05 AM, [EMAIL PROTECTED] wrote:

> maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75"
>enableLookups="false" disableUploadTimeout="true"
>acceptCount="100" debug="0" scheme="https"
secure="true">
>   className="org.apache.coyote.tomcat5.CoyoteConnector"
>  clientAuth="false" sslProtocol="TLS" 
>  keystorePass = "binoy"/>
^ ^
Can you get rid of these spaces and try again?

> 

-- 
Dennis Dai
[EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SSL configuration

[Dennis Dai]

On 8/6/2004 1:05 AM, [EMAIL PROTECTED] wrote:

maxSpareThreads="75"
   enableLookups="false" disableUploadTimeout="true"
   acceptCount="100" debug="0" scheme="https" secure="true">
	
  	 className="org.apache.coyote.tomcat5.CoyoteConnector"
 clientAuth="false" sslProtocol="TLS" 
 keystorePass = "binoy"/>
   ^ ^
Can you get rid of these spaces and try again?

--
Dennis Dai
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Problem with SSL configuration

[binoy.patrick]

Hi all,
  Can somebody help me in solving this?

Regards
Binoy



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 05 August 2004 16:06
To: [EMAIL PROTECTED]
Subject: RE: Problem with SSL configuration 

Hi,
  This is how my server.xml looks like






Binoy


-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED] 
Sent: 05 August 2004 14:27
To: Tomcat Users List
Subject: RE: Problem with SSL configuration 


Hi,
You don't have to quote the whole stack trace ;)  Can you post your
server.xml, as some attribute type is incorrect apparently? ;)

Yoav Shapira
Millennium Research Informatics


>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>Sent: Thursday, August 05, 2004 9:25 AM
>To: [EMAIL PROTECTED]
>Subject: Problem with SSL configuration
>
>Hi,
>   I have configured SSL with Tomcat, I get this error when starting
>Tomcat
>
>   04-Aug-2004 17:16:55 org.apache.commons.digester.Digester endElement
>SEVERE: End event threw exception
>java.lang.IllegalArgumentException: argument type mismatch
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>at>

...
>Can somebody help me please?
>
>
>




This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential,
proprietary and/or privileged.  This e-mail is intended only for the
individual(s) to whom it is addressed, and may not be saved, copied,
printed, disclosed or used by anyone else.  If you are not the(an)
intended recipient, please immediately delete this e-mail from your
computer system and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Problem with SSL configuration

[binoy.patrick]

Hi,
   I have configured SSL with Tomcat, I get this error when starting
Tomcat 

   04-Aug-2004 17:16:55 org.apache.commons.digester.Digester endElement
SEVERE: End event threw exception
java.lang.IllegalArgumentException: argument type mismatch
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:2
52)
at
org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256)
at org.apache.commons.digester.Rule.end(Rule.java:276)
at
org.apache.commons.digester.Digester.endElement(Digester.java:1058)
at
org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.ja
va:76)
at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at
org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(U
nknown Source
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDis
patcher.dispa
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unkno
wn Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
Source)
at
org.apache.commons.digester.Digester.parse(Digester.java:1548)
at org.apache.catalina.startup.Catalina.load(Catalina.java:489)
at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421)
Catalina.start using conf/server.xml:
java.lang.IllegalArgumentException: argument type mismatch
java.lang.IllegalArgumentException: argument type mismatch
at
org.apache.commons.digester.Digester.createSAXException(Digester.java:25
40)
at
org.apache.commons.digester.Digester.createSAXException(Digester.java:25
66)
at
org.apache.commons.digester.Digester.endElement(Digester.java:1061)
at
org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.ja
va:76)
at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at
org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(U
nknown Source
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDis
patcher.dispa
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unkno
wn Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
Source)
at
org.apache.commons.digester.Digester.parse(Digester.java:1548)
at org.apache.catalina.startup.Catalina.load(Catalina.java:489)
at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421)
...
Can somebody help me please?

RE: Problem with SSL configuration

[binoy.patrick]

Hi,
  This is how my server.xml looks like






Binoy


-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED] 
Sent: 05 August 2004 14:27
To: Tomcat Users List
Subject: RE: Problem with SSL configuration 


Hi,
You don't have to quote the whole stack trace ;)  Can you post your
server.xml, as some attribute type is incorrect apparently? ;)

Yoav Shapira
Millennium Research Informatics


>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>Sent: Thursday, August 05, 2004 9:25 AM
>To: [EMAIL PROTECTED]
>Subject: Problem with SSL configuration
>
>Hi,
>   I have configured SSL with Tomcat, I get this error when starting
>Tomcat
>
>   04-Aug-2004 17:16:55 org.apache.commons.digester.Digester endElement
>SEVERE: End event threw exception
>java.lang.IllegalArgumentException: argument type mismatch
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
v
>a:39)
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
r
>Impl.java:25)
>at java.lang.reflect.Method.invoke(Method.java:324)
>at
>org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:
2
>52)
>at
>org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256)
>at org.apache.commons.digester.Rule.end(Rule.java:276)
>at
>org.apache.commons.digester.Digester.endElement(Digester.java:1058)
>at
>org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.j
a
>va:76)
>at
>org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
>at
>org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknow
n
>Source)
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(
U
>nknown Source
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDi
s
>patcher.dispa
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unkn
o
>wn Source)
>at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
>Source)
>at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
>Source)
>at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
>Source)
>at
>org.apache.commons.digester.Digester.parse(Digester.java:1548)
>at org.apache.catalina.startup.Catalina.load(Catalina.java:489)
>at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
v
>a:39)
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
r
>Impl.java:25)
>at java.lang.reflect.Method.invoke(Method.java:324)
>at
>org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
>at
>org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421)
>Catalina.start using conf/server.xml:
>java.lang.IllegalArgumentException: argument type mismatch
>java.lang.IllegalArgumentException: argument type mismatch
>at
>org.apache.commons.digester.Digester.createSAXException(Digester.java:2
5
>40)
>at
>org.apache.commons.digester.Digester.createSAXException(Digester.java:2
5
>66)
>at
>org.apache.commons.digester.Digester.endElement(Digester.java:1061)
>at
>org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.j
a
>va:76)
>at
>org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
>at
>org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknow
n
>Source)
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(
U
>nknown Source
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDi
s
>patcher.dispa
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unkn
o
>wn Source)
>at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
>Source)
>at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
>Source)
>at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
>Source)
>at
>org.apache.commons.digester.Digester.parse(Digester.java:1548)
>at org.apache.catalina.startup.Catalina.load(Catalina.java:489)
>at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
>   

RE: Problem with SSL configuration

[Shapira, Yoav]

Hi,
You don't have to quote the whole stack trace ;)  Can you post your
server.xml, as some attribute type is incorrect apparently? ;)

Yoav Shapira
Millennium Research Informatics


>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>Sent: Thursday, August 05, 2004 9:25 AM
>To: [EMAIL PROTECTED]
>Subject: Problem with SSL configuration
>
>Hi,
>   I have configured SSL with Tomcat, I get this error when starting
>Tomcat
>
>   04-Aug-2004 17:16:55 org.apache.commons.digester.Digester endElement
>SEVERE: End event threw exception
>java.lang.IllegalArgumentException: argument type mismatch
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
v
>a:39)
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
r
>Impl.java:25)
>at java.lang.reflect.Method.invoke(Method.java:324)
>at
>org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:
2
>52)
>at
>org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256)
>at org.apache.commons.digester.Rule.end(Rule.java:276)
>at
>org.apache.commons.digester.Digester.endElement(Digester.java:1058)
>at
>org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.j
a
>va:76)
>at
>org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
>at
>org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknow
n
>Source)
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(
U
>nknown Source
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDi
s
>patcher.dispa
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unkn
o
>wn Source)
>at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
>Source)
>at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
>Source)
>at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
>Source)
>at
>org.apache.commons.digester.Digester.parse(Digester.java:1548)
>at org.apache.catalina.startup.Catalina.load(Catalina.java:489)
>at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
v
>a:39)
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
r
>Impl.java:25)
>at java.lang.reflect.Method.invoke(Method.java:324)
>at
>org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
>at
>org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421)
>Catalina.start using conf/server.xml:
>java.lang.IllegalArgumentException: argument type mismatch
>java.lang.IllegalArgumentException: argument type mismatch
>at
>org.apache.commons.digester.Digester.createSAXException(Digester.java:2
5
>40)
>at
>org.apache.commons.digester.Digester.createSAXException(Digester.java:2
5
>66)
>at
>org.apache.commons.digester.Digester.endElement(Digester.java:1061)
>at
>org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.j
a
>va:76)
>at
>org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
>at
>org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknow
n
>Source)
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(
U
>nknown Source
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDi
s
>patcher.dispa
>at
>org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unkn
o
>wn Source)
>at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
>Source)
>at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
>Source)
>at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
>Source)
>at
>org.apache.commons.digester.Digester.parse(Digester.java:1548)
>at org.apache.catalina.startup.Catalina.load(Catalina.java:489)
>at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
v
>a:39)
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
r
>Im

Re: Problem with SSL configuration

[QM]

On Thu, Aug 05, 2004 at 09:26:55AM -0400, Shapira, Yoav wrote:
: You don't have to quote the whole stack trace ;)

I dunno.  I'd prefer people include the entire thing (up to the
RootCause, at least)... just not in-line.  ;)

It's like lab reports in the days before word processing was cheap:
"please see chart/table X, appended to the end of this report."

(Admitted, this time the stack trace was superfluous, but usually...)
-QM

-- 

software  -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Problem with SSL on Tomcat 4.1.29 & IE

[Daneel Pang]

Hi,

I ran into a strange problem with SSL configuration in
Tomcat 4.1.29.   I had configured https://zeus:8443/
and tried it out with Lynx-ssl and it was able to
access it, but when I tried to access it using IE
(several versions), I keep getting the Cannot Find
Server (The page cannot be displayed) error.  

But it was able to access http://zeus:8080/ so it can
find the server, but somehow can't connect to the
HTTPS port (and there's no firewall since it's on the
LAN).  There is nothing in the logs on it being
connected or any errors... 

Not sure if anyone has any idea what's going on? 
Apprecaite the help!

The relevant server.xml portion below:
^M
  ^M

and catalina.log shows they were started ok:
Apr 6, 2004 11:01:42 AM
org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on port 8080
Apr 6, 2004 11:01:42 AM
org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on port 8090
Apr 6, 2004 11:01:50 AM
org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on port 8443
Starting service Tomcat-Standalone
Apache Tomcat/4.1.29


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Problem with SSL on Tomcat 4.1.12 on win2k

[talkingstone]

I apologize in advance if this has been covered but while trying to follow
some examples, SSL is not working properly.  It hangs during execution.  I'm
sure you probably need more info but I'm too green to know what you might
expect.

Also, please give me a few tips on "searching the list archive".  I've seen
that advice a few times but cannot find a searchable archive except the one
on jGuru.

Thanks,
Dave


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Tomcat - Apache - AJP 13 strange Problem with SSL

[Brandon Cruz]

Hi,
We are using Tomcat 3.2.4 connected to Apache 1.3.x.  We have been using
Apache to handle SSL, but want to use some JSP's in the secure section, so
we need to forward those requests to Tomcat.  We have set up a secure
context in Tomcat for the virtual host.  Whenever someone accesses a url
with /secure* in it, we send those requests to Tomcat.  This works fine
except in one very strange scenario.

The very first time a computer tries to access a jsp file in this /secure*
context, a "page can't be displayed" error comes up in IE.  If the user hits
back, then submits again, everything works fine.  There are never anymore
problems when using that specific client machine.

This is VERY frustrating, as we have been looking a long time for the
solution and nothing seems to work.  Does anyone know a solution to this
problem???


Brandon


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

problem with SSL

[jmorgan]

Hello,

My system is:

Windows 2000 Server
Tomcat 4.0.3
Java 2 SDK 1.4.0
Running on local intranet (for now)

Problem:

I've created a certificate keystore using the instructions at
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html.
I've edited server.xml with my keystoreFile (keystoreFile="c:
\jakarta-tomcat-4.0.3\conf\.keystore) and keystorePass (keystorePass="
") and uncommented the SSL section.

When I restart Tomcat and try to access the server using HTTPS, I get a "
Cannot find server or DNS Error" error.  If I try http://servername:443, I
get a page with "

" as the first line.  Also, when first starting the
server, it takes a while for HTTP to be accessible.  No errors in the logs
from what I can tell.

Any help would be appreciated.

Thanks,

Jonathan Morgan
Kenna Marketing
(204) 982-1210
http://www.thekennagroup.com

p.s.
For anyone that helped me with my JSESSIONID issue, it took a rebuild of
the server to solve it.  I think the fact that Sybase was originally
installed on the server may have had something to do with it, because that
was the only difference in the system.


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

problem with SSL

[Daniel Thomas]

Sorry if you have just recieved this, I am new!!

help,

I have been trying to set up the security option of tomcat but I can't work
out what is going wrong here. I have set it up exactly how it says in the
docs, but I seem to be having a problem with my policy. I have included the
command line args,the stack trace and the policy below. Has anybody got any
ideas, am I seting up the policy right.

%JAVA_HOME%\bin\java
%TOMCAT_OPTS% -Djava.security.manager -Djava.security.policy=="%TOMCAT_HOME%
/conf/tomcat.policy" -Dtomcat.home="%TOMCAT_HOME%"
org.apache.tomcat.startup.Tomcat %3 %4 %5 %6 %7 %8 %9

java.security.AccessControlException: access denied (java.io.FilePermission
C:\t
omcat\webapps\bugrat\WEB-INF\classes read)
at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:272)
at
java.security.AccessController.checkPermission(AccessController.java:
399)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkRead(SecurityManager.java:890)
at java.io.File.isDirectory(File.java:564)
at
org.apache.tomcat.loader.AdaptiveClassLoader.loadClass(AdaptiveClassL
oader.java:481)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at
org.gjt.bugrat.servlet.BugRatServlet.init(BugRatServlet.java:5266)
at org.gjt.bugrat.servlet.BugRatLogin.init(BugRatLogin.java:35)
at
org.apache.tomcat.core.ServletWrapper.doInit(ServletWrapper.java:317)

at org.apache.tomcat.core.Handler.init(Handler.java:215)
at
org.apache.tomcat.core.ServletWrapper.init(ServletWrapper.java:296)
at
org.apache.tomcat.context.LoadOnStartupInterceptor.contextInit(LoadOn
StartupInterceptor.java:130)
at
org.apache.tomcat.core.ContextManager.initContext(ContextManager.java
:491)
at
org.apache.tomcat.core.ContextManager.init(ContextManager.java:453)
at org.apache.tomcat.startup.Tomcat.execute(Tomcat.java:195)
at org.apache.tomcat.startup.Tomcat.main(Tomcat.java:235)
cannot load servlet name: BugRatLogin
java.security.AccessControlException: access denied (java.io.FilePermission
C:\t
omcat\webapps\bugrat\WEB-INF\classes read)
at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:272)
at
java.security.AccessController.checkPermission(AccessController.java:
399)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkRead(SecurityManager.java:890)
at java.io.File.isDirectory(File.java:564)
at
org.apache.tomcat.loader.AdaptiveClassLoader.loadClass(AdaptiveClassL
oader.java:481)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at
org.gjt.bugrat.servlet.BugRatServlet.init(BugRatServlet.java:5266)
at org.gjt.bugrat.servlet.BugRatAdmin.init(BugRatAdmin.java:72)
at
org.apache.tomcat.core.ServletWrapper.doInit(ServletWrapper.java:317)

at org.apache.tomcat.core.Handler.init(Handler.java:215)
at
org.apache.tomcat.core.ServletWrapper.init(ServletWrapper.java:296)
at
org.apache.tomcat.context.LoadOnStartupInterceptor.contextInit(LoadOn
StartupInterceptor.java:130)
at
org.apache.tomcat.core.ContextManager.initContext(ContextManager.java
:491)
at
org.apache.tomcat.core.ContextManager.init(ContextManager.java:453)
at org.apache.tomcat.startup.Tomcat.execute(Tomcat.java:195)
at org.apache.tomcat.startup.Tomcat.main(Tomcat.java:235)
cannot load servlet name: BugRatAdmin
java.security.AccessControlException: access denied (java.io.FilePermission
C:\t
omcat\webapps\bugrat\WEB-INF\classes read)
at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:272)
at
java.security.AccessController.checkPermission(AccessController.java:
399)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkRead(SecurityManager.java:890)
at java.io.File.isDirectory(File.java:564)
at
org.apache.tomcat.loader.AdaptiveClassLoader.loadClass(AdaptiveClassL
oader.java:481)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at
org.gjt.bugrat.servlet.BugRatServlet.init(BugRatServlet.java:5266)
at org.gjt.bugrat.servlet.BugRatReport.init(BugRatReport.java:71)
at
org.apache.tomcat.core.ServletWrapper.doInit(ServletWrapper.java:317)

at org.apache.tomcat.core.Handler.init(Handler.java:215)
at
org.apache.tomcat.core.ServletWrapper.init(ServletWrapper.java:296)
at
org.apache.tomcat.context.LoadOnStartupInterceptor.contextInit(LoadOn
StartupInterceptor.java:130)
at
org.apache.tomcat.c

Re: session maintenance problem with: ssl + cookies disabled

[Wolle]

Hello,
jep that's is ab bug ,
see:  http://nagoya.apache.org/bugzilla/show_bug.cgi?id=578
there is a workaround in it, and it will work with it,
on the next release the Bug will be fixed. (3.2.2)

Greetings,
Michael

[EMAIL PROTECTED] wrote:

> When I disable cookies in browser and use ssl connection (default https
> connector) session maintaining via URL rewriting does not work. One can try it
> with example from binary distribution: examples/servlet/SessionExample.
>
> Seems like a bug to me.
>
> Maciek Kaminski
> [EMAIL PROTECTED]

session maintenance problem with: ssl + cookies disabled

[maciejka]

When I disable cookies in browser and use ssl connection (default https 
connector) session maintaining via URL rewriting does not work. One can try it 
with example from binary distribution: examples/servlet/SessionExample. 

Seems like a bug to me.


Maciek Kaminski
[EMAIL PROTECTED]