ssl connector
In server.xml I configured an ssl connector like this:
Connector port=8443 address=${jboss.bind.address} maxThreads=100
strategy=ms maxHttpHeaderSize=8192 emptySessionPath=true
scheme=https secure=true clientAuth=true
keystoreFile=${jboss.server.home.dir}/keystore keystorePass=xx
password=yy
sslProtocol = TLS /
clientAuth=true requires a client certificate. If a user doesn't have a
certificate, I would like to redirect to a http-connection or show a costum
error page. how can I realize this redirect/error page in the connector?
Any thoughts?
Cheers,
Dani
The information contained herein is confidential and is intended solely for the
addressee. Access by any other party is unauthorised without the express
written permission of the sender. If you are not the intended recipient, please
contact the sender either via the company switchboard on +44 (0)20 7623 8000, or
via e-mail return. If you have received this e-mail in error or wish to read our
e-mail disclaimer statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender. 3166
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
SSL Connector + truststore refresh without bouncing tomcat
Hello, I'm using ssl client authentication with Tomcat 5.0.28. I have configured it to use my truststoreFile and all works fine there. I have added a feature to my webapp (The freebXML Registry, http://ebxmlrr.sourceforge.net/) to allow the user to register his own certificate when creating an user account. The certificate gets added to truststoreFile and other account details are set. My problem is that the SSL Connector will only read the truststoreFile when it is initialized. What I would like to have something monitoring the keystore file for changes and reload it to to the connector when it happens. I could not find a way to do it yet by checking the source for JSSEConnector (method init() triggers keystore loading). Has anybody done something similar?? Another posibility would be to re-initialize the connector every hour, fo instance. There would be some delay after registration but user could be pacient and wait a bit. Is this easy to achieve/configure?? Thanks, Diego -- Diego Ballve Digital Artefacts Europe http://www.digital-artefacts.fi/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Connector + truststore refresh without bouncing tomcat
Diego Ballve [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I'm using ssl client authentication with Tomcat 5.0.28. I have configured it to use my truststoreFile and all works fine there. I have added a feature to my webapp (The freebXML Registry, http://ebxmlrr.sourceforge.net/) to allow the user to register his own certificate when creating an user account. The certificate gets added to truststoreFile and other account details are set. My problem is that the SSL Connector will only read the truststoreFile when it is initialized. What I would like to have something monitoring the keystore file for changes and reload it to to the connector when it happens. I could not find a way to do it yet by checking the source for JSSEConnector (method init() triggers keystore loading). Has anybody done something similar?? Strangely, there seems to be more requests to do this sort of thing. Take a look at http://issues.apache.org/bugzilla/show_bug.cgi?id=34643. It's possible to bounce the Connector using JMX (which probably isn't good enough, since it bounces already-connected sessions as well). Otherwise, no, Tomcat currently initializes the TrustStore on startup, and won't re-initialize it afterwards. As always, patches are always welcome :). Another posibility would be to re-initialize the connector every hour, fo instance. There would be some delay after registration but user could be pacient and wait a bit. Is this easy to achieve/configure?? Thanks, Diego -- Diego Ballve Digital Artefacts Europe http://www.digital-artefacts.fi/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL Connector with client auth in TC 5.5.9
We are switching to TC 5.5.9 in an embedded server. In version 5.0.29, whe configured SSL with client auth as follows: CoyoteConnector connector = new CoyoteConnector(); connector.setAddress( host ); connector.setPort( port ); connector.setSecure(true); connector.setCiphers( SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA ); CoyoteServerSocketFactory factory = new CoyoteServerSocketFactory(); factory.setClientAuth( true ); factory.setKeystoreFile( keyStore ); factory.setKeystorePass( *** ); factory.setProtocol( TLS ); connector.setFactory( factory ); In 5.5.9 whe use org.apache.catalina.connector.Connector connector; connector = webServer.createConnector( host, port, true); but we cannot find out how to set the Socket Factory for client auth. Are we missing something with the new Connector class? Thanks in advance Domenico Aquilino - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
CRL configuration with SSL connector
Is it possible to define a CRL to be checked by tomcat when using SSL ? Thanks for your help, Alain. PS: Where can I find a full description of configuration attributes of the coyote connector ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat (embedded in JBoss) hangs during startup of SSL connector
Hi, solved the problem on my own. It was the linux implementation of Securenumber class that froze the whole tomcat. Adding -Djava.security.egd=urandom to the start command solved the problem. Nicolai -Ursprüngliche Nachricht- Von: Nicolai Bieber [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 17. Dezember 2003 17:27 An: [EMAIL PROTECTED] Betreff: Tomcat (embedded in JBoss) hangs during startup of SSL connector Hi there, I've encountered a strange problem while starting jboss 3.2.1 (including tomcat 4.1.24) with the SSL-Connector enabled on port 443: Symptom: The server hangs while initializing the SSL-connector and never comes back (at least not for several hours). So the whole start-up processes is frozen. The last two lines in the log are: 2003-12-17 13:24:08,268 DEBUG [org.apache.coyote.http11.Http11Protocol] Attribute sslImplementation: null 2003-12-17 13:24:08,268 DEBUG [org.apache.tomcat.util.threads.ThreadPool] Getting new thread data This only occurs on two servers of a customer of ours. The same setup works out just fine on other servers. The configuration is: Suse Linux 7.3 (that is kernel 2.4.10) JBoss 3.2.1 with Tomcat 4.1.24 j2sdk 1.4.2_01 Tomcat listens to port 80 and 443 (just commented out the SSL-Connector in the config file) Security patch of US_export_policy.jar;local_policy.jar for strong encryption was done (and undone withaout any change) I already tried this without any success: - using another port for SSL (80, 8443, 9443) - j2sdk 1.4.2_03, j2sdk 1.4.1_05 - different keystore files - using wrong password = tomcat gives correct exception But: The server starts if operated with JDK 1.3.1_01 but that's unfortunaly no option for our application. I already thought about using the newest JBoss 3.2.3 with the Tomcat 4.1.29, because I saw some serious refactoring in the SSL support (separate classes for JDK 1.4). Due to the fact, that we have about 30 installation of our software based on JBoss 3.2.1 and the new version would have been tested intensivly, the update is not a short term solution. I also filled up the tomcat code with debug output and so I found that the line that actually hangs is: context.init(kmf.getKeyManagers(), tm, new java.security.SecureRandom()); in the initProxy() method of org.apache.tomcat.util.net.jsse.JSSESocketFactory From there it goes into SUN's JSSE-Provider (and never comes back). By the way: If I go through the JSSE code I see obvious (as it seems) infinite loop, which would explain initProxy() invokes SSLContext.init(...) in SSLContext, which just delegates to SSLContextSpi.engineInit(...), which is a abstract method only implemented by SSLContextSpiWrapper.engineInit(...), where we find return statement, but a invokation of SSLContext.init(...) at the end of the method, that makes the circle perfect. On the other hand: How does this work out on all the other installations? May I be tricked by the decompiler? Nicolai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat (embedded in JBoss) hangs during startup of SSL connector
Hi there, I've encountered a strange problem while starting jboss 3.2.1 (including tomcat 4.1.24) with the SSL-Connector enabled on port 443: Symptom: The server hangs while initializing the SSL-connector and never comes back (at least not for several hours). So the whole start-up processes is frozen. The last two lines in the log are: 2003-12-17 13:24:08,268 DEBUG [org.apache.coyote.http11.Http11Protocol] Attribute sslImplementation: null 2003-12-17 13:24:08,268 DEBUG [org.apache.tomcat.util.threads.ThreadPool] Getting new thread data This only occurs on two servers of a customer of ours. The same setup works out just fine on other servers. The configuration is: Suse Linux 7.3 (that is kernel 2.4.10) JBoss 3.2.1 with Tomcat 4.1.24 j2sdk 1.4.2_01 Tomcat listens to port 80 and 443 (just commented out the SSL-Connector in the config file) Security patch of US_export_policy.jar;local_policy.jar for strong encryption was done (and undone withaout any change) I already tried this without any success: - using another port for SSL (80, 8443, 9443) - j2sdk 1.4.2_03, j2sdk 1.4.1_05 - different keystore files - using wrong password = tomcat gives correct exception But: The server starts if operated with JDK 1.3.1_01 but that's unfortunaly no option for our application. I already thought about using the newest JBoss 3.2.3 with the Tomcat 4.1.29, because I saw some serious refactoring in the SSL support (separate classes for JDK 1.4). Due to the fact, that we have about 30 installation of our software based on JBoss 3.2.1 and the new version would have been tested intensivly, the update is not a short term solution. I also filled up the tomcat code with debug output and so I found that the line that actually hangs is: context.init(kmf.getKeyManagers(), tm, new java.security.SecureRandom()); in the initProxy() method of org.apache.tomcat.util.net.jsse.JSSESocketFactory From there it goes into SUN's JSSE-Provider (and never comes back). By the way: If I go through the JSSE code I see obvious (as it seems) infinite loop, which would explain initProxy() invokes SSLContext.init(...) in SSLContext, which just delegates to SSLContextSpi.engineInit(...), which is a abstract method only implemented by SSLContextSpiWrapper.engineInit(...), where we find return statement, but a invokation of SSLContext.init(...) at the end of the method, that makes the circle perfect. On the other hand: How does this work out on all the other installations? May I be tricked by the decompiler? Nicolai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
need attribute for java key password for ssl connector
I have a customer that has assigned a password to his private key and a separate password to his keystore...and is unwilling to make them the same. I can't get Tomcat (using 4.0) to access the cert in his keystore because I can't figure out what attribute to use to specify the key password. I have the attribute for the keystore password, keystorePass, set correctly. Any ideas? Ian
SSL Connector attributes
I am trying to find out what all of the possible values are for the 'algorithm' and 'protocol' attributes of the Factory element in the HTTPS connector. I have looked all over the web and have only found a reference to the existence of the 'algorithm' attribute, but no usage examples. Also, the only example for the 'protocol' attribute I can find is the one included in the configuration file, protocol=TLS. Does anyone know what the possible values are? Ian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Connector attributes
That's largely because they depend on your JSSE provider. I believe that most providers will also support 'SSL3' and 'SSL2' as protocol attributes (but I don't recommend either of them, so I won't actually try it :). I know that if you are using IBM's 1.4.x JVM, that you need to set the protocol to 'IbmX509'. If you are using another vendor besides Sun or IBM, consult their documentation for the correct value to use. Ian Elverson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am trying to find out what all of the possible values are for the 'algorithm' and 'protocol' attributes of the Factory element in the HTTPS connector. I have looked all over the web and have only found a reference to the existence of the 'algorithm' attribute, but no usage examples. Also, the only example for the 'protocol' attribute I can find is the one included in the configuration file, protocol=TLS. Does anyone know what the possible values are? Ian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat 4.1.12 ssl connector stop responding
i'm using tomcat 4.1.12 on jdsk 1.4.0 as a standalone server with coyote http 1.1 connector having http (8080) connector accessible from internal lan only and https (8443) accessible from external hosts (natted to port 443) after two-three days tomcat stops responding on the https connector (runs ok on http) without any exception or log trace. any hint? follows my connector configuration. what about useURIValidationHack (can't find any documentation on this) ? thank you Connector className=org.apache.coyote.tomcat4.CoyoteConnector acceptCount=10 bufferSize=2048 connectionTimeout=6 debug=0 enableLookups=false maxProcessors=10 minProcessors=5 port=8443 protocolHandlerClassName=org.apache.coyote.http11.Http11Protocol proxyPort=0 redirectPort=8443 scheme=https secure=true tcpNoDelay=true useURIValidationHack=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false keystoreFile=/var/tomcat4/.keystore keystorePass=*** keystoreType=JKS protocol=TLS randomFile=/var/tomcat4/random.pem rootFile=/var/tomcat4/root.pem/ /Connector --- Ing. Marco Baiguera Web Application Designer T.C.TELECENTRAL s.r.l. Via Fura, 10 25122 Brescia - Italy Tel +39 030 3510711 Int + 39 030 3510816 NB. Nel rispetto della legge sulla privacy è fatto divieto di includere il presente indirizzo email in CC, Forwards e Mailing list senza previa autorizzazione. In caso di violazione della suddetta richiesta sarete perseguiti legalmente. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat 4.1.12 ssl connector stop responding
I know there was a bug with the coyote connector for tomcat 4.1.12 as I configured with apache. I upgraded to 4.1.18 and I have had no problems. -Original Message- From: ing.Marco Baiguera [mailto:[EMAIL PROTECTED]] Sent: Tue, February 04, 2003 5:09 AM To: [EMAIL PROTECTED] Subject: tomcat 4.1.12 ssl connector stop responding i'm using tomcat 4.1.12 on jdsk 1.4.0 as a standalone server with coyote http 1.1 connector having http (8080) connector accessible from internal lan only and https (8443) accessible from external hosts (natted to port 443) after two-three days tomcat stops responding on the https connector (runs ok on http) without any exception or log trace. any hint? follows my connector configuration. what about useURIValidationHack (can't find any documentation on this) ? thank you Connector className=org.apache.coyote.tomcat4.CoyoteConnector acceptCount=10 bufferSize=2048 connectionTimeout=6 debug=0 enableLookups=false maxProcessors=10 minProcessors=5 port=8443 protocolHandlerClassName=org.apache.coyote.http11.Http11Protocol proxyPort=0 redirectPort=8443 scheme=https secure=true tcpNoDelay=true useURIValidationHack=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false keystoreFile=/var/tomcat4/.keystore keystorePass=*** keystoreType=JKS protocol=TLS randomFile=/var/tomcat4/random.pem rootFile=/var/tomcat4/root.pem/ /Connector --- Ing. Marco Baiguera Web Application Designer T.C.TELECENTRAL s.r.l. Via Fura, 10 25122 Brescia - Italy Tel +39 030 3510711 Int + 39 030 3510816 NB. Nel rispetto della legge sulla privacy è fatto divieto di includere il presente indirizzo email in CC, Forwards e Mailing list senza previa autorizzazione. In caso di violazione della suddetta richiesta sarete perseguiti legalmente. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Non-ssl connector to port 80
I am running tomcat 4.1.8 on redhat 8 and having this problems when i try to bind the non-ssl connector to port 80, whereas if i bind to port 8080 i don't have this problems. Can anybody please help, i am linux novice so don't really knows the work around. Thanks Cheers Stephen Catalina.start: LifecycleException: null.open: java.net.BindException: Permission denied:80 LifecycleException: null.open: java.net.BindException: Permission denied:80 at org.apache.catalina.connector.http.HttpConnector.initialize(Unknown Source) at org.apache.catalina.core.StandardService.initialize(Unknown Source) at org.apache.catalina.core.StandardServer.initialize(Unknown Source) at org.apache.catalina.startup.Catalina.start(Unknown Source) at org.apache.catalina.startup.Catalina.execute(Unknown Source) at org.apache.catalina.startup.Catalina.process(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Unknown Source) - Root Cause - java.net.BindException: Permission denied:80 at org.apache.catalina.connector.http.HttpConnector.open(Unknown Source) at org.apache.catalina.connector.http.HttpConnector.initialize(Unknown Source) at org.apache.catalina.core.StandardService.initialize(Unknown Source) at org.apache.catalina.core.StandardServer.initialize(Unknown Source) at org.apache.catalina.startup.Catalina.start(Unknown Source) at org.apache.catalina.startup.Catalina.execute(Unknown Source) at org.apache.catalina.startup.Catalina.process(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Unknown Source)
RE: Non-ssl connector to port 80
On Linux if you have to bind to any port below 1024 then it needs to be done as root. I am guessing that you are starting up Tomcat as a non root user on Linux. That is why you cant bind to port 80 and can bind to port 8080. Hope this helps. -Original Message- From: Stephen Ting [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 6:23 PM To: [EMAIL PROTECTED] Subject: Non-ssl connector to port 80 I am running tomcat 4.1.8 on redhat 8 and having this problems when i try to bind the non-ssl connector to port 80, whereas if i bind to port 8080 i don't have this problems. Can anybody please help, i am linux novice so don't really knows the work around. Thanks Cheers Stephen Catalina.start: LifecycleException: null.open: java.net.BindException: Permission denied:80 LifecycleException: null.open: java.net.BindException: Permission denied:80 at org.apache.catalina.connector.http.HttpConnector.initialize(Unknown Source) at org.apache.catalina.core.StandardService.initialize(Unknown Source) at org.apache.catalina.core.StandardServer.initialize(Unknown Source) at org.apache.catalina.startup.Catalina.start(Unknown Source) at org.apache.catalina.startup.Catalina.execute(Unknown Source) at org.apache.catalina.startup.Catalina.process(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Unknown Source) - Root Cause - java.net.BindException: Permission denied:80 at org.apache.catalina.connector.http.HttpConnector.open(Unknown Source) at org.apache.catalina.connector.http.HttpConnector.initialize(Unknown Source) at org.apache.catalina.core.StandardService.initialize(Unknown Source) at org.apache.catalina.core.StandardServer.initialize(Unknown Source) at org.apache.catalina.startup.Catalina.start(Unknown Source) at org.apache.catalina.startup.Catalina.execute(Unknown Source) at org.apache.catalina.startup.Catalina.process(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Unknown Source) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
HTTP and SSL Connector port problems
Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. I changed the HTTP Connector port from 8080 to 80 Then I uncommented the SSL Connector section and changed the SSL port from 8443 to 443 These are supposed to be well-known ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className= org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: HTTP and SSL Connector port problems
The reason that this is recommende is that you otherwise have to include the pot in every link. The reason why it doesn't work for you, is that ports below 1024 are restricted to users that have administrative right on the system. To use this ports you can do one of the following: - Run tomcat as administrator (If you feel comfortable with that) - Run tomcat behind IIS/Apache - Use a port mapping tool (Don't know if there is a well known for windows, I'm using mainly linux) -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 12:04 PM To: Tomcat Users List Subject: HTTP and SSL Connector port problems Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: HTTP and SSL Connector port problems
Sorry little typo below pot=port number -Original Message- From: Ralph Einfeldt Sent: Wednesday, November 20, 2002 12:11 PM To: Tomcat Users List; [EMAIL PROTECTED] Subject: RE: HTTP and SSL Connector port problems The reason that this is recommende is that you otherwise have to include the pot in every link. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: HTTP and SSL Connector port problems
Another good reason to change to 80/443 is the following issue: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73342.html http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 If you use a security-constraint confidential to force ssl you might have a problem with IE when using 8080/8443. Actually confidential should force the browser to reload a resource if you accessed it with http instead https. For Mozilla/Opera this works fine for me, with Internet Explorer the reload stalls and the browser stops loading. According to other posting you can fix it when using 80/443. I guess this is due to a url rewriting problem with IE. Maybe IE just changes the protocol from http to https instead of taking the port numbers into account aswell which can't work with non-standard ports...? The problem with IE only occurs when using non-standard ports such as 8080/8443 for http/https. If you use 80/443 you can avoid this IE bug in connection with the confidential settings. Then you don't need to hardcode absolute links. Don't know if you need that, but keep it in mind, if you use security constraints. The same problem occurs when using Apache in front of Tomcat. Tested both. IE will behave the same, so run Apache or Tomcat on 80/443 and don't forget to the the redirect ports in either the http1/1 connector and/or the Ajp-Connector. Mech P.S. Don't use Tomat 4.1.12 with SSL, upgrade to 4.1.14. Minor? ssl warning bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 20. November 2002 12:04 To: Tomcat Users List Subject: HTTP and SSL Connector port problems Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. I changed the HTTP Connector port from 8080 to 80 Then I uncommented the SSL Connector section and changed the SSL port from 8443 to 443 These are supposed to be well-known ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className= org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: HTTP and SSL Connector port problems
Strange! I've been testing HTTP with port 80, 8080, and even other ports for tunneling and HTTPS with port 443, 8443, and ohters for tunneling. They all work fine with IE v6.0 since TC v4.1.12 came out. Pae - Original Message - From: mech [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 20, 2002 3:33 AM Subject: RE: HTTP and SSL Connector port problems Another good reason to change to 80/443 is the following issue: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73342.html http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 If you use a security-constraint confidential to force ssl you might have a problem with IE when using 8080/8443. Actually confidential should force the browser to reload a resource if you accessed it with http instead https. For Mozilla/Opera this works fine for me, with Internet Explorer the reload stalls and the browser stops loading. According to other posting you can fix it when using 80/443. I guess this is due to a url rewriting problem with IE. Maybe IE just changes the protocol from http to https instead of taking the port numbers into account aswell which can't work with non-standard ports...? The problem with IE only occurs when using non-standard ports such as 8080/8443 for http/https. If you use 80/443 you can avoid this IE bug in connection with the confidential settings. Then you don't need to hardcode absolute links. Don't know if you need that, but keep it in mind, if you use security constraints. The same problem occurs when using Apache in front of Tomcat. Tested both. IE will behave the same, so run Apache or Tomcat on 80/443 and don't forget to the the redirect ports in either the http1/1 connector and/or the Ajp-Connector. Mech P.S. Don't use Tomat 4.1.12 with SSL, upgrade to 4.1.14. Minor? ssl warning bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 20. November 2002 12:04 To: Tomcat Users List Subject: HTTP and SSL Connector port problems Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. I changed the HTTP Connector port from 8080 to 80 Then I uncommented the SSL Connector section and changed the SSL port from 8443 to 443 These are supposed to be well-known ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className= org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: HTTP and SSL Connector port problems
Also, everyone has different mileages. Just soemone did not able to figure out, that does not mean it's a bug. Pae Mech P.S. Don't use Tomat 4.1.12 with SSL, upgrade to 4.1.14. Minor? ssl warning bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: HTTP and SSL Connector port problems
I am already running tomcat as Administrator, but it stilll does not load. It just threw some exceptions and the window closed quickly. Did I miss something that I should I have changed in another place or file? On 20 Nov 2002 at 12:10, Ralph Einfeldt wrote: The reason that this is recommende is that you otherwise have to include the pot in every link. The reason why it doesn't work for you, is that ports below 1024 are restricted to users that have administrative right on the system. To use this ports you can do one of the following: - Run tomcat as administrator (If you feel comfortable with that) - Run tomcat behind IIS/Apache - Use a port mapping tool (Don't know if there is a well known for windows, I'm using mainly linux) -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 12:04 PM To: Tomcat Users List Subject: HTTP and SSL Connector port problems Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: HTTP and SSL Connector port problems
Did I miss something that I should I have changed in some other files or place? All I did was to change the ports number in server.xml On 20 Nov 2002 at 7:33, Pae Choi wrote: Strange! I've been testing HTTP with port 80, 8080, and even other ports for tunneling and HTTPS with port 443, 8443, and ohters for tunneling. They all work fine with IE v6.0 since TC v4.1.12 came out. Pae - Original Message - From: mech [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 20, 2002 3:33 AM Subject: RE: HTTP and SSL Connector port problems Another good reason to change to 80/443 is the following issue: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73342.html http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 If you use a security-constraint confidential to force ssl you might have a problem with IE when using 8080/8443. Actually confidential should force the browser to reload a resource if you accessed it with http instead https. For Mozilla/Opera this works fine for me, with Internet Explorer the reload stalls and the browser stops loading. According to other posting you can fix it when using 80/443. I guess this is due to a url rewriting problem with IE. Maybe IE just changes the protocol from http to https instead of taking the port numbers into account aswell which can't work with non-standard ports...? The problem with IE only occurs when using non-standard ports such as 8080/8443 for http/https. If you use 80/443 you can avoid this IE bug in connection with the confidential settings. Then you don't need to hardcode absolute links. Don't know if you need that, but keep it in mind, if you use security constraints. The same problem occurs when using Apache in front of Tomcat. Tested both. IE will behave the same, so run Apache or Tomcat on 80/443 and don't forget to the the redirect ports in either the http1/1 connector and/or the Ajp-Connector. Mech P.S. Don't use Tomat 4.1.12 with SSL, upgrade to 4.1.14. Minor? ssl warning bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 20. November 2002 12:04 To: Tomcat Users List Subject: HTTP and SSL Connector port problems Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. I changed the HTTP Connector port from 8080 to 80 Then I uncommented the SSL Connector section and changed the SSL port from 8443 to 443 These are supposed to be well-known ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className= org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: HTTP and SSL Connector port problems
it may be some very simple syntax error like leaving out the / before you close the tag, it just happened to me before -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Wed 11/20/2002 2:12 PM To: Tomcat Users List Cc: Subject: Re: HTTP and SSL Connector port problems Did I miss something that I should I have changed in some other files or place? All I did was to change the ports number in server.xml On 20 Nov 2002 at 7:33, Pae Choi wrote: Strange! I've been testing HTTP with port 80, 8080, and even other ports for tunneling and HTTPS with port 443, 8443, and ohters for tunneling. They all work fine with IE v6.0 since TC v4.1.12 came out. Pae - Original Message - From: mech [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 20, 2002 3:33 AM Subject: RE: HTTP and SSL Connector port problems Another good reason to change to 80/443 is the following issue: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73342.html http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 If you use a security-constraint confidential to force ssl you might have a problem with IE when using 8080/8443. Actually confidential should force the browser to reload a resource if you accessed it with http instead https. For Mozilla/Opera this works fine for me, with Internet Explorer the reload stalls and the browser stops loading. According to other posting you can fix it when using 80/443. I guess this is due to a url rewriting problem with IE. Maybe IE just changes the protocol from http to https instead of taking the port numbers into account aswell which can't work with non-standard ports...? The problem with IE only occurs when using non-standard ports such as 8080/8443 for http/https. If you use 80/443 you can avoid this IE bug in connection with the confidential settings. Then you don't need to hardcode absolute links. Don't know if you need that, but keep it in mind, if you use security constraints. The same problem occurs when using Apache in front of Tomcat. Tested both. IE will behave the same, so run Apache or Tomcat on 80/443 and don't forget to the the redirect ports in either the http1/1 connector and/or the Ajp-Connector. Mech P.S. Don't use Tomat 4.1.12 with SSL, upgrade to 4.1.14. Minor? ssl warning bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 20. November 2002 12:04 To: Tomcat Users List Subject: HTTP and SSL Connector port problems Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. I changed the HTTP Connector port from 8080 to 80 Then I uncommented the SSL Connector section and changed the SSL port from 8443 to 443 These are supposed to be well-known ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className= org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS/ /Connector
RE: HTTP and SSL Connector port problems
I am using Windows2000 and I think it is the IIS server that is already using port 80. this prevents tomcat from using port 80. Does anyone know how to disable IIS server on Windows2000? In addition, I think some other services are using port 443 on Windows2000. Does anyone know anything about them? On 20 Nov 2002 at 14:18, brana02 wrote: it may be some very simple syntax error like leaving out the / before you close the tag, it just happened to me before -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Wed 11/20/2002 2:12 PM To: Tomcat Users List Cc: Subject: Re: HTTP and SSL Connector port problems Did I miss something that I should I have changed in some other files or place? All I did was to change the ports number in server.xml On 20 Nov 2002 at 7:33, Pae Choi wrote: Strange! I've been testing HTTP with port 80, 8080, and even other ports for tunneling and HTTPS with port 443, 8443, and ohters for tunneling. They all work fine with IE v6.0 since TC v4.1.12 came out. Pae - Original Message - From: mech [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 20, 2002 3:33 AM Subject: RE: HTTP and SSL Connector port problems Another good reason to change to 80/443 is the following issue: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73342.html http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 If you use a security-constraint confidential to force ssl you might have a problem with IE when using 8080/8443. Actually confidential should force the browser to reload a resource if you accessed it with http instead https. For Mozilla/Opera this works fine for me, with Internet Explorer the reload stalls and the browser stops loading. According to other posting you can fix it when using 80/443. I guess this is due to a url rewriting problem with IE. Maybe IE just changes the protocol from http to https instead of taking the port numbers into account aswell which can't work with non-standard ports...? The problem with IE only occurs when using non-standard ports such as 8080/8443 for http/https. If you use 80/443 you can avoid this IE bug in connection with the confidential settings. Then you don't need to hardcode absolute links. Don't know if you need that, but keep it in mind, if you use security constraints. The same problem occurs when using Apache in front of Tomcat. Tested both. IE will behave the same, so run Apache or Tomcat on 80/443 and don't forget to the the redirect ports in either the http1/1 connector and/or the Ajp-Connector. Mech P.S. Don't use Tomat 4.1.12 with SSL, upgrade to 4.1.14. Minor? ssl warning bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 20. November 2002 12:04 To: Tomcat Users List Subject: HTTP and SSL Connector port problems Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. I changed the HTTP Connector port from 8080 to 80 Then I uncommented the SSL Connector section and changed the SSL port from 8443 to 443 These are supposed to be well-known ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className= org.apache.coyote.tomcat4
RE: HTTP and SSL Connector port problems
Disable the web server service. Would likely be called IIS Web Server or something similar. -B [EMAIL PROTECTED] 11/20/02 12:17PM I am using Windows2000 and I think it is the IIS server that is already using port 80. this prevents tomcat from using port 80. Does anyone know how to disable IIS server on Windows2000? In addition, I think some other services are using port 443 on Windows2000. Does anyone know anything about them? On 20 Nov 2002 at 14:18, brana02 wrote: it may be some very simple syntax error like leaving out the / before you close the tag, it just happened to me before -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Wed 11/20/2002 2:12 PM To: Tomcat Users List Cc: Subject: Re: HTTP and SSL Connector port problems Did I miss something that I should I have changed in some other files or place? All I did was to change the ports number in server.xml On 20 Nov 2002 at 7:33, Pae Choi wrote: Strange! I've been testing HTTP with port 80, 8080, and even other ports for tunneling and HTTPS with port 443, 8443, and ohters for tunneling. They all work fine with IE v6.0 since TC v4.1.12 came out. Pae - Original Message - From: mech [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 20, 2002 3:33 AM Subject: RE: HTTP and SSL Connector port problems Another good reason to change to 80/443 is the following issue: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73342.html http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 If you use a security-constraint confidential to force ssl you might have a problem with IE when using 8080/8443. Actually confidential should force the browser to reload a resource if you accessed it with http instead https. For Mozilla/Opera this works fine for me, with Internet Explorer the reload stalls and the browser stops loading. According to other posting you can fix it when using 80/443. I guess this is due to a url rewriting problem with IE. Maybe IE just changes the protocol from http to https instead of taking the port numbers into account aswell which can't work with non-standard ports...? The problem with IE only occurs when using non-standard ports such as 8080/8443 for http/https. If you use 80/443 you can avoid this IE bug in connection with the confidential settings. Then you don't need to hardcode absolute links. Don't know if you need that, but keep it in mind, if you use security constraints. The same problem occurs when using Apache in front of Tomcat. Tested both. IE will behave the same, so run Apache or Tomcat on 80/443 and don't forget to the the redirect ports in either the http1/1 connector and/or the Ajp-Connector. Mech P.S. Don't use Tomat 4.1.12 with SSL, upgrade to 4.1.14. Minor? ssl warning bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 20. November 2002 12:04 To: Tomcat Users List Subject: HTTP and SSL Connector port problems Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. I changed the HTTP Connector port from 8080 to 80 Then I uncommented the SSL Connector section and changed the SSL port from 8443 to 443 These are supposed to be well-known ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme
SSL Connector port problems
I changed the HTTP Connector port from 8080 to 80 Then I uncommented the SSL Connector section and changed the SSL port from 8443 to 433 These are supposed to be well-known ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className= org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: SSL Connector port problems
Those ports you mentioned are privileged ports, I think you can only use them if you have ROOT rights (UNIX) or admin rights (Windoze NT/2000), if you don't have root rights I don´t think Tomcat can bind to a privileged port. Do you start Tomcat as ROOT? Mvh KR -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: SSL Connector port problems
On 19 Nov 2002, at 11:16, Kristján Rúnarsson wrote: Yes, I did start Tomcat as the administrator, so I have all the rights. Those ports you mentioned are privileged ports, I think you can only use them if you have ROOT rights (UNIX) or admin rights (Windoze NT/2000), if you don't have root rights I don´t think Tomcat can bind to a privileged port. Do you start Tomcat as ROOT? Mvh KR -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
SSL connector constructs incorrect path to SSLServerSocketFactory?
Hello, I am having a problem getting SSL to work with Tomcat 4.0. I have set up the JSSE_HOME variable so that it points to my C:\jsse1.0.2 directory, which contains C:\jsse1.0.2\lib\jnet.jar. I receive the following exception --- Using CATALINA_BASE: C:\jakarta-tomcat-4.0 Using CATALINA_HOME: C:\jakarta-tomcat-4.0 Using CLASSPATH: C:\jakarta-tomcat-4.0\bin\bootstrap.jar;C:\jdk1.3.1\lib\tools.jar;C:\jsse1.0 .2\lib\jcert.jar;C:\jsse1.0.2\lib\jnet.jar;C:\jsse1.0.2\jsse.jar Using JAVA_HOME: C:\jdk1.3.1 Press any key to continue . . . Exception during startup processing java.lang.reflect.InvocationTargetException: java.lang.NoClassDefFoundError: javax/net/ssl/SSLServerSocketFactory at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:120) at org.apache.catalina.util.xml.ObjectCreate.start(Unknown Source) at org.apache.catalina.util.xml.XmlMapper.matchStart(Unknown Source) at org.apache.catalina.util.xml.XmlMapper.startElement(Unknown Source) at org.xml.sax.helpers.XMLReaderAdapter.startElement(XMLReaderAdapter.ja --- I can see the proper jarfile, jnet.jar in the CLASSPATH. When I examine the jnet.jar file I see - C:\jsse1.0.2\libjar -tf jnet.jar META-INF/ META-INF/MANIFEST.MF javax/net/DefaultServerSocketFactory.class javax/net/DefaultSocketFactory.class javax/net/ServerSocketFactory.class javax/net/SocketFactory.class So, the SSLServerSocketFactory class is not in the javax.net.ssl package. It is in the javax.net package. It appears that the connector has constructed the incorrect path to the class and is trying to load it with Class.forName. There are several similar errors posted on Google, but no workarounds. Suggestions? - HH -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Tomcat 4 SSL Connector
Hi, I think the answer is 'yes' if your factory implements org.apache.catalina.net.ServerSocketFactory Anton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Trevor Nielsen Sent: Tuesday, February 12, 2002 3:39 AM To: [EMAIL PROTECTED] Subject: Tomcat 4 SSL Connector Hi, I am currently trying to establish if I can specify my own security provider to be used by Tomcat 4.0.1 instead of the one packaged. I'm led to believe it may be possible (or may in the future be possible) by the server.xml file. When you set up an SSL Connector, you have to specify the Factory classname as pointing to the tomcat SSLServerSocketFactory ie. Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ /Connector That being the case, should I then be able to substitute SSL implementations by instead doing the following :- Factory className=com.dstc.security.ssl.SSLServerSocketFactory clientAuth=false protocol=TLS/ Thanks. -- Trevor Nielsen Software Engineer Wedgetail Communications Pty Ltd. Level 12 S Block Queensland University of Technology (Gardens Point) Brisbane QLD Australia, 4000 email: [EMAIL PROTECTED] phone: 3864 5121 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomcat 4 SSL Connector
Hi, I am currently trying to establish if I can specify my own security provider to be used by Tomcat 4.0.1 instead of the one packaged. I'm led to believe it may be possible (or may in the future be possible) by the server.xml file. When you set up an SSL Connector, you have to specify the Factory classname as pointing to the tomcat SSLServerSocketFactory ie. Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ /Connector That being the case, should I then be able to substitute SSL implementations by instead doing the following :- Factory className=com.dstc.security.ssl.SSLServerSocketFactory clientAuth=false protocol=TLS/ Thanks. -- Trevor Nielsen Software Engineer Wedgetail Communications Pty Ltd. Level 12 S Block Queensland University of Technology (Gardens Point) Brisbane QLD Australia, 4000 email: [EMAIL PROTECTED] phone: 3864 5121 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
