Tomcat + SSL problems!
Hello I need my client to communicate with a servlet using secure xmlrpc. Using Apache's SecureWebServer works (got my own TrustManager, HostnameVerifier, selfsigned certificates/keystores for server/client). Accessing Tomcat with a browser (https://localhost:8443) works too (selfsigned certificate/keystore for tomcat). But when I try to make a secure XMLRPC call to the servlet (https://localhost:8443/myservlets/myservlet), I just get a certificate unknown exception. When adding the selfsigned Tomcat certificate to $JAVA_HOME/jre/lib/security/cacerts, I get this: java.io.IOException: HTTPS hostname wrong: should be localhost. I guess Tomcat does not know of my certificate. With the SecureWebServer/SecureXmlRpcClient implemenation I use an open (trust anyone) TrustManager, HostnameVerifier. What do I need to do? Thanks! ___ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat SSL : check CRL
I've read all I can on the web and I have not found informations about how check CRL when Tomcat is configured in client authentication. All response given say that I must use an Apache Server but I want keep my tomcat standalone. Thanks for your response. Antony GUILLOTEAU
Apache + mod_jk + Tomcat ... SSL Problems
Hello, we are using the following versions: Apache 2.0.47 mod_jk (not mod_jk2) Tomcat 5.5.9 The SSL-Feature is backed by openssl 0.9.7c. We configured mod_jk to send the SSL information to the tomcat engine: JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT And we configured the SSL-Module of Apache to use the SSL-Cache and to hold the SSL Session for 30 Minutes. SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 1800 Using the trick described in the tomcat documenation, I could activate and use the Session Tracking via the SSL Session ID, which is exactly what we wanted because so we don't need cookies or URL-Rewriting. To manage the SSL Sessions I implemented my own SSLSessionManager-Class in my Webapplication and all worked fine, except one little problem: The SSL Session Key seems to get lost by Apache or mod_ssl or OpenSSL! I used a test application in my servlet engine to experiment with the session tracking via ssl session id-feature. That application showed me if the SSL Session ID was set, what value it has, what my own SessionManagement-Class knew about that session (when it was created, when it was used last time, how long until expiration, which attributes are managed for that session). The SessionManager was configured to hold every SSL Session for unlimited time, only to set an internal invalid-flag after a configured time of 30 minutes. The test application showed that in newly started application instances (apache, tomcat) the SSL Session worked properly and the SSL Session ID was created. When reloading the test application repeatedly, that SSL Session ID kept its value. Bingo! All that I needed. But then... Few minutes later the test application showed that there was *no* SSL Session ID available within the https-request any longer. When I reloaded the test application again, a new SSL Session ID was created. This happened again and again later, always far earlier than the SSLSessionCache was configured. Then I used tomcat's web-connector and tried the same - and there the SSL Session ID worked properly and wasn't lost preemptively. Does someone know something about problems with SSL Session IDs with Apache und mod_jk? Does someone have a solution how to remove that problem? Thank you in advance, Oliver Schoenwald University of Hagen, Germany - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat SSL and Virtual Domains
We are running tomcat 4 standalone. I have things running fine with one host but now we need to add two more virtual hosts. I am pretty sure the problem is with my server.xml file but I haven't been able to figure it out. I have read through the docs and looked through the postings and I'm still stuck. Can someone help me out here? Please? Here's the file: Server is running and the sterling domain is fine. Just the others that have problems. Thank you in advance D Blaine Server port=8005 shutdown=SHUTDOWN debug=0 Service name=Tomcat-Standalone Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=false redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=false acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=/home/svhrs-1/keystore.kdb clientAuth=false protocol=TLS/ /Connector !-- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=false acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=/home/kinres/ssl2/keystore1.kdb keystorePass=kinseth clientAuth=false protocol=TLS/ /Connector -- Engine name=Standalone defaultHost=sterling-vizcaya-hotel-reservations-sacramento.com debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Host appBase=/home/svhrs-1/sterling-vizcaya-hotel-reservations-sacramento-www/webapps unpackWARs=true autoDeploy=true debug=0 name=sterling-vizcaya-hotel-reservations-sacramento.com Valve className=org.apache.catalina.valves.AccessLogValve pattern=common prefix=access-log directory=/home/svhrs-1/sterling-vizcaya-hotel-reservations-sacramento-logs / Context path=/home/svhrs-1/sterling-vizcaya-hotel-reservations-sacramento-www/webapps/hotel docBase=hotel privileged=true debug=0 Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=true maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager Environment name=maxExemptions type=java.lang.Integer value=15/ /Context /Host Host appBase=/home/kinres/esavvy-reservations-www/webapps unpackWARs=true autoDeploy=true debug=0 name=esavvy-reservations.com Valve className=org.apache.catalina.valves.AccessLogValve pattern=common prefix=access-log directory=/home/kinres/esavvy-reservations-logs / Context path=/home/kinres/esavvy-reservations-www/webapps/esavvyres docBase=esavvyres privileged=true debug=0 Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=true maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager Environment name=maxExemptions type=java.lang.Integer value=15/ /Context /Host Host appBase=/home/esavvy/esavvysystems-www/webapps unpackWARs=true autoDeploy=true debug=0 name=esavvysystems.com Valve className=org.apache.catalina.valves.AccessLogValve pattern=common prefix=access-log directory=/home/esavvy/esavvysystems-logs / Context path=/home/esavvy/esavvysystems-www/webapps/esavvyres docBase=esavvyres privileged=true debug=0 Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=true maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager Environment name=maxExemptions type=java.lang.Integer value=15/ /Context /Host -- /Engine /Service /Server
Re: Tomcat SSL and Virtual Domains
I had a similar issue. I too had a doubt in servr.xml. Search the archives for the topic Virtual Hosting with WAR files. I've posted in detail what the configurations that helped me with virtual hosting. Hope it helps you too Regards Thanks Mahesh S Kudva -Original Message- From: Dawn Blaine [EMAIL PROTECTED] To: Dawn Blaine [EMAIL PROTECTED] Cc: tomcat-user@jakarta.apache.org Date: Sat, 03 Sep 2005 11:45:12 -0500 Subject: Tomcat SSL and Virtual Domains We are running tomcat 4 standalone. I have things running fine with one host but now we need to add two more virtual hosts. I am pretty sure the problem is with my server.xml file but I haven't been able to figure it out. I have read through the docs and looked through the postings and I'm still stuck. Can someone help me out here? Please? Here's the file: Server is running and the sterling domain is fine. Just the others that have problems. Thank you in advance D Blaine Server port=8005 shutdown=SHUTDOWN debug=0 Service name=Tomcat-Standalone Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=false redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=false acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=/home/svhrs-1/keystore.kdb clientAuth=false protocol=TLS/ /Connector !-- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=false acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=/home/kinres/ssl2/keystore1.kdb keystorePass=kinseth clientAuth=false protocol=TLS/ /Connector -- Engine name=Standalone defaultHost=sterling-vizcaya-hotel-reservations-sacramento.com debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Host appBase=/home/svhrs-1/sterling-vizcaya-hotel-reservations-sacramento-w ww/webapps unpackWARs=true autoDeploy=true debug=0 name=sterling-vizcaya-hotel-reservations-sacramento.com Valve className=org.apache.catalina.valves.AccessLogValve pattern=common prefix=access-log directory=/home/svhrs-1/sterling-vizcaya-hotel-reservations-sacramento -logs / Context path=/home/svhrs-1/sterling-vizcaya-hotel-reservations-sacramento-www/ webapps/hotel docBase=hotel privileged=true debug=0 Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=true maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager Environment name=maxExemptions type=java.lang.Integer value=15/ /Context /Host Host appBase=/home/kinres/esavvy-reservations-www/webapps unpackWARs=true autoDeploy=true debug=0 name=esavvy-reservations.com Valve className=org.apache.catalina.valves.AccessLogValve pattern=common prefix=access-log directory=/home/kinres/esavvy-reservations-logs / Context path=/home/kinres/esavvy-reservations-www/webapps/esavvyres docBase=esavvyres privileged=true debug=0 Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=true maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager Environment name=maxExemptions type=java.lang.Integer value=15/ /Context /Host Host appBase=/home/esavvy/esavvysystems-www/webapps unpackWARs=true autoDeploy=true debug=0 name=esavvysystems.com Valve className=org.apache.catalina.valves.AccessLogValve pattern=common prefix=access-log
tomcat SSL problem
Hi all, I am trying to open a SSL connection from a tomcat server (called it TC1) that locate within a DMZ to the other tomcat server (called it TC2) which is located in external network. I got the following in the TC1 system.out, WARNING: Servlet.service() for servlet HelloWorld threw exception java.net.SocketException: Default SSL context init failed: null at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Sou rce) at HelloWorld.doGet(HelloWorld.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:214) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :825) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce ssConnection(Http11Protocol.java:738) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo int.java:526) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol lowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:684) at java.lang.Thread.run(Unknown Source) Here is the servlet i place in TC1 which open a SSL connection to TC2. import java.io.*; import javax.servlet.*; import javax.servlet.http.*; import java.net.URL; import java.net.URLConnection; public class HelloWorld extends HttpServlet { public void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); out.println(Hello World); URL url = new URL(https://154.123.23.10:8443;); URLConnection con = url.openConnection(); con.connect(); } } I have used java keytool to generate a self-signed cert and also a keystore in TC2. Below is the Connector element of the server.xml of TC2 Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\program files\Tomcat 5.5.7\keystore\.keystore/ I also imported the self-signed cert into the truststore of machine which host the TC1. The place i store the self-signed cert of TC2 is jre_home\lib\security\cacerts I think i have setup the SSL correctly. Does anyone know how to resolve the exception java.net.SocketException: Default SSL context init failed: null I mentioned above? Thanks for your help wx
Re: Tomcat SSL Cipher Configuration
Jojo Paderes wrote: Hi, I'm looking for some decent documentation and technical reference on how to configure Tomcat's SSL cipher. Say for example I want Tomcat to support a specific SSL cipher suite like Triple DES. Hope someone has done something like this already. I'm using Tomcat 5.5 btw. Thanks, Jojo I may be mistaken here, but I don't think Tomcat does provide config options for the actual ciphers used - at least not in server.xml. It relies on the ciphers provided by the JDK. I think those can be configured in the policy file. This might be useful for you: http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html Edmund - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL Cipher Configuration
Jojo Paderes wrote: I'm looking for some decent documentation and technical reference on how to configure Tomcat's SSL cipher. Say for example I want Tomcat to support a specific SSL cipher suite like Triple DES. Hope someone has done something like this already. I'm using Tomcat 5.5 btw. See http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html You want the ciphers attribute. The ciphers need to be named as per the cipher suites in JSSE. See http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html Search the page for Supported Cipher Suites. Also, I am pretty sure they need to be comma separated. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat SSL Cipher Configuration
Hi, I'm looking for some decent documentation and technical reference on how to configure Tomcat's SSL cipher. Say for example I want Tomcat to support a specific SSL cipher suite like Triple DES. Hope someone has done something like this already. I'm using Tomcat 5.5 btw. Thanks, Jojo -- http://jojopaderes.multiply.com http://agilemanifesto.org In preparing for battle I have always found that plans are useless, but planning is indispensable. - Eisenhower - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Embedded Tomcat SSL
Hi Freddie, Unfortunately I havent found a solution. If anyone has done Java Embedded Tomcat using SSL, could they post a simple test program. -Original Message- From: Freddie Willis [mailto:[EMAIL PROTECTED] Sent: 21 June 2005 10:23 To: tomcat-user@jakarta.apache.org Subject: RE: Embedded Tomcat SSL Hi Diarmuid, I was investigating running Embedded Tomcat, I also ran into problems running SSL, getting a SSLHandshakeException. Did you find a s solution Thanx, Freddie -Original Message- From: Diarmuid McDonald [mailto:[EMAIL PROTECTED] Sent: 09 June 2005 14:40 To: Tomcat Users List Subject: RE: Embedded Tomcat SSL Hi Mark, thanks for your replies. Is there any chance you could mail your complete code, for getting embedded Tomcat and SSL working. I Implemented creating a Connector this way however, I was unsuccessful and got the following Error. I have no idea what property it is looking for. 11:33:36:769: [org.apache.catalina.connector.Connector][main] ERROR - Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:375) at org.apache.catalina.connector.Connector.getProperty(Connector.java:289) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:881) at org.apache.catalina.connector.Connector.initialize(Connector.java:909) at org.apache.catalina.startup.Embedded.start(Embedded.java:794) at de.start.sip.common.TestEmbededTomcat.main(TestEmbededTomcat.java:130) 72389 [main] ERROR org.apache.catalina.connector.Connector - Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:375) at org.apache.catalina.connector.Connector.getProperty(Connector.java:289) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:881) at org.apache.catalina.connector.Connector.initialize(Connector.java:909) at org.apache.catalina.startup.Embedded.start(Embedded.java:794) at de.start.sip.common.TestEmbededTomcat.main(TestEmbededTomcat.java:130) 11:33:36:769: [org.apache.catalina.connector.Connector][main] DEBUG - Creating name for connector nu ll 72389 [main] DEBUG org.apache.catalina.connector.Connector - Creating name for connector null java.lang.NullPointerException at org.apache.catalina.connector.Connector.initialize(Connector.java:922) at org.apache.catalina.startup.Embedded.start(Embedded.java:794) at de.start.sip.common.TestEmbededTomcat.main(TestEmbededTomcat.java:130) -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: 08 June 2005 19:09 To: Tomcat Users List Subject: Re: Embedded Tomcat SSL I followed very closely the Embedded.java found in the tomcat source code... Here is the createConnector method --START-- public Connector createConnector( String protocol) { Connector connector = null; try { connector = new Connector(org.apache.jk.server.JkCoyoteHandler); IntrospectionUtils.setProperty(connector, useURIValidationHack, + false); IntrospectionUtils.setProperty(connector, protocolHandlerClassName, org.apache.jk.server.JkCoyoteHandler); } catch (Exception e) { e.printStackTrace(); log.debug(Couldn't create connector.); } return (connector); } --END-- On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi Mark, Im not sure I understand what you mean by mutual authenticated SSL. I set to not be SSL enabled and it made no difference when tring to connect to https://localhost:9012/axis/ . i.e. Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, false); Could you elaborate as to how you got SSL working, or do you have sample code I could use -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: 08 June 2005 16:12 To: Tomcat Users List Subject: Re: Embedded Tomcat SSL I do not think that you need an SSL connector. I have an embedded tomcat working using mutual authenticated SSL and the connector is not SSL enabled. On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi, Can anyone help me with regard to running Embedded Tomcat 5.5.9 with SSL. I found a mail archive before that has the same problem, however there is no resolution. http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg153661.html I have included my code and errors that I am receiving. Any help would be greatly appreciated Here is the code I am Using import java.io.File
RE: Embedded Tomcat SSL
From: Diarmuid McDonald [mailto:[EMAIL PROTECTED] Subject: RE: Embedded Tomcat SSL Unfortunately I havent found a solution. If anyone has done Java Embedded Tomcat using SSL, could they post a simple test program. Can't really comment about how it's done, but it is possible, since JBoss supports SSL with its embedded Tomcat. Perhaps you could browse through the JBoss doc and code. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Embedded Tomcat SSL
Hi Diarmuid, I was investigating running Embedded Tomcat, I also ran into problems running SSL, getting a SSLHandshakeException. Did you find a s solution Thanx, Freddie -Original Message- From: Diarmuid McDonald [mailto:[EMAIL PROTECTED] Sent: 09 June 2005 14:40 To: Tomcat Users List Subject: RE: Embedded Tomcat SSL Hi Mark, thanks for your replies. Is there any chance you could mail your complete code, for getting embedded Tomcat and SSL working. I Implemented creating a Connector this way however, I was unsuccessful and got the following Error. I have no idea what property it is looking for. 11:33:36:769: [org.apache.catalina.connector.Connector][main] ERROR - Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:375) at org.apache.catalina.connector.Connector.getProperty(Connector.java:289) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:881) at org.apache.catalina.connector.Connector.initialize(Connector.java:909) at org.apache.catalina.startup.Embedded.start(Embedded.java:794) at de.start.sip.common.TestEmbededTomcat.main(TestEmbededTomcat.java:130) 72389 [main] ERROR org.apache.catalina.connector.Connector - Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:375) at org.apache.catalina.connector.Connector.getProperty(Connector.java:289) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:881) at org.apache.catalina.connector.Connector.initialize(Connector.java:909) at org.apache.catalina.startup.Embedded.start(Embedded.java:794) at de.start.sip.common.TestEmbededTomcat.main(TestEmbededTomcat.java:130) 11:33:36:769: [org.apache.catalina.connector.Connector][main] DEBUG - Creating name for connector nu ll 72389 [main] DEBUG org.apache.catalina.connector.Connector - Creating name for connector null java.lang.NullPointerException at org.apache.catalina.connector.Connector.initialize(Connector.java:922) at org.apache.catalina.startup.Embedded.start(Embedded.java:794) at de.start.sip.common.TestEmbededTomcat.main(TestEmbededTomcat.java:130) -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: 08 June 2005 19:09 To: Tomcat Users List Subject: Re: Embedded Tomcat SSL I followed very closely the Embedded.java found in the tomcat source code... Here is the createConnector method --START-- public Connector createConnector( String protocol) { Connector connector = null; try { connector = new Connector(org.apache.jk.server.JkCoyoteHandler); IntrospectionUtils.setProperty(connector, useURIValidationHack, + false); IntrospectionUtils.setProperty(connector, protocolHandlerClassName, org.apache.jk.server.JkCoyoteHandler); } catch (Exception e) { e.printStackTrace(); log.debug(Couldn't create connector.); } return (connector); } --END-- On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi Mark, Im not sure I understand what you mean by mutual authenticated SSL. I set to not be SSL enabled and it made no difference when tring to connect to https://localhost:9012/axis/ . i.e. Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, false); Could you elaborate as to how you got SSL working, or do you have sample code I could use -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: 08 June 2005 16:12 To: Tomcat Users List Subject: Re: Embedded Tomcat SSL I do not think that you need an SSL connector. I have an embedded tomcat working using mutual authenticated SSL and the connector is not SSL enabled. On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi, Can anyone help me with regard to running Embedded Tomcat 5.5.9 with SSL. I found a mail archive before that has the same problem, however there is no resolution. http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg153661.html I have included my code and errors that I am receiving. Any help would be greatly appreciated Here is the code I am Using import java.io.File; .. .. import org.apache.tomcat.util.IntrospectionUtils; public class TestEmbededTomcat { public static void main( String args[] ) { Embedded embedded = new Embedded(); // set default logger and realm org.apache.log4j.BasicConfigurator.configure(); MemoryRealm memRealm = new MemoryRealm
RE: Embedded Tomcat SSL
Hi Mark, thanks for your replies. Is there any chance you could mail your complete code, for getting embedded Tomcat and SSL working. I Implemented creating a Connector this way however, I was unsuccessful and got the following Error. I have no idea what property it is looking for. 11:33:36:769: [org.apache.catalina.connector.Connector][main] ERROR - Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:375) at org.apache.catalina.connector.Connector.getProperty(Connector.java:289) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:881) at org.apache.catalina.connector.Connector.initialize(Connector.java:909) at org.apache.catalina.startup.Embedded.start(Embedded.java:794) at de.start.sip.common.TestEmbededTomcat.main(TestEmbededTomcat.java:130) 72389 [main] ERROR org.apache.catalina.connector.Connector - Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:375) at org.apache.catalina.connector.Connector.getProperty(Connector.java:289) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:881) at org.apache.catalina.connector.Connector.initialize(Connector.java:909) at org.apache.catalina.startup.Embedded.start(Embedded.java:794) at de.start.sip.common.TestEmbededTomcat.main(TestEmbededTomcat.java:130) 11:33:36:769: [org.apache.catalina.connector.Connector][main] DEBUG - Creating name for connector nu ll 72389 [main] DEBUG org.apache.catalina.connector.Connector - Creating name for connector null java.lang.NullPointerException at org.apache.catalina.connector.Connector.initialize(Connector.java:922) at org.apache.catalina.startup.Embedded.start(Embedded.java:794) at de.start.sip.common.TestEmbededTomcat.main(TestEmbededTomcat.java:130) -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: 08 June 2005 19:09 To: Tomcat Users List Subject: Re: Embedded Tomcat SSL I followed very closely the Embedded.java found in the tomcat source code... Here is the createConnector method --START-- public Connector createConnector( String protocol) { Connector connector = null; try { connector = new Connector(org.apache.jk.server.JkCoyoteHandler); IntrospectionUtils.setProperty(connector, useURIValidationHack, + false); IntrospectionUtils.setProperty(connector, protocolHandlerClassName, org.apache.jk.server.JkCoyoteHandler); } catch (Exception e) { e.printStackTrace(); log.debug(Couldn't create connector.); } return (connector); } --END-- On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi Mark, Im not sure I understand what you mean by mutual authenticated SSL. I set to not be SSL enabled and it made no difference when tring to connect to https://localhost:9012/axis/ . i.e. Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, false); Could you elaborate as to how you got SSL working, or do you have sample code I could use -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: 08 June 2005 16:12 To: Tomcat Users List Subject: Re: Embedded Tomcat SSL I do not think that you need an SSL connector. I have an embedded tomcat working using mutual authenticated SSL and the connector is not SSL enabled. On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi, Can anyone help me with regard to running Embedded Tomcat 5.5.9 with SSL. I found a mail archive before that has the same problem, however there is no resolution. http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg153661.html I have included my code and errors that I am receiving. Any help would be greatly appreciated Here is the code I am Using import java.io.File; .. .. import org.apache.tomcat.util.IntrospectionUtils; public class TestEmbededTomcat { public static void main( String args[] ) { Embedded embedded = new Embedded(); // set default logger and realm org.apache.log4j.BasicConfigurator.configure(); MemoryRealm memRealm = new MemoryRealm(); embedded.setRealm(memRealm); //Create an Engine Engine baseEngine = embedded.createEngine(); baseEngine.setName(TestEngine); baseEngine.setDefaultHost(vsjHost); //Create Host Host baseHost = embedded.createHost( vsjHost, e:/ent/sip2.0/rte/jakarta-tomcat-5.5.9
Re: Tomcat, SSL, IE, and .pdf downloads
Mark Leone midnightjava at cox.net writes: BTW, switching gears, I should have mentioned the following in my previous email. I suspect that the IE workaround you described will only work for SSL connections. Tomcat (and presumably any other good HTTP server) will set the cache control headers to prevent caching of any response generated from a protected context (i.e. one in which there is a security-constraint element), whether the connection is made with HTTPS (i.e., SSL) or HTTP. The IE option you described seems to apply only to encrypted data, so it probably won't help IE users who are trying to download files from a protected context via HTTP. Correction to my previous post: The work-around apparently is not needed for non-SSL connections. I did a little experiment and found that IE doesn't have a problem with non-SSL responses that include headers with the no-cache cache directive. This alleviates the security concern I raised, since Tomcat can be configured to prohibit caching from protected contexts for non-SSL connections, and this behavior only needs to be overriden for SSL connections to satisfy IE, which I guess is not as problematic from a security standpoint. It's still a compatibility issue, IMO, since implementers will regularly encounter the problem with SSL connections and wonder what is going on. Also, Mary Beth, I was unable to duplicate your results with unchecking the don't allow encrypted data to be cached to disk option. I commented out the valve in server.xml so that IE was not working properly for SSL file downloads. Then I unchecked the aforementioned option in IE, and it did not fix the problem. I'm wondering if you're dealing with a different issue. I'd like to know if you apply the valve fix in server.xml, and if it solves your problem. Did you do anything else to make IE work without the valve in server.xml? -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded Tomcat SSL
Hi, Can anyone help me with regard to running Embedded Tomcat 5.5.9 with SSL. I found a mail archive before that has the same problem, however there is no resolution. http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg153661.html I have included my code and errors that I am receiving. Any help would be greatly appreciated Here is the code I am Using import java.io.File; .. .. import org.apache.tomcat.util.IntrospectionUtils; public class TestEmbededTomcat { public static void main( String args[] ) { Embedded embedded = new Embedded(); // set default logger and realm org.apache.log4j.BasicConfigurator.configure(); MemoryRealm memRealm = new MemoryRealm(); embedded.setRealm(memRealm); //Create an Engine Engine baseEngine = embedded.createEngine(); baseEngine.setName(TestEngine); baseEngine.setDefaultHost(vsjHost); //Create Host Host baseHost = embedded.createHost( vsjHost, e:/ent/sip2.0/rte/jakarta-tomcat-5.5.9-embed/webapps ); baseEngine.addChild( baseHost ); //Create default context Context rootContext = embedded.createContext(,ROOT); baseHost.addChild( rootContext ); // Create context for web app for axis Context axisContext = embedded.createContext(/axis, axis); axisContext.setPrivileged( true ); baseHost.addChild( axisContext ); embedded.addEngine( baseEngine ); //Create a ssh Connector Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, true); IntrospectionUtils.setProperty(sshConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(sshConnector, keypass, changeit); IntrospectionUtils.setProperty(sshConnector, keystore, C:/Documents and Settings/mcdonald/.keystore); IntrospectionUtils.setProperty(sshConnector, clientAuth, false); embedded.addConnector( sshConnector ); sshConnector.setProtocol( TLS ); //start operation embedded.start(); } } Here is the error message I get :- 12:16:41:375: [org.apache.tomcat.util.net.PoolTcpEndpoint][http-9012-Processor3] DEBUG - Handshake ailed javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.j va:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:536) 287423 [http-9012-Processor3] DEBUG org.apache.tomcat.util.net.PoolTcpEndpoint - Handshake failed javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.j va:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:536) Here is the message I get from Firefox :- Could not establish an encrypted connection, because the certificate presented by localhost is invalid or corrupted. Error Code : -8182 This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the individual named/ for the use of the individual or entity to whom they are addressed.If you are not the intended addressee, you should not disseminate, distribute or copy this e-mail.Please notify the sender
RE: Tomcat, SSL, IE, and .pdf downloads
I think that I'll be leaving the moral decisions to my network admins. They can decide what they feel is the right answer with regard to network security. But it's good to know that there is a way to fix the problem. Thanks again to everyone for all the input! -Mary Beth -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 07, 2005 9:24 PM To: Tomcat Users List Subject: Re: Tomcat, SSL, IE, and .pdf downloads Mary-Beth, be advised that applying the fix in Tomcat is arguably the moral equivalent of what you said you didn't want to do (i.e., uncheck don't allow encrypted data to be cached to disk in IE). By inserting the valve that ensures that the cache-control headers are not set, you're not only permitting IE to cache the response, but you're also permitting any HTTP intermediaries to do so. I wouldn't be concerned about the former (since the user can control the browser cache), but the latter can be an issue if you have HTTP intermediaries in the path and you don't want any copies of the response hanging around. It would actually be more secure to just uncheck the setting in IE (since you indicated that works), and retain the no-cache behavior for the HTTP intermediaries; but that's probably unworkable from an interop standpoint. All IE users would have to configure their browser properly, or they will be told that your site is unavailable. The unfortunate reality is that because one particular user agent (IE) is applying more restrictive caching behavior than is warranted by the spec, the server has to relax the caching behavior where it really needs to be restricted in many cases, if IE compatibility with default settings is to be maintained. There's an important lesson here, but I don't think the party that needs to learn it is listening. -Mark Mark Thomas wrote: This seems to be a popular subject today. Try looking at http://marc.theaimsgroup.com/?l=tomcat-userm=111811136603781w=2 Mark Panichi, Mary-Beth wrote: Greetings ~ We're having issues downloading .pdf files in SSL. I've been all over the web trying to find solutions. The issue appears to be interaction between Tomcat and InternetExplorer. IE appears to be corrupting the pdf files. There's an IE patch out there, but we've patched past that. The fix that they list, to uncheck the don't allow encrypted data to be cached to disk, works, but it's a setting that for security reasons we don't want to leave unchecked. I've tried all manner of setting headers for cache-control, etc.. We're dynamically generating the .pdf files, and streaming them to the jsp page. I've tried also saving the pdf's physically to the server and then getting them, but that didn't work either. Has anyone run into this issue? Does anyone have a solution? I've seen lots of suggestions out there, but nothing that actually works. Thanks! Mary Beth Panichi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
I do not think that you need an SSL connector. I have an embedded tomcat working using mutual authenticated SSL and the connector is not SSL enabled. On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi, Can anyone help me with regard to running Embedded Tomcat 5.5.9 with SSL. I found a mail archive before that has the same problem, however there is no resolution. http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg153661.html I have included my code and errors that I am receiving. Any help would be greatly appreciated Here is the code I am Using import java.io.File; .. .. import org.apache.tomcat.util.IntrospectionUtils; public class TestEmbededTomcat { public static void main( String args[] ) { Embedded embedded = new Embedded(); // set default logger and realm org.apache.log4j.BasicConfigurator.configure(); MemoryRealm memRealm = new MemoryRealm(); embedded.setRealm(memRealm); //Create an Engine Engine baseEngine = embedded.createEngine(); baseEngine.setName(TestEngine); baseEngine.setDefaultHost(vsjHost); //Create Host Host baseHost = embedded.createHost( vsjHost, e:/ent/sip2.0/rte/jakarta-tomcat-5.5.9-embed/webapps ); baseEngine.addChild( baseHost ); //Create default context Context rootContext = embedded.createContext(,ROOT); baseHost.addChild( rootContext ); // Create context for web app for axis Context axisContext = embedded.createContext(/axis, axis); axisContext.setPrivileged( true ); baseHost.addChild( axisContext ); embedded.addEngine( baseEngine ); //Create a ssh Connector Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, true); IntrospectionUtils.setProperty(sshConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(sshConnector, keypass, changeit); IntrospectionUtils.setProperty(sshConnector, keystore, C:/Documents and Settings/mcdonald/.keystore); IntrospectionUtils.setProperty(sshConnector, clientAuth, false); embedded.addConnector( sshConnector ); sshConnector.setProtocol( TLS ); //start operation embedded.start(); } } Here is the error message I get :- 12:16:41:375: [org.apache.tomcat.util.net.PoolTcpEndpoint][http-9012-Processor3] DEBUG - Handshake ailed javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.j va:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:536) 287423 [http-9012-Processor3] DEBUG org.apache.tomcat.util.net.PoolTcpEndpoint - Handshake failed javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.j va:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:536) Here is the message I get from Firefox :- Could not establish an encrypted connection, because the certificate presented by localhost is invalid or corrupted. Error Code : -8182 This e-mail and any files transmitted with it are confidential and may be privileged and are intended
Re: Embedded Tomcat SSL
Hi Mark, On a similar note, would you be able to point me on how to get CRL validator invoked by tomcat 5.x for ssl/mutual. thnks On 6/8/05, Mark [EMAIL PROTECTED] wrote: I do not think that you need an SSL connector. I have an embedded tomcat working using mutual authenticated SSL and the connector is not SSL enabled. On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi, Can anyone help me with regard to running Embedded Tomcat 5.5.9 with SSL. I found a mail archive before that has the same problem, however there is no resolution. http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg153661.html I have included my code and errors that I am receiving. Any help would be greatly appreciated Here is the code I am Using import java.io.File; .. .. import org.apache.tomcat.util.IntrospectionUtils; public class TestEmbededTomcat { public static void main( String args[] ) { Embedded embedded = new Embedded(); // set default logger and realm org.apache.log4j.BasicConfigurator.configure(); MemoryRealm memRealm = new MemoryRealm(); embedded.setRealm(memRealm); //Create an Engine Engine baseEngine = embedded.createEngine(); baseEngine.setName(TestEngine); baseEngine.setDefaultHost(vsjHost); //Create Host Host baseHost = embedded.createHost( vsjHost, e:/ent/sip2.0/rte/jakarta-tomcat-5.5.9-embed/webapps ); baseEngine.addChild( baseHost ); //Create default context Context rootContext = embedded.createContext(,ROOT); baseHost.addChild( rootContext ); // Create context for web app for axis Context axisContext = embedded.createContext(/axis, axis); axisContext.setPrivileged( true ); baseHost.addChild( axisContext ); embedded.addEngine( baseEngine ); //Create a ssh Connector Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, true); IntrospectionUtils.setProperty(sshConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(sshConnector, keypass, changeit); IntrospectionUtils.setProperty(sshConnector, keystore, C:/Documents and Settings/mcdonald/.keystore); IntrospectionUtils.setProperty(sshConnector, clientAuth, false); embedded.addConnector( sshConnector ); sshConnector.setProtocol( TLS ); //start operation embedded.start(); } } Here is the error message I get :- 12:16:41:375: [org.apache.tomcat.util.net.PoolTcpEndpoint][http-9012-Processor3] DEBUG - Handshake ailed javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.j va:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:536) 287423 [http-9012-Processor3] DEBUG org.apache.tomcat.util.net.PoolTcpEndpoint - Handshake failed javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.j va:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:536) Here is the
RE: Embedded Tomcat SSL
Hi Mark, Im not sure I understand what you mean by mutual authenticated SSL. I set to not be SSL enabled and it made no difference when tring to connect to https://localhost:9012/axis/ . i.e. Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, false); Could you elaborate as to how you got SSL working, or do you have sample code I could use -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: 08 June 2005 16:12 To: Tomcat Users List Subject: Re: Embedded Tomcat SSL I do not think that you need an SSL connector. I have an embedded tomcat working using mutual authenticated SSL and the connector is not SSL enabled. On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi, Can anyone help me with regard to running Embedded Tomcat 5.5.9 with SSL. I found a mail archive before that has the same problem, however there is no resolution. http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg153661.html I have included my code and errors that I am receiving. Any help would be greatly appreciated Here is the code I am Using import java.io.File; .. .. import org.apache.tomcat.util.IntrospectionUtils; public class TestEmbededTomcat { public static void main( String args[] ) { Embedded embedded = new Embedded(); // set default logger and realm org.apache.log4j.BasicConfigurator.configure(); MemoryRealm memRealm = new MemoryRealm(); embedded.setRealm(memRealm); //Create an Engine Engine baseEngine = embedded.createEngine(); baseEngine.setName(TestEngine); baseEngine.setDefaultHost(vsjHost); //Create Host Host baseHost = embedded.createHost( vsjHost, e:/ent/sip2.0/rte/jakarta-tomcat-5.5.9-embed/webapps ); baseEngine.addChild( baseHost ); //Create default context Context rootContext = embedded.createContext(,ROOT); baseHost.addChild( rootContext ); // Create context for web app for axis Context axisContext = embedded.createContext(/axis, axis); axisContext.setPrivileged( true ); baseHost.addChild( axisContext ); embedded.addEngine( baseEngine ); //Create a ssh Connector Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, true); IntrospectionUtils.setProperty(sshConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(sshConnector, keypass, changeit); IntrospectionUtils.setProperty(sshConnector, keystore, C:/Documents and Settings/mcdonald/.keystore); IntrospectionUtils.setProperty(sshConnector, clientAuth, false); embedded.addConnector( sshConnector ); sshConnector.setProtocol( TLS ); //start operation embedded.start(); } } Here is the error message I get :- 12:16:41:375: [org.apache.tomcat.util.net.PoolTcpEndpoint][http-9012-Processor3] DEBUG - Handshake ailed javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.j va:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:536) 287423 [http-9012-Processor3] DEBUG org.apache.tomcat.util.net.PoolTcpEndpoint - Handshake failed javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275
RE: Tomcat, SSL, IE, and .pdf downloads
Another newbie question -- how do I tell which authenticator we're using? Does tomcat use a default one? I was looking at the API, but there isn't enough explanation there. And I didn't see anything in the Tomcat doco. Thanks, -Mary Beth -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 07, 2005 9:24 PM To: Tomcat Users List Subject: Re: Tomcat, SSL, IE, and .pdf downloads Mary-Beth, be advised that applying the fix in Tomcat is arguably the moral equivalent of what you said you didn't want to do (i.e., uncheck don't allow encrypted data to be cached to disk in IE). By inserting the valve that ensures that the cache-control headers are not set, you're not only permitting IE to cache the response, but you're also permitting any HTTP intermediaries to do so. I wouldn't be concerned about the former (since the user can control the browser cache), but the latter can be an issue if you have HTTP intermediaries in the path and you don't want any copies of the response hanging around. It would actually be more secure to just uncheck the setting in IE (since you indicated that works), and retain the no-cache behavior for the HTTP intermediaries; but that's probably unworkable from an interop standpoint. All IE users would have to configure their browser properly, or they will be told that your site is unavailable. The unfortunate reality is that because one particular user agent (IE) is applying more restrictive caching behavior than is warranted by the spec, the server has to relax the caching behavior where it really needs to be restricted in many cases, if IE compatibility with default settings is to be maintained. There's an important lesson here, but I don't think the party that needs to learn it is listening. -Mark Mark Thomas wrote: This seems to be a popular subject today. Try looking at http://marc.theaimsgroup.com/?l=tomcat-userm=111811136603781w=2 Mark Panichi, Mary-Beth wrote: Greetings ~ We're having issues downloading .pdf files in SSL. I've been all over the web trying to find solutions. The issue appears to be interaction between Tomcat and InternetExplorer. IE appears to be corrupting the pdf files. There's an IE patch out there, but we've patched past that. The fix that they list, to uncheck the don't allow encrypted data to be cached to disk, works, but it's a setting that for security reasons we don't want to leave unchecked. I've tried all manner of setting headers for cache-control, etc.. We're dynamically generating the .pdf files, and streaming them to the jsp page. I've tried also saving the pdf's physically to the server and then getting them, but that didn't work either. Has anyone run into this issue? Does anyone have a solution? I've seen lots of suggestions out there, but nothing that actually works. Thanks! Mary Beth Panichi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
I followed very closely the Embedded.java found in the tomcat source code... Here is the createConnector method --START-- public Connector createConnector( String protocol) { Connector connector = null; try { connector = new Connector(org.apache.jk.server.JkCoyoteHandler); IntrospectionUtils.setProperty(connector, useURIValidationHack, + false); IntrospectionUtils.setProperty(connector, protocolHandlerClassName, org.apache.jk.server.JkCoyoteHandler); } catch (Exception e) { e.printStackTrace(); log.debug(Couldn't create connector.); } return (connector); } --END-- On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi Mark, Im not sure I understand what you mean by mutual authenticated SSL. I set to not be SSL enabled and it made no difference when tring to connect to https://localhost:9012/axis/ . i.e. Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, false); Could you elaborate as to how you got SSL working, or do you have sample code I could use -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: 08 June 2005 16:12 To: Tomcat Users List Subject: Re: Embedded Tomcat SSL I do not think that you need an SSL connector. I have an embedded tomcat working using mutual authenticated SSL and the connector is not SSL enabled. On 6/8/05, Diarmuid McDonald [EMAIL PROTECTED] wrote: Hi, Can anyone help me with regard to running Embedded Tomcat 5.5.9 with SSL. I found a mail archive before that has the same problem, however there is no resolution. http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg153661.html I have included my code and errors that I am receiving. Any help would be greatly appreciated Here is the code I am Using import java.io.File; .. .. import org.apache.tomcat.util.IntrospectionUtils; public class TestEmbededTomcat { public static void main( String args[] ) { Embedded embedded = new Embedded(); // set default logger and realm org.apache.log4j.BasicConfigurator.configure(); MemoryRealm memRealm = new MemoryRealm(); embedded.setRealm(memRealm); //Create an Engine Engine baseEngine = embedded.createEngine(); baseEngine.setName(TestEngine); baseEngine.setDefaultHost(vsjHost); //Create Host Host baseHost = embedded.createHost( vsjHost, e:/ent/sip2.0/rte/jakarta-tomcat-5.5.9-embed/webapps ); baseEngine.addChild( baseHost ); //Create default context Context rootContext = embedded.createContext(,ROOT); baseHost.addChild( rootContext ); // Create context for web app for axis Context axisContext = embedded.createContext(/axis, axis); axisContext.setPrivileged( true ); baseHost.addChild( axisContext ); embedded.addEngine( baseEngine ); //Create a ssh Connector Connector sshConnector = embedded.createConnector( (java.net.InetAddress) null, 9012, true); IntrospectionUtils.setProperty(sshConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(sshConnector, keypass, changeit); IntrospectionUtils.setProperty(sshConnector, keystore, C:/Documents and Settings/mcdonald/.keystore); IntrospectionUtils.setProperty(sshConnector, clientAuth, false); embedded.addConnector( sshConnector ); sshConnector.setProtocol( TLS ); //start operation embedded.start(); } } Here is the error message I get :- 12:16:41:375: [org.apache.tomcat.util.net.PoolTcpEndpoint][http-9012-Processor3] DEBUG - Handshake ailed javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:119) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:520
Re: Tomcat, SSL, IE, and .pdf downloads
You may have the following element in your web app's web.xml: login-config auth-methodsome_authentication_method/auth-method realm-namesome_realm_name/realm-name /login-config (If you don't, then you're probably not serving the content from a protected context, and this issue doesn't apply to you.) Possible values for some_authentication_method are BASIC, DIGEST, and FORM. BASIC authentication means the user agent (e.g. the browser) will send a cleartext username and password, which of course can be easily intercepted and therefore compromised. DIGEST authentication means the user agent will send a one way hash value that was created with the username, password, and some random data as inputs. The server has the same hash value stored, so it can determine that the user has properly authenticated; but since it's a one-way hash, an eavesdropper cannot work backwards and figure out the password. And because of the random data, coordinated between the client and server, no one can record and replay the hash value to spoof the authentication. It's fairly secure, but not as good as SSL or TLS. FORM authentication means the user enters authenticating information via an HTML form, which is encoded according to the content type specified in the enctype attribute of the HTML FORM element. You need to set the classname attribute of the valve element in server.xml appropriately, as described in the email referenced below. The attribute value must match the authentication method chosen from the above list. The three authenticator classes are located in package org.apache.catalina.authenticator, and the classnames are BasicAuthenticator, DigestAuthenticator, and FormAuthenticator.* *So, for example, if you're using DIGEST authentication, your valve element would look like this.* * Valve className=org.apache.catalina.authenticator.DigestAuthenticator disableProxyCaching=false / BTW, switching gears, I should have mentioned the following in my previous email. I suspect that the IE workaround you described will only work for SSL connections. Tomcat (and presumably any other good HTTP server) will set the cache control headers to prevent caching of any response generated from a protected context (i.e. one in which there is a security-constraint element), whether the connection is made with HTTPS (i.e., SSL) or HTTP. The IE option you described seems to apply only to encrypted data, so it probably won't help IE users who are trying to download files from a protected context via HTTP. This is a further irony, since cached SSL data is not as problematic. It's the plaintext data you want to purge, and that's precisely the data for which you have to permit caching because of the way IE is implemented. (However, it's possible that the IE check option is poorly worded. Perhaps it actually applies to any response for which the cache control headers are set to no-cache.) -Mark Panichi, Mary-Beth wrote: Another newbie question -- how do I tell which authenticator we're using? Does tomcat use a default one? I was looking at the API, but there isn't enough explanation there. And I didn't see anything in the Tomcat doco. Thanks, -Mary Beth -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 07, 2005 9:24 PM To: Tomcat Users List Subject: Re: Tomcat, SSL, IE, and .pdf downloads Mary-Beth, be advised that applying the fix in Tomcat is arguably the moral equivalent of what you said you didn't want to do (i.e., uncheck don't allow encrypted data to be cached to disk in IE). By inserting the valve that ensures that the cache-control headers are not set, you're not only permitting IE to cache the response, but you're also permitting any HTTP intermediaries to do so. I wouldn't be concerned about the former (since the user can control the browser cache), but the latter can be an issue if you have HTTP intermediaries in the path and you don't want any copies of the response hanging around. It would actually be more secure to just uncheck the setting in IE (since you indicated that works), and retain the no-cache behavior for the HTTP intermediaries; but that's probably unworkable from an interop standpoint. All IE users would have to configure their browser properly, or they will be told that your site is unavailable. The unfortunate reality is that because one particular user agent (IE) is applying more restrictive caching behavior than is warranted by the spec, the server has to relax the caching behavior where it really needs to be restricted in many cases, if IE compatibility with default settings is to be maintained. There's an important lesson here, but I don't think the party that needs to learn it is listening. -Mark Mark Thomas wrote: This seems to be a popular subject today. Try looking at http://marc.theaimsgroup.com/?l=tomcat-userm=111811136603781w=2 Mark Panichi, Mary-Beth wrote
Tomcat, SSL, IE, and .pdf downloads
Greetings ~ We're having issues downloading .pdf files in SSL. I've been all over the web trying to find solutions. The issue appears to be interaction between Tomcat and InternetExplorer. IE appears to be corrupting the pdf files. There's an IE patch out there, but we've patched past that. The fix that they list, to uncheck the don't allow encrypted data to be cached to disk, works, but it's a setting that for security reasons we don't want to leave unchecked. I've tried all manner of setting headers for cache-control, etc.. We're dynamically generating the .pdf files, and streaming them to the jsp page. I've tried also saving the pdf's physically to the server and then getting them, but that didn't work either. Has anyone run into this issue? Does anyone have a solution? I've seen lots of suggestions out there, but nothing that actually works. Thanks! Mary Beth Panichi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat, SSL, IE, and .pdf downloads
This seems to be a popular subject today. Try looking at http://marc.theaimsgroup.com/?l=tomcat-userm=111811136603781w=2 Mark Panichi, Mary-Beth wrote: Greetings ~ We're having issues downloading .pdf files in SSL. I've been all over the web trying to find solutions. The issue appears to be interaction between Tomcat and InternetExplorer. IE appears to be corrupting the pdf files. There's an IE patch out there, but we've patched past that. The fix that they list, to uncheck the don't allow encrypted data to be cached to disk, works, but it's a setting that for security reasons we don't want to leave unchecked. I've tried all manner of setting headers for cache-control, etc.. We're dynamically generating the .pdf files, and streaming them to the jsp page. I've tried also saving the pdf's physically to the server and then getting them, but that didn't work either. Has anyone run into this issue? Does anyone have a solution? I've seen lots of suggestions out there, but nothing that actually works. Thanks! Mary Beth Panichi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat, SSL, IE, and .pdf downloads
Ironically, I ran into this last week as well. However, I was running my app on Websphere, and the cause (and solution) was subtly different... It is a Struts-based application. I had the nocache RequestProcessor setting in effect. This caused PDF generation to fail under SSL, same as the referenced issue. Removing the setting resolved the issue, but I then had to create a quick filter that would set the same cache headers the nocache setting does but allows me to define a list of paths that they should NOT be set for. So, now everything in the app gets the cache headers set EXCEPT the three paths accessed to generate PDFs, and life is good again. The point is be sure that it's no Tomcat setting the headers... and even if it is and you turn that off, be sure they aren't getting set anywhere else, like Struts, or some other app code. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, June 7, 2005 2:46 pm, Mark Thomas said: This seems to be a popular subject today. Try looking at http://marc.theaimsgroup.com/?l=tomcat-userm=111811136603781w=2 Mark Panichi, Mary-Beth wrote: Greetings ~ We're having issues downloading .pdf files in SSL. I've been all over the web trying to find solutions. The issue appears to be interaction between Tomcat and InternetExplorer. IE appears to be corrupting the pdf files. There's an IE patch out there, but we've patched past that. The fix that they list, to uncheck the don't allow encrypted data to be cached to disk, works, but it's a setting that for security reasons we don't want to leave unchecked. I've tried all manner of setting headers for cache-control, etc.. We're dynamically generating the .pdf files, and streaming them to the jsp page. I've tried also saving the pdf's physically to the server and then getting them, but that didn't work either. Has anyone run into this issue? Does anyone have a solution? I've seen lots of suggestions out there, but nothing that actually works. Thanks! Mary Beth Panichi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat, SSL, IE, and .pdf downloads
Mary-Beth, be advised that applying the fix in Tomcat is arguably the moral equivalent of what you said you didn't want to do (i.e., uncheck don't allow encrypted data to be cached to disk in IE). By inserting the valve that ensures that the cache-control headers are not set, you're not only permitting IE to cache the response, but you're also permitting any HTTP intermediaries to do so. I wouldn't be concerned about the former (since the user can control the browser cache), but the latter can be an issue if you have HTTP intermediaries in the path and you don't want any copies of the response hanging around. It would actually be more secure to just uncheck the setting in IE (since you indicated that works), and retain the no-cache behavior for the HTTP intermediaries; but that's probably unworkable from an interop standpoint. All IE users would have to configure their browser properly, or they will be told that your site is unavailable. The unfortunate reality is that because one particular user agent (IE) is applying more restrictive caching behavior than is warranted by the spec, the server has to relax the caching behavior where it really needs to be restricted in many cases, if IE compatibility with default settings is to be maintained. There's an important lesson here, but I don't think the party that needs to learn it is listening. -Mark Mark Thomas wrote: This seems to be a popular subject today. Try looking at http://marc.theaimsgroup.com/?l=tomcat-userm=111811136603781w=2 Mark Panichi, Mary-Beth wrote: Greetings ~ We're having issues downloading .pdf files in SSL. I've been all over the web trying to find solutions. The issue appears to be interaction between Tomcat and InternetExplorer. IE appears to be corrupting the pdf files. There's an IE patch out there, but we've patched past that. The fix that they list, to uncheck the don't allow encrypted data to be cached to disk, works, but it's a setting that for security reasons we don't want to leave unchecked. I've tried all manner of setting headers for cache-control, etc.. We're dynamically generating the .pdf files, and streaming them to the jsp page. I've tried also saving the pdf's physically to the server and then getting them, but that didn't work either. Has anyone run into this issue? Does anyone have a solution? I've seen lots of suggestions out there, but nothing that actually works. Thanks! Mary Beth Panichi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded Tomcat SSL
Hi all, Can anybody show me how I might get SSL working with embedded Tomcat. When creating a Connector I have set the value of the secure parameter equals to true but after this I am not sure what else I need to do. I have taken a look at the code of Embedded and I notice that there is a comment of FIX ME where the HTTPS protocol is handled. Does this mean that the implementation of SSL with embedded Tomcat is not complete? } else if (protocol.equals(https)) { connector = new Connector(); connector.setScheme(https); connector.setSecure(true); // FIXME SET SSL PROPERTIES } / Cheers, Tom _ Start dating right now with FREE Match.com membership! http://match.msn.ie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, sslProtocol, TLS); IntrospectionUtils.setProperty(connector, keypass, keystore-password); IntrospectionUtils.setProperty(connector, keystore, path-to-keystore); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a Cannot find server error in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. // Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); embedded.addConnector( httpConnector ); embedded.start(); // Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Embedded Tomcat SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, sslProtocol, TLS); IntrospectionUtils.setProperty(connector, keypass, keystore-password); IntrospectionUtils.setProperty(connector, keystore, path-to-keystore); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ It's finally here! Download Messenger 7.0 - still FREE http://messenger.msn.co.uk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a Cannot find server error in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. // Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); embedded.addConnector( httpConnector ); embedded.start(); // Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Embedded Tomcat SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, sslProtocol, TLS); IntrospectionUtils.setProperty(connector, keypass, keystore-password); IntrospectionUtils.setProperty(connector, keystore, path-to-keystore); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Start dating right now with FREE Match.com membership! http://match.msn.ie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
On Tuesday 31 May 2005 12:39, tom ONeill wrote: You see tomcat home page on http://localhost:443/ because tomcat redirects connection (I think so :) ). I test this on jakarta-tomcat-5.5.9-embedded: Connector httpConnector = new Connector(); httpConnector.setScheme(https); httpConnector.setSecure(true); httpConnector.setEnableLookups(false); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); IntrospectUtils.setProperty(httpConnector, address, InetAddress.getLocalhost()); IntrospectUtils.setProperty(httpConnector, port, +443); Of course you have to create your keystore according to tomcat-5.5.9 documentation. See in your logs. There has to be errors. To see more tomcat messages while tomcat starts add at the top of your code BasicConfigurator.configure(). This line configures commons-logging to output debug messages. If you see Cannot find server, I think the problem is in your httpConnector. While tomcat starts it looks for certificate and private key and if it does not find it connector just would not start. I advise you to see your logs ($CATALINA_HOME/logs directory) more carefully. Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a Cannot find server error in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. /// /// Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); embedded.addConnector( httpConnector ); embedded.start(); /// /// Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Embedded Tomcat SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, sslProtocol, TLS); IntrospectionUtils.setProperty(connector, keypass, keystore-password); IntrospectionUtils.setProperty(connector, keystore, path-to-keystore); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ It's finally here! Download Messenger 7.0 - still FREE http://messenger.msn.co.uk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat SSL
Hi Aleksandar, When I enabled logging using the BasicConfigurator I now get much more logging information (how exactly the logging is configured and what impact the value of CATALINA_HOME has I havent been able to figure out but Im sure Ill get it eventually). Anyway the exception being displayed is / 179070 [http-443-Processor4] DEBUG org.apache.tomcat.util.net.PoolTcpEndpoint - Handshake failed javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) Im guessing this exception is occurring because the server is trying to authenticate the client and expects the client to send a certificate so I updated my code by adding the line IntrospectionUtils.setProperty(httpConnector, clientauth, false); This hasnt resolved my problem but Im sure Ill figure it out eventually. Thanks for all your help. Tom From: Aleksandar Valchev [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Embedded Tomcat SSL Date: Tue, 31 May 2005 13:14:14 +0300 On Tuesday 31 May 2005 12:39, tom ONeill wrote: You see tomcat home page on http://localhost:443/ because tomcat redirects connection (I think so :) ). I test this on jakarta-tomcat-5.5.9-embedded: Connector httpConnector = new Connector(); httpConnector.setScheme(https); httpConnector.setSecure(true); httpConnector.setEnableLookups(false); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); IntrospectUtils.setProperty(httpConnector, address, InetAddress.getLocalhost()); IntrospectUtils.setProperty(httpConnector, port, +443); Of course you have to create your keystore according to tomcat-5.5.9 documentation. See in your logs. There has to be errors. To see more tomcat messages while tomcat starts add at the top of your code BasicConfigurator.configure(). This line configures commons-logging to output debug messages. If you see Cannot find server, I think the problem is in your httpConnector. While tomcat starts it looks for certificate and private key and if it does not find it connector just would not start. I advise you to see your logs ($CATALINA_HOME/logs directory) more carefully. Hi Aleksandar, Thanks for this. When I update my code to do this I still cannot connect from a browser using HTTPS (https://localhost:443/). I get a Cannot find server error in my browser. But if I change my URL so that I use HTTP (http://localhost:443/) I can see the Tomcat homepage. Seems like Tomcat is still only able to handle http requests even though I think I have enabled it for SSL. I have included a extract of my code to illustrate what I am doing. /// /// Connector httpConnector = embedded.createConnector( (java.net.InetAddress) null, 443, true); IntrospectionUtils.setProperty(httpConnector, sslProtocol, TLS); IntrospectionUtils.setProperty(httpConnector, keypass, changeit); IntrospectionUtils.setProperty(httpConnector, keystore, C:/Documents and Settings/tom/.keystore); embedded.addConnector( httpConnector ); embedded.start(); /// /// Any ideas what I am doing wrong (I forgot to mention that I am using embedded Tomcat 5.5.9). Cheers, Tom From: Aleksandar Valchev [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Embedded Tomcat SSL Date: Tue, 31 May 2005 11:55:42 +0300 You have to tell tomcat where to find keystore file: IntrospectionUtils.setProperty(connector, sslProtocol, TLS); IntrospectionUtils.setProperty(connector, keypass, keystore-password); IntrospectionUtils.setProperty(connector, keystore, path-to-keystore); Hope this helps Aleksandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ It's finally here! Download Messenger 7.0 - still FREE http://messenger.msn.co.uk - To unsubscribe, e-mail
Re: Cannot download files with IE through tomcat. SSL with no-cache problems?
I found the solution! Posting here to save other people the problems I had in finding this: Put this in your server.xml (or conf/Catatlina/localhost/*.xml) file: Valve className=org.apache.catalina.authenticator.FormAuthenticator disableProxyCaching=false / -- Don Rota, CTG Operations Rational Software, IBM Software Group 20 Maguire Road, Lexington, MA 02421-3104 Tel: 781 676 2655, Fax: 781 676 7645 [EMAIL PROTECTED] Donny R Rota/Lexington/[EMAIL PROTECTED] 05/06/2005 03:13 PM Please respond to Tomcat Users List To Tomcat Users List tomcat-user@jakarta.apache.org cc Subject Cannot download files with IE through tomcat. SSL with no-cache problems? On Apache Tomcat/5.0.28, I've got SLL installed, and whenever I try to download a doc file I get: Some files can harm your computer. If the file information below looks suspicious, or you do not fully trust the source, do not open or save this file File name: x.doc File type:Microsoft Word Document From:yyy.ibm.com Open Save Cancel More Info I click Open and then the folloing file download dialog comes up: Internet Explorer cannot download .doc from y.ibm.com Internet Explorer was not able to open this Internet Site. The requested site is either unavailable or cannot be found. Please try again later. OK Downloading works fine in FireFox. Downloading works fine if I turn off SSL. We have an apache server (full httpd server) inhouse where this type of SSL download works fine too. Is there a SSL no-cache setting I have to put in server.xml or something? Thanks ...Don... -- Don Rota, CTG Operations Rational Software, IBM Software Group 20 Maguire Road, Lexington, MA 02421-3104 Tel: 781 676 2655, Fax: 781 676 7645 [EMAIL PROTECTED]
Re: Cannot download files with IE through tomcat. SSL with no-cache problems?
As posted by Tim Funk in reply to your original message, the details regarding this problem are found here: http://issues.apache.org/bugzilla/show_bug.cgi?id=27122 Note that it is a problem with IE only, wherein IE can't handle no-cache cache directives, and Tomcat only sets these headers when serving content from a protected context. Also, if you're using other than form authentication, you need to substitute the class name for your authenticator in the valve configuration described below. Donny R Rota wrote: I found the solution! Posting here to save other people the problems I had in finding this: Put this in your server.xml (or conf/Catatlina/localhost/*.xml) file: Valve className=org.apache.catalina.authenticator.FormAuthenticator disableProxyCaching=false / -- Don Rota, CTG Operations Rational Software, IBM Software Group 20 Maguire Road, Lexington, MA 02421-3104 Tel: 781 676 2655, Fax: 781 676 7645 [EMAIL PROTECTED] Donny R Rota/Lexington/[EMAIL PROTECTED] 05/06/2005 03:13 PM Please respond to Tomcat Users List To Tomcat Users List tomcat-user@jakarta.apache.org cc Subject Cannot download files with IE through tomcat. SSL with no-cache problems? On Apache Tomcat/5.0.28, I've got SLL installed, and whenever I try to download a doc file I get: Some files can harm your computer. If the file information below looks suspicious, or you do not fully trust the source, do not open or save this file File name: x.doc File type:Microsoft Word Document From:yyy.ibm.com Open Save Cancel More Info I click Open and then the folloing file download dialog comes up: Internet Explorer cannot download .doc from y.ibm.com Internet Explorer was not able to open this Internet Site. The requested site is either unavailable or cannot be found. Please try again later. OK Downloading works fine in FireFox. Downloading works fine if I turn off SSL. We have an apache server (full httpd server) inhouse where this type of SSL download works fine too. Is there a SSL no-cache setting I have to put in server.xml or something? Thanks ...Don... -- Don Rota, CTG Operations Rational Software, IBM Software Group 20 Maguire Road, Lexington, MA 02421-3104 Tel: 781 676 2655, Fax: 781 676 7645 [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Cannot download files with IE through tomcat. SSL with no-cache problems?
On Apache Tomcat/5.0.28, I've got SLL installed, and whenever I try to download a doc file I get: Some files can harm your computer. If the file information below looks suspicious, or you do not fully trust the source, do not open or save this file File name: x.doc File type:Microsoft Word Document From:yyy.ibm.com Open Save Cancel More Info I click Open and then the folloing file download dialog comes up: Internet Explorer cannot download .doc from y.ibm.com Internet Explorer was not able to open this Internet Site. The requested site is either unavailable or cannot be found. Please try again later. OK Downloading works fine in FireFox. Downloading works fine if I turn off SSL. We have an apache server (full httpd server) inhouse where this type of SSL download works fine too. Is there a SSL no-cache setting I have to put in server.xml or something? Thanks ...Don... -- Don Rota, CTG Operations Rational Software, IBM Software Group 20 Maguire Road, Lexington, MA 02421-3104 Tel: 781 676 2655, Fax: 781 676 7645 [EMAIL PROTECTED]
Re: Cannot download files with IE through tomcat. SSL with no-cache problems?
http://issues.apache.org/bugzilla/show_bug.cgi?id=27122 -Tim Donny R Rota wrote: On Apache Tomcat/5.0.28, I've got SLL installed, and whenever I try to download a doc file I get: Some files can harm your computer. If the file information below looks suspicious, or you do not fully trust the source, do not open or save this file File name: x.doc File type:Microsoft Word Document From:yyy.ibm.com Open Save Cancel More Info I click Open and then the folloing file download dialog comes up: Internet Explorer cannot download .doc from y.ibm.com Internet Explorer was not able to open this Internet Site. The requested site is either unavailable or cannot be found. Please try again later. OK Downloading works fine in FireFox. Downloading works fine if I turn off SSL. We have an apache server (full httpd server) inhouse where this type of SSL download works fine too. Is there a SSL no-cache setting I have to put in server.xml or something? Thanks ...Don... -- Don Rota, CTG Operations Rational Software, IBM Software Group 20 Maguire Road, Lexington, MA 02421-3104 Tel: 781 676 2655, Fax: 781 676 7645 [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cannot download files with IE through tomcat. SSL with no-cache problems?
Hey! I had that problem too, and the fix is as sexy as any windows fix: Edit the registry! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] BypassSSLNoCacheCheck=dword:0001 This tells IE that it is OK to use cached data that was delivered over SSL. I know of no other way to set this value. Larry On 5/6/05, Donny R Rota [EMAIL PROTECTED] wrote: On Apache Tomcat/5.0.28, I've got SLL installed, and whenever I try to download a doc file I get: Some files can harm your computer. If the file information below looks suspicious, or you do not fully trust the source, do not open or save this file File name: x.doc File type: Microsoft Word Document From: yyy.ibm.com http://yyy.ibm.com Open Save Cancel More Info I click Open and then the folloing file download dialog comes up: Internet Explorer cannot download .doc from y.ibm.comhttp://y.ibm.com Internet Explorer was not able to open this Internet Site. The requested site is either unavailable or cannot be found. Please try again later. OK Downloading works fine in FireFox. Downloading works fine if I turn off SSL. We have an apache server (full httpd server) inhouse where this type of SSL download works fine too. Is there a SSL no-cache setting I have to put in server.xml or something? Thanks ...Don... -- Don Rota, CTG Operations Rational Software, IBM Software Group 20 Maguire Road, Lexington, MA 02421-3104 Tel: 781 676 2655, Fax: 781 676 7645 [EMAIL PROTECTED]
Tomcat SSL Client Authentication
Hello I've configured Tomcat SSL Client Authentication with these settings : web.xml ... security-constraint web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method /login-config . server.xml . Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\jdk1.5.0_02\bin\keystore.jks keystorePass=changeit truststoreFile=D:\jdk1.5.0_02\bin\cacerts.jks / ... Client certificate (client.cer) is installed in my IE Browser (version 6.0.28). When I invoke htpps://localhost:8443/myweapp appears a window that asks me to accept the server certificate. I accept and my webapp index page appears. So why I don't see a window for client authentication ? And why I 've the same behaviour also when I remove the client.cer from my Browser ? It seems that client-certification doesn't work. Any help would be greatly appreciated. Thank You Luca Ercoli
Re: Tomcat SSL Client Authentication
Hi, I believe that the clientAuth needs to be set to true in the server.xml. Jim lercoli wrote: Hello I've configured Tomcat SSL Client Authentication with these settings : web.xml ... security-constraint web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method /login-config . server.xml . Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\jdk1.5.0_02\bin\keystore.jks keystorePass=changeit truststoreFile=D:\jdk1.5.0_02\bin\cacerts.jks / ... Client certificate (client.cer) is installed in my IE Browser (version 6.0.28). When I invoke htpps://localhost:8443/myweapp appears a window that asks me to accept the server certificate. I accept and my webapp index page appears. So why I don't see a window for client authentication ? And why I 've the same behaviour also when I remove the client.cer from my Browser ? It seems that client-certification doesn't work. Any help would be greatly appreciated. Thank You Luca Ercoli - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL Client Authentication
Hi Jim I've tried with clientAuth = true but server certificate window doesn't appear and I get page not found error. - Original Message - From: ohaya [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 27, 2005 12:49 PM Subject: Re: Tomcat SSL Client Authentication Hi, I believe that the clientAuth needs to be set to true in the server.xml. Jim lercoli wrote: Hello I've configured Tomcat SSL Client Authentication with these settings : web.xml ... security-constraint web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method /login-config . server.xml . Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\jdk1.5.0_02\bin\keystore.jks keystorePass=changeit truststoreFile=D:\jdk1.5.0_02\bin\cacerts.jks / ... Client certificate (client.cer) is installed in my IE Browser (version 6.0.28). When I invoke htpps://localhost:8443/myweapp appears a window that asks me to accept the server certificate. I accept and my webapp index page appears. So why I don't see a window for client authentication ? And why I 've the same behaviour also when I remove the client.cer from my Browser ? It seems that client-certification doesn't work. Any help would be greatly appreciated. Thank You Luca Ercoli - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL Client Authentication
Hi, Sorry if that didn't help. Here's what I have in server.xml (I don't remember if I had to change anything outside of server.xml to enable client authentication): !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector port=8443 className=org.apache.coyote.tomcat5.CoyoteConnector maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=true sslProtocol=TLS keystoreFile=e:\tomcat\jakart~1.27\ssl\servercertificate.keystore keystoreType=PKCS12 truststoreFile=C:\Documents and Settings\Administrator\.keystore truststorePass=XXX truststoreType=JKS / Jim P.S. When I was doing this (which was awhile ago), I didn't find any way to get Tomcat to check for client cert revocations (i.e., CRL checking). I don't know if that has changed at all since then. lercoli wrote: Hi Jim I've tried with clientAuth = true but server certificate window doesn't appear and I get page not found error. - Original Message - From: ohaya [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 27, 2005 12:49 PM Subject: Re: Tomcat SSL Client Authentication Hi, I believe that the clientAuth needs to be set to true in the server.xml. Jim lercoli wrote: Hello I've configured Tomcat SSL Client Authentication with these settings : web.xml ... security-constraint web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method /login-config . server.xml . Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\jdk1.5.0_02\bin\keystore.jks keystorePass=changeit truststoreFile=D:\jdk1.5.0_02\bin\cacerts.jks / ... Client certificate (client.cer) is installed in my IE Browser (version 6.0.28). When I invoke htpps://localhost:8443/myweapp appears a window that asks me to accept the server certificate. I accept and my webapp index page appears. So why I don't see a window for client authentication ? And why I 've the same behaviour also when I remove the client.cer from my Browser ? It seems that client-certification doesn't work. Any help would be greatly appreciated. Thank You Luca Ercoli - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL Client Authentication
What version of TC? I've read something about configuring the HTTPS connector to perform SSL client certificate authorization. I'm agree with Jim, in server.xml, the clientAuth should be set to true. That is the correct setting, if you get a page not found, that doesn't mean the cert didn't work... Also, the name on the client cert must be exactly the same as the one in the user database. I've also read that you don't need and security-constraints to use the CLIENT-CERT unless you're also using a separeat Realm. DW --- lercoli [EMAIL PROTECTED] wrote: Hi Jim I've tried with clientAuth = true but server certificate window doesn't appear and I get page not found error. - Original Message - From: ohaya [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 27, 2005 12:49 PM Subject: Re: Tomcat SSL Client Authentication Hi, I believe that the clientAuth needs to be set to true in the server.xml. Jim lercoli wrote: Hello I've configured Tomcat SSL Client Authentication with these settings : web.xml ... security-constraint web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method /login-config . server.xml . Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\jdk1.5.0_02\bin\keystore.jks keystorePass=changeit truststoreFile=D:\jdk1.5.0_02\bin\cacerts.jks / ... Client certificate (client.cer) is installed in my IE Browser (version 6.0.28). When I invoke htpps://localhost:8443/myweapp appears a window that asks me to accept the server certificate. I accept and my webapp index page appears. So why I don't see a window for client authentication ? And why I 've the same behaviour also when I remove the client.cer from my Browser ? It seems that client-certification doesn't work. Any help would be greatly appreciated. Thank You Luca Ercoli - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL Client Authentication
Tomcat version 5.5.9 (JDK 1.5.0_02 and Windows 2000 Professional). Client certificate username is a tomcat user (with which I've already successfully tested in DIGEST authentication). The strange thing is that when I set authClient to true I never see the the alert window of the server certificate (while instead appears with clientAuth = false). - Original Message - From: Darryl Wilburn [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 27, 2005 3:55 PM Subject: Re: Tomcat SSL Client Authentication What version of TC? I've read something about configuring the HTTPS connector to perform SSL client certificate authorization. I'm agree with Jim, in server.xml, the clientAuth should be set to true. That is the correct setting, if you get a page not found, that doesn't mean the cert didn't work... Also, the name on the client cert must be exactly the same as the one in the user database. I've also read that you don't need and security-constraints to use the CLIENT-CERT unless you're also using a separeat Realm. DW --- lercoli [EMAIL PROTECTED] wrote: Hi Jim I've tried with clientAuth = true but server certificate window doesn't appear and I get page not found error. - Original Message - From: ohaya [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 27, 2005 12:49 PM Subject: Re: Tomcat SSL Client Authentication Hi, I believe that the clientAuth needs to be set to true in the server.xml. Jim lercoli wrote: Hello I've configured Tomcat SSL Client Authentication with these settings : web.xml ... security-constraint web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method /login-config . server.xml . Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\jdk1.5.0_02\bin\keystore.jks keystorePass=changeit truststoreFile=D:\jdk1.5.0_02\bin\cacerts.jks / ... Client certificate (client.cer) is installed in my IE Browser (version 6.0.28). When I invoke htpps://localhost:8443/myweapp appears a window that asks me to accept the server certificate. I accept and my webapp index page appears. So why I don't see a window for client authentication ? And why I 've the same behaviour also when I remove the client.cer from my Browser ? It seems that client-certification doesn't work. Any help would be greatly appreciated. Thank You Luca Ercoli - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache Web server + Tomcat + SSL
Hi list, I have integrated the Apache web server and Tomcat on a Win2K PC with the latest versions of software. I have also successfully used OpenSSL to create my own CA (certificate authority) and create a keystore through keytool so that I can use SSL with Tomcat. On the client side I needed to accept and install two certificates -- one for my home-made certificate authority (the root certificate mydomain.com), and then another for the actual server certificate (mypc.mydomain.com). This seems like a pain as I had to install both certificates in the client Trusted Root Certificate keystore in order for the certificate dialog box not to pop up on the client machine when accessing the server URL through https. Is there a way so that the client side only has to install one of the certificates? Do I have to add SSL to the Apache web server side through mod_ssl --- is this legal as I have been told that Apache-SSL and Apache + mod_ssl are not legal everywhere in the world -- here in the US for example? Thanks, Sal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat ssl configuration
No i created it with the user which i installed tomcat on the machine, does it make difference? -Original Message- From: James T. Studebaker [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 05, 2005 5:00 AM To: Tomcat Users List Subject: Re: tomcat ssl configuration Did you create the keystore while logged on as the root user? Thank you James T. Studebaker - Original Message - From: Mustafa BLKBA [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Monday, April 04, 2005 8:24 AM Subject: tomcat ssl configuration I use tomcat 5.0.28 on linux, my j2se version is 1.4.02. I did all the steps in the document which is on this link but it's not working. Is there anybody who can help me with this issue? Thanx, Mustafa. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat ssl configuration
I use tomcat 5.0.28 on linux, my j2se version is 1.4.02. I did all the steps in the document which is on this link but it's not working. Is there anybody who can help me with this issue? Thanx, Mustafa.
tomcat ssl configuration
I use tomcat 5.0.28 on linux, my j2se version is 1.4.02. I did all the steps in the document which is on this link http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html but it's not working. Is there anybody who can help me with this issue? Thanx, Mustafa.
Re: tomcat ssl configuration
On Apr 4, 2005 6:06 PM, Mustafa BLKBA [EMAIL PROTECTED] wrote: I use tomcat 5.0.28 on linux, my j2se version is 1.4.02. I did all the steps in the document which is on this link http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html but it's not working. Is there anybody who can help me with this issue? Thanx, Mustafa. You will get some error messages if it is not working. Post the error messages. Then somebody can help. The log files are located in CATALINA_HOME/logs directory. -- Anto Paul www.benchmarksoft.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat SSL Issues
Look at your java.security file Also which version of java are you using? Baltimore is working with java 1.3.1 not 1.4 so maybe that is a problem. Ap ...the journey IS the destination... -Original Message- From: LGM [mailto:[EMAIL PROTECTED] Sent: Friday, April 01, 2005 2:17 PM To: tomcat-user@jakarta.apache.org Subject: Tomcat SSL Issues Hello List, I am trying to configure tomcat for SSL on Red Hat 8.0 and I run the keytool script to obtain a CSR for my Certificate Authority. I am getting the following error: #$JAVA_HOME/bin/keytool -certreq -keyalg RSA -alias tomcat -file /root/certreq.csr keytool error: java.security.cert.CertificateException: Error decoding X.509 certificate: com.baltimore.jcrypto.coders.CoderException: com.baltimore.jcrypto.asn1.ASN1Integer; com.baltimore.jcrypto.asn1.ASN1Exception: com.baltimore.jcrypto.asn1.ASN1Integer; java.lang.ClassCastException: com.baltimore.jcrypto.asn1.ASN1Integer Does anyone have any ideas what's going on here? Thanks in advance!! Luciano M. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat ssl configuration
Did you create the keystore while logged on as the root user? Thank you James T. Studebaker - Original Message - From: Mustafa BLKBA [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Monday, April 04, 2005 8:24 AM Subject: tomcat ssl configuration I use tomcat 5.0.28 on linux, my j2se version is 1.4.02. I did all the steps in the document which is on this link but it's not working. Is there anybody who can help me with this issue? Thanx, Mustafa. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat SSL Issues
Hello List, I am trying to configure tomcat for SSL on Red Hat 8.0 and I run the keytool script to obtain a CSR for my Certificate Authority. I am getting the following error: #$JAVA_HOME/bin/keytool -certreq -keyalg RSA -alias tomcat -file /root/certreq.csr keytool error: java.security.cert.CertificateException: Error decoding X.509 certificate: com.baltimore.jcrypto.coders.CoderException: com.baltimore.jcrypto.asn1.ASN1Integer; com.baltimore.jcrypto.asn1.ASN1Exception: com.baltimore.jcrypto.asn1.ASN1Integer; java.lang.ClassCastException: com.baltimore.jcrypto.asn1.ASN1Integer Does anyone have any ideas what's going on here? Thanks in advance!! Luciano M. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
TOMCAT SSL PROBLEM
HI! I am having problem in production deployment. I am using Tomcat 4.1.24 . It's working fine in Win 2k UAT machine , same is working fine in Linux 2.1 UAT machine. While same is fine in production machine as well. But I change server.xml in all the three machine, it works fine in both UAT machine but doesn't work in production machine. When starting tomcat it hangs showing the cursor after this line HttpConnector Opening server socket on all host IP addresses and doesn't go ahead. Can anyone help me where I am wrong? Abhishek - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat SSL.
Hi I am using Tomcat 5.0.28, I need to have ssl configured, What are the steps in getting this. Any document and help is appreciated. Thanks __ Do you Yahoo!? Yahoo! Sports - Sign up for Fantasy Baseball. http://baseball.fantasysports.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL.
take a look here: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html On Sun, 27 Feb 2005 13:58:45 -0800 (PST), deepak suldhal [EMAIL PROTECTED] wrote: Hi I am using Tomcat 5.0.28, I need to have ssl configured, What are the steps in getting this. Any document and help is appreciated. Thanks __ Do you Yahoo!? Yahoo! Sports - Sign up for Fantasy Baseball. http://baseball.fantasysports.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Adobati Omar [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat + SSL, apache
Is there any way to have the Tomcat with SSL and a front-end Apache, wich should only serve as a interface between client and tomcat? I mean tomcat should serve the certificates and do all the ssl, apache only to redirect traffic to it. thanks. Laurentiu VasiescuNetwork Administrator S.A. Tri-Pen TravelMaster Technologies, SRL Eastern Europe - Bucharest (Romania) Office: +40 (31) 401 1152+40 (31) 402 5027 Fax: +40 (21) 323 4357 E-mail: [EMAIL PROTECTED] Web: http://www.tri-pen.ro Confidentiality Notice: This email message, including any attachments,is for the sole use of the intended recipient(s) and may contain confidentialand privileged information. Any unauthorized review, use, disclosure ordistribution is prohibited. If you are not the intended recipient, pleasecontact Tri-Pen TavelMaster Technologies at +40 (31) 401 1152 and destroyall copies of the original message.
Re: tomcat + SSL, apache
Don't think so. Apache takes on the connection and therefore is in charge of the SSL handshake. So you will have to confiure apache to support SSL. They only way to make tomcat handle the handshake is to make it directly available to the browser. But guess you allready kind of suspected it :) Regards, Wouter On Mon, 14 Feb 2005 15:25:59 +0200, Laurentiu Vasiescu [EMAIL PROTECTED] wrote: Is there any way to have the Tomcat with SSL and a front-end Apache, wich should only serve as a interface between client and tomcat? I mean tomcat should serve the certificates and do all the ssl, apache only to redirect traffic to it. thanks. Laurentiu Vasiescu Network Administrator S.A. Tri-Pen TravelMaster Technologies, SRL Eastern Europe - Bucharest (Romania) Office: +40 (31) 401 1152 +40 (31) 402 5027 Fax: +40 (21) 323 4357 E-mail: [EMAIL PROTECTED] Web: http://www.tri-pen.ro Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact Tri-Pen TavelMaster Technologies at +40 (31) 401 1152 and destroy all copies of the original message. -- Regards, Wouter Boers business: http://www.abcdarium.nl personal: http://www.ikke.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat + SSL, apache
On Mon, 14 Feb 2005 15:25:59 +0200, Laurentiu Vasiescu [EMAIL PROTECTED] wrote: Is there any way to have the Tomcat with SSL and a front-end Apache, wich should only serve as a interface between client and tomcat? I mean tomcat should serve the certificates and do all the ssl, apache only to redirect traffic to it. thanks. Google for configuring Apache as a Forward Proxy, I think that should do what you want but not 100% sure. Regards, -- Jason Bainbridge KDE - Conquer Your Desktop - http://kde.org KDE Web Team - [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat + SSL, apache
Actually I believe its the opposite. Apache serves the certificate the communication between Tomcat and Apache shouldnt be public anyway. From: Laurentiu Vasiescu [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: tomcat-user@jakarta.apache.org Subject: tomcat + SSL, apache Date: Mon, 14 Feb 2005 15:25:59 +0200 Is there any way to have the Tomcat with SSL and a front-end Apache, wich should only serve as a interface between client and tomcat? I mean tomcat should serve the certificates and do all the ssl, apache only to redirect traffic to it. thanks. Laurentiu Vasiescu Network Administrator S.A. Tri-Pen TravelMaster Technologies, SRL Eastern Europe - Bucharest (Romania) Office: +40 (31) 401 1152 +40 (31) 402 5027 Fax: +40 (21) 323 4357 E-mail: [EMAIL PROTECTED] Web: http://www.tri-pen.ro Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact Tri-Pen TavelMaster Technologies at +40 (31) 401 1152 and destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat + SSL, apache
Didier McGillis wrote: Actually I believe its the opposite. Apache serves the certificate the communication between Tomcat and Apache shouldnt be public anyway. Apache makes the SSL handshake and passes any client certificate to Tomcat. Any servlet sees that like it came directly from Tomcat. Communication between apache and tomcat is not encrypted, so if you are concerned about the security, put the apache on the box with two NIC cards, and use the second for the apache-tomcat communication. AJP14 protocol will have encryption embedded, so until then :). Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need Clarification on Tomcat SSL Configuration....
On Wed, Dec 01, 2004 at 11:14:31AM +0530, [EMAIL PROTECTED] wrote: : I have configured the Tomcat SSL Port for HTTPS. : Whenever I access the Web Page the Page Refreshes twice. : Need Help on this. Details, details, details: 1/ what are the Connector/ entries from your Tomcat setup? (for those of us who are not clairvoyant) 2/ what version of Tomcat and the JDK do you run? (in case you're hitting a known bug in an older version) 3/ What URL(s) do you hit that trigger the behavior? Do you have AccessLogValve and RequestDumperValve configured, such that you can see all of the data going back and forth between the client and server? 4/ What's in the page itself? (This may be a case of Pilot Error) etc, etc. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Need Clarification on Tomcat SSL Configuration....
Hi, I have configured the Tomcat SSL Port for HTTPS. Whenever I access the Web Page the Page Refreshes twice. Need Help on this. Thanks Regards, Raghavendra C N Wipro Technologies, Phone: 91 80 8520408 Extn: 1067 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments.
apache ssl or tomcat ssl?
Hello Tomcat newbie over here.. I was wondering.. I have my apache server set up to handle SSL (443) and my tomcat (5.0.28) as well on port 8443. Is there any reason why I should use the Tomcat SSL, whereas I already have apache SSL? Only thing I see at the moment is that some places (like my company) block outbound ports, so I am able to get to my 443 port, but not 8443. Thanks. fb. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache ssl or tomcat ssl?
Tomcat newbie over here.. I was wondering.. I have my apache server set up to handle SSL (443) and my tomcat (5.0.28) as well on port 8443. Is there any reason why I should use the Tomcat SSL, whereas I already have apache SSL? Only thing I see at the moment is that some places (like my company) block outbound ports, so I am able to get to my 443 port, but not 8443. I believe you can switch ports on either server as you wish, but I would think apache would serve your ssl requests/responses faster. You could probably use ssl on either and pick a different port. BTW I imagine it's also possible to have apache proxy your ssl connections to tomcat; but that's probably OT here. I'm a newbie too. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Fwd: Tomcat + ssl problems
Hi, Thanks for your reply. We are using jdk1.4.2. I am busy recompiling it as we speak to be 100% sure that it's ok. At 10:20 AM 8/18/2004 -0700, Hassan Schroeder wrote: Lloyd Hopper wrote: I am re-submitting this mail as I have had absolutely no response as of yet - is there really no one that has come across this before? I haven't (and I'm running Tomcat/SSL), but... Firstly, the keytool will not work properly when generating a new key. right off the bat, that tells me it's not a Tomcat problem, it's a basic JVM install problem of some kind. Keytool should work; until you fix that, you're stuck. Are you on a current JVM? That's where I'd be looking, at least... FWIW, -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Fwd: Tomcat + ssl problems
Hello, I am re-submitting this mail as I have had absolutely no response as of yet - is there really no one that has come across this before? I have seen similar problems both here and via Google groups but no really helpful solutions. Once again, please could somebody point me in the right direction on how to solve this. I was maybe thinking that the Tomcat compilation (with the JSSE automatically included) was not done properly, but standalone without SSL everything runs perfectly. Suggestions please Lloyd Date: Thu, 12 Aug 2004 14:02:59 +0200 To: [EMAIL PROTECTED] From: Lloyd Hopper [EMAIL PROTECTED] Subject: Tomcat + ssl problems Hello, I am sure somebody has come across something similar before but I have been unable to find a resolution as yet. The problem is this; I am trying to enable SSL in Tomcat 4.1.29 and several things happen that are not correct, even though this should be a rather simple goal to achieve. Firstly, the keytool will not work properly when generating a new key. You get asked all the questions and when you have finished and you confirm the information entered with a 'yes' it just hangs. Importing with keytool and checking the keystore both work fine (the -list and -import flags) but generating doesn't (-genkey). I cannot seem to find any error messages either and in top the process appears intermittently. Secondly, after importing the certificate (made with openssl) I then change the server.xml config and ensure that the JSSE_HOME is correct in catalina.sh and restart Tomcat using catalina.sh. This is what I get: - begin excerpt catalina log -- Exception during startup processing java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) Caused by: java.lang.NoClassDefFoundError: javax/net/ServerSocketFactory at java.lang.ClassLoader.findBootstrapClass(Native Method) at java.lang.ClassLoader.findBootstrapClass0(ClassLoader.java:709) at java.lang.ClassLoader.loadClass(ClassLoader.java:284) at java.lang.ClassLoader.loadClass(ClassLoader.java:282) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274) at java.lang.ClassLoader.loadClass(ClassLoader.java:235) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) at org.apache.tomcat.util.net.jsse.JSSE14Factory.getSocketFactory(JSSE14Factory.java:80) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactory(JSSEImplementation.java:113) at org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Protocol.java:615) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:166) at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1173) at org.apache.catalina.core.StandardService.initialize(StandardService.java:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) ... 5 more end excerpt catalina log - Tomcat runs perfectly if I comment the SSL out. --- begin server.xml excerpt --- !-- Define a non-SSL Coyote HTTP/1.1 Connector -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8180 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to -1 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile
Re: Fwd: Tomcat + ssl problems
Lloyd Hopper wrote: I am re-submitting this mail as I have had absolutely no response as of yet - is there really no one that has come across this before? I haven't (and I'm running Tomcat/SSL), but... Firstly, the keytool will not work properly when generating a new key. right off the bat, that tells me it's not a Tomcat problem, it's a basic JVM install problem of some kind. Keytool should work; until you fix that, you're stuck. Are you on a current JVM? That's where I'd be looking, at least... FWIW, -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat + ssl problems
Hello, I am sure somebody has come across something similar before but I have been unable to find a resolution as yet. The problem is this; I am trying to enable SSL in Tomcat 4.1.29 and several things happen that are not correct, even though this should be a rather simple goal to achieve. Firstly, the keytool will not work properly when generating a new key. You get asked all the questions and when you have finished and you confirm the information entered with a 'yes' it just hangs. Importing with keytool and checking the keystore both work fine (the -list and -import flags) but generating doesn't (-genkey). I cannot seem to find any error messages either and in top the process appears intermittently. Secondly, after importing the certificate (made with openssl) I then change the server.xml config and ensure that the JSSE_HOME is correct in catalina.sh and restart Tomcat using catalina.sh. This is what I get: - begin excerpt catalina log -- Exception during startup processing java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) Caused by: java.lang.NoClassDefFoundError: javax/net/ServerSocketFactory at java.lang.ClassLoader.findBootstrapClass(Native Method) at java.lang.ClassLoader.findBootstrapClass0(ClassLoader.java:709) at java.lang.ClassLoader.loadClass(ClassLoader.java:284) at java.lang.ClassLoader.loadClass(ClassLoader.java:282) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274) at java.lang.ClassLoader.loadClass(ClassLoader.java:235) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) at org.apache.tomcat.util.net.jsse.JSSE14Factory.getSocketFactory(JSSE14Factory.java:80) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactory(JSSEImplementation.java:113) at org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Protocol.java:615) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:166) at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1173) at org.apache.catalina.core.StandardService.initialize(StandardService.java:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) ... 5 more end excerpt catalina log - Tomcat runs perfectly if I comment the SSL out. --- begin server.xml excerpt --- !-- Define a non-SSL Coyote HTTP/1.1 Connector -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8180 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to -1 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=MYKEYSTORE keystorePass=MYPASSWD clientAuth=false / /Connector end server.xml excerpt --- begin excerpt catalina.sh -- # java home JAVA_HOME=/usr/local/jdk1.4.2; export JAVA_HOME # JSSE home JSSE_HOME=/usr/local/jdk1.4.2/jre; export JSSE_HOME snip # Add on extra jar files to CLASSPATH if [ -n $JSSE_HOME ]; then CLASSPATH=$CLASSPATH:$JSSE_HOME/lib/ext/jcert.jar:$JSSE_HOME/lib/ext/jnet.jar:$JSSE_HOME/lib/ext/jsse.jar fi CLASSPATH=$CLASSPATH:$CATALINA_HOME/bin/bootstrap.jar: end catalina.sh excerpt --- Of course JSSE was already included in JDK 1.4 (we are running jdk 1.4.2) so it was not necessary to download that
IIS - Tomcat - SSL - Please Help
I have an SSL certificate already installed on IIS and would like my web pages to be displayed in HTTPS mode using Tomcat. What steps must I take to do this? Thank you very much in advance. Regards, Rama - Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish.
RE: How to optimize Tomcat SSL
I write only to comment that you can support more connections if you serve pages through https BUT images from http. (You'll remember many https pages where the browser warms you something like this page contains insecure elements or something similar... from the old benchmarks Remy and I ran, 20 concurrent connections is the limit for SSL. fewer if you have lots of graphics. Even though a 2ghz CPU webserver can handle 10 concurrent SSL ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to optimize Tomcat SSL
yup, you sure can if you're willing to subject the users to the annoying message. What some people do is get a dedicated image server and setup https on it. that way, you don't get the annoying warning and you don't impact the webserver doing the real work. peter Gabi [EMAIL PROTECTED] wrote: I write only to comment that you can support more connections if you serve pages through https BUT images from http. (You'll remember many https pages where the browser warms you something like this page contains insecure elements or something similar... from the old benchmarks Remy and I ran, 20 concurrent connections is the limit for SSL. fewer if you have lots of graphics. Even though a 2ghz CPU webserver can handle 10 concurrent SSL ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!
How to optimize Tomcat SSL
Is there any way to optimize Tomcat's SSL implementation? Can I change the protocol to only use 40 bit encryption? Can I change the default keep alive time for the SSL session? Are there any other values for 'protocol' other than TLS? I am running a web app that is using Axis for web service communication to alot of client apps. These apps communicate to the server every 30 seconds. I would like a way to cache the SSL session so that handshaking is not happening every time. It looks like the typical answer to optimizing SSL is to not use Tomcat for SSL and use Apache. Is that really the recommended solution? Here is my current config: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=100 connectionTimeout=6 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=true protocol=TLS keystoreFile=/serverKeys keystorePass=password/ /Connector - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to optimize Tomcat SSL
the good news is there's nothing much you can do to optimize tomcat's SSL. The bad news is SSL is CPU intensive. the most reliable way to improve SSL performance is to get a hardware accelerator. People tend to disagree on this, but I am biased in favor of using hardware acceleration. from the old benchmarks Remy and I ran, 20 concurrent connections is the limit for SSL. fewer if you have lots of graphics. Even though a 2ghz CPU webserver can handle 10 concurrent SSL connection and stay around 50% CPU usage, I personally wouldn't want to do that. On a 400-500mhz CPU 5-8 is the limit. I hope that helps. peter Jeremy Conner [EMAIL PROTECTED] wrote: Is there any way to optimize Tomcat's SSL implementation? Can I change the protocol to only use 40 bit encryption? Can I change the default keep alive time for the SSL session? Are there any other values for 'protocol' other than TLS? I am running a web app that is using Axis for web service communication to alot of client apps. These apps communicate to the server every 30 seconds. I would like a way to cache the SSL session so that handshaking is not happening every time. It looks like the typical answer to optimizing SSL is to not use Tomcat for SSL and use Apache. Is that really the recommended solution? Here is my current config: className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=100 connectionTimeout=6 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=true protocol=TLS keystoreFile=/serverKeys keystorePass=password/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger
Re: How to optimize Tomcat SSL
We use Apache HTTP on the front for SSL. Makes a world of difference. Cheers, Alex. Jeremy Conner wrote: Is there any way to optimize Tomcat's SSL implementation? Can I change the protocol to only use 40 bit encryption? Can I change the default keep alive time for the SSL session? Are there any other values for 'protocol' other than TLS? I am running a web app that is using Axis for web service communication to alot of client apps. These apps communicate to the server every 30 seconds. I would like a way to cache the SSL session so that handshaking is not happening every time. It looks like the typical answer to optimizing SSL is to not use Tomcat for SSL and use Apache. Is that really the recommended solution? Here is my current config: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=100 connectionTimeout=6 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=true protocol=TLS keystoreFile=/serverKeys keystorePass=password/ /Connector - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat SSL Question.
Hi all, New to SSL, not tomcat. :-) ENV. Tomcat 5.0 JDK 1.4.2_04-b05 Win XP I followed everything on http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html I did the following. 1. keytool -genkey -keyalg RSA -keystore chap8.keystore -storepass changeit 2. keytool -certreq -keyalg RSA -file breaker.csr -keystore keystore 3. I copied the content of the .csr and added it to the form on https://www.thawte.com/cgi/server/try.exe 4. It generated the content for a .cer file. 5. keytool -keystore keystore -keyalg RSA -import -trustcacerts -file breaker.cer 6. I changed the server.xml by commenting out the Connector port=8080 .../ uncommented Connector port=8443/ . 7. I added keystoreFile=conf/keystore, keystorePass=changit, keystoreType=jks and clientAuth=true to the Connector port=8443 / 8. I downloaded and installed the Test Root Certificates from Thawte and installed them on Mozilla FireFox. 9. Start Tomcat and hit the https://breaker:8443/myApp/etc... and I get the following error: [ERROR] sun.security.validator.ValidatorException: No trusted certificate found: unable to load file https://breaker:8443/myApp/services/print.wsdl FATAL!!! Error connecting to Services FATAL [http-8443-Processor24] (RequestControllerServlet.java:165) - Error Binding to the Service 10. If I put JAVA_OPTS=-Djavax.net.ssl.trustStore=C:/Tomcat5.0/conf/keystore -Djavax.net.ssl.keyStorePassword=changeit in the Catalina.bat, I get a dialog stating 'Could not establish an encrypted connection because your certificate was reject by breaker. Error Code: -12271. 11. If I change clientAuth=want, it works but I don't see the dialog prompting me about the certificate. What am I doing wrong? Is this correct behavior? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat, SSL and multiple urls
Hi. Is it possible for tomcat to have multiple domain names connecting thru SSL? For example, my tomcat-5.0.19 is hosted on a server with 202.10.11.12 as its public IP. This IP can be accessed thru either www.myserver1.net or www.myserver2.net. All connections can only go thru SSL (https). Is this possible? If so, how do I configure tomcat's keystore? Thanks in advance. - ian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat, SSL and multiple urls
The SSL protocol demands that the domain recorded within the SSL certificate is the same as the domain thru which the SSL connection is obtained. Otherwise the SSL connection negotiation will fail. This is to avoid the nastiness of hijacking and whatnot. To use the 2 different domains that you have you will need 2 different SSL certificates, taking into account the limitations in the web server et all to handle multiple SSL certificates for different domains etc. My memory is a little fuzzy on this area as its been a while since I've had to think about it so take some salt with this :) Alternativly if you had a redirector or load balancer of some kind sitting in front of your web server you could have a SSL certifcate bound to a more generic domain like www.myserver.net, and have the redirector/balancer dish out the requests to www.myserver1.net and www.myserver2.net while still supporting the SSL. I don't know how Tomcats load balancing works with SSL... But then i'm not a network architect either... so more salt.. Regards, Shane. -Original Message- From: ian [mailto:[EMAIL PROTECTED] Sent: Wednesday, 12 May 2004 2:41 PM To: 'Tomcat Users List' Subject: tomcat, SSL and multiple urls Hi. Is it possible for tomcat to have multiple domain names connecting thru SSL? For example, my tomcat-5.0.19 is hosted on a server with 202.10.11.12 as its public IP. This IP can be accessed thru either www.myserver1.net or www.myserver2.net. All connections can only go thru SSL (https). Is this possible? If so, how do I configure tomcat's keystore? Thanks in advance. - ian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat, SSL and multiple urls
This setup is actually not for load balancing. We just had a bad experience yesterday wherein a supposed world class data center here failed to pay their bills resulting to forfeit their registration for their domain names, 2 of which were ours. Because of this our services were inaccessible to all our clients. To prevent another event like this, I was thinking of having another domain name for our server hosted on a different DNS. I'm just not sure whether tomcat can handle multiple SSL certificates. If so, how do I configure it? Thanks for your reply. - ian -Original Message- From: Shane Linley [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 12, 2004 2:53 PM To: Tomcat Users List Subject: RE: tomcat, SSL and multiple urls The SSL protocol demands that the domain recorded within the SSL certificate is the same as the domain thru which the SSL connection is obtained. Otherwise the SSL connection negotiation will fail. This is to avoid the nastiness of hijacking and whatnot. To use the 2 different domains that you have you will need 2 different SSL certificates, taking into account the limitations in the web server et all to handle multiple SSL certificates for different domains etc. My memory is a little fuzzy on this area as its been a while since I've had to think about it so take some salt with this :) Alternativly if you had a redirector or load balancer of some kind sitting in front of your web server you could have a SSL certifcate bound to a more generic domain like www.myserver.net, and have the redirector/balancer dish out the requests to www.myserver1.net and www.myserver2.net while still supporting the SSL. I don't know how Tomcats load balancing works with SSL... But then i'm not a network architect either... so more salt.. Regards, Shane. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache-tomcat ssl doc download error in IE
This fix will only work if you have apache using the mod_headers module. I do not have that module installed on my version of apache, so I am not sure if there is any other work around. Do you have any other ideas? I am quickly running out of ideas myself. thank you. Daniel wrote: Hi, I actually just got this working and the answer is unbelievably bizarre. It all sorta boiled down to the Pragma header. I can't set the pragma header in my servlet and must do it in the Apache httpd.conf like this: Header append Pragma blah And blah could be anything and would still work, it's just the fact that it's set in the Apache httpd.conf! Weird, this isn't scientific, I must be missing something. :) Here's the combo I got it working with: Pragma: no-cache, blah Cache-Control: private Content-Length: sizeof(stream) Content-disposition: attachment; filename=doc.pdf Regards, Daniel On Thu, 5 Feb 2004, Mark W. Webb wrote: I am seeing a very similar problem with Tomcat 4.1.24 and Apache over SSL on Solaris 9. I am using Tomcat4.1.24, JDK 1.4.2 Apache 2.0.48(mod_ssl, mod_jk), OpenSSL 0.9.7c. Everything compiled from source except JDK. Hi, I'm really stumped and hope someone can provide insight :( We got a tomcat server connected behind a an apache web server via mod_jk. when running without ssl, a user submits a form and is able to retrieve a pdf document (they can save or open it) using IE6. But over ssl they would get this error: Internet Explorer cannot download doc.pdf from myhost.com. Internet EXplorer was not able to open this Internet site. The requested site is either unavailable or cannnot be found. Please try again later. This doesn't happen with Mozilla and it would work as expected. Thing is, we've got a *solution* for this when using mod_python and mod_perl...just not with Java/Tomcat. The solution for those were to set special http headers so IE can interpret things correctly: - Pragma = 'nocache' - Expires = 'now' - Cache-Control = 'private' - Content-Length = sizeof(stream) - Content-disposition = 'attachment; filename=doc.pdf' This was done by a co-worker of mine and it worked. I later saw something about setting Cache-Control = public cuz IE won't save private stuff. But even when I explicity setHeader(Cache-Control, public) I still see Cache-Control = private, public. So I have 2 questions: 1. Does anyone know why there are two values even when I explicity call setHeader(..) for the Cache-Control? Is Tomcat silently setting this? The source doesn't seem to have that though... :( 2. Has anyone run into this and solved it? I'd be much more interested in this answer :)) We're using: - Tomcat 4.0.6, via mod_jk to Apache 1.3.x with mod_ssl, on Linux. - Turbine 2.3 framework - JDK 1.4.x. TIA, Daniel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
apache-tomcat ssl doc download error in IE
Hi, I'm really stumped and hope someone can provide insight :( We got a tomcat server connected behind a an apache web server via mod_jk. when running without ssl, a user submits a form and is able to retrieve a pdf document (they can save or open it) using IE6. But over ssl they would get this error: Internet Explorer cannot download doc.pdf from myhost.com. Internet EXplorer was not able to open this Internet site. The requested site is either unavailable or cannnot be found. Please try again later. This doesn't happen with Mozilla and it would work as expected. Thing is, we've got a *solution* for this when using mod_python and mod_perl...just not with Java/Tomcat. The solution for those were to set special http headers so IE can interpret things correctly: - Pragma = 'nocache' - Expires = 'now' - Cache-Control = 'private' - Content-Length = sizeof(stream) - Content-disposition = 'attachment; filename=doc.pdf' This was done by a co-worker of mine and it worked. I later saw something about setting Cache-Control = public cuz IE won't save private stuff. But even when I explicity setHeader(Cache-Control, public) I still see Cache-Control = private, public. So I have 2 questions: 1. Does anyone know why there are two values even when I explicity call setHeader(..) for the Cache-Control? Is Tomcat silently setting this? The source doesn't seem to have that though... :( 2. Has anyone run into this and solved it? I'd be much more interested in this answer :)) We're using: - Tomcat 4.0.6, via mod_jk to Apache 1.3.x with mod_ssl, on Linux. - Turbine 2.3 framework - JDK 1.4.x. TIA, Daniel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache-tomcat ssl doc download error in IE
I am seeing a very similar problem with Tomcat 4.1.24 and Apache over SSL on Solaris 9. I am using Tomcat4.1.24, JDK 1.4.2 Apache 2.0.48(mod_ssl, mod_jk), OpenSSL 0.9.7c. Everything compiled from source except JDK. Hi, I'm really stumped and hope someone can provide insight :( We got a tomcat server connected behind a an apache web server via mod_jk. when running without ssl, a user submits a form and is able to retrieve a pdf document (they can save or open it) using IE6. But over ssl they would get this error: Internet Explorer cannot download doc.pdf from myhost.com. Internet EXplorer was not able to open this Internet site. The requested site is either unavailable or cannnot be found. Please try again later. This doesn't happen with Mozilla and it would work as expected. Thing is, we've got a *solution* for this when using mod_python and mod_perl...just not with Java/Tomcat. The solution for those were to set special http headers so IE can interpret things correctly: - Pragma = 'nocache' - Expires = 'now' - Cache-Control = 'private' - Content-Length = sizeof(stream) - Content-disposition = 'attachment; filename=doc.pdf' This was done by a co-worker of mine and it worked. I later saw something about setting Cache-Control = public cuz IE won't save private stuff. But even when I explicity setHeader(Cache-Control, public) I still see Cache-Control = private, public. So I have 2 questions: 1. Does anyone know why there are two values even when I explicity call setHeader(..) for the Cache-Control? Is Tomcat silently setting this? The source doesn't seem to have that though... :( 2. Has anyone run into this and solved it? I'd be much more interested in this answer :)) We're using: - Tomcat 4.0.6, via mod_jk to Apache 1.3.x with mod_ssl, on Linux. - Turbine 2.3 framework - JDK 1.4.x. TIA, Daniel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache-tomcat ssl doc download error in IE
Hi, I actually just got this working and the answer is unbelievably bizarre. It all sorta boiled down to the Pragma header. I can't set the pragma header in my servlet and must do it in the Apache httpd.conf like this: Header append Pragma blah And blah could be anything and would still work, it's just the fact that it's set in the Apache httpd.conf! Weird, this isn't scientific, I must be missing something. :) Here's the combo I got it working with: Pragma: no-cache, blah Cache-Control: private Content-Length: sizeof(stream) Content-disposition: attachment; filename=doc.pdf Regards, Daniel On Thu, 5 Feb 2004, Mark W. Webb wrote: I am seeing a very similar problem with Tomcat 4.1.24 and Apache over SSL on Solaris 9. I am using Tomcat4.1.24, JDK 1.4.2 Apache 2.0.48(mod_ssl, mod_jk), OpenSSL 0.9.7c. Everything compiled from source except JDK. Hi, I'm really stumped and hope someone can provide insight :( We got a tomcat server connected behind a an apache web server via mod_jk. when running without ssl, a user submits a form and is able to retrieve a pdf document (they can save or open it) using IE6. But over ssl they would get this error: Internet Explorer cannot download doc.pdf from myhost.com. Internet EXplorer was not able to open this Internet site. The requested site is either unavailable or cannnot be found. Please try again later. This doesn't happen with Mozilla and it would work as expected. Thing is, we've got a *solution* for this when using mod_python and mod_perl...just not with Java/Tomcat. The solution for those were to set special http headers so IE can interpret things correctly: - Pragma = 'nocache' - Expires = 'now' - Cache-Control = 'private' - Content-Length = sizeof(stream) - Content-disposition = 'attachment; filename=doc.pdf' This was done by a co-worker of mine and it worked. I later saw something about setting Cache-Control = public cuz IE won't save private stuff. But even when I explicity setHeader(Cache-Control, public) I still see Cache-Control = private, public. So I have 2 questions: 1. Does anyone know why there are two values even when I explicity call setHeader(..) for the Cache-Control? Is Tomcat silently setting this? The source doesn't seem to have that though... :( 2. Has anyone run into this and solved it? I'd be much more interested in this answer :)) We're using: - Tomcat 4.0.6, via mod_jk to Apache 1.3.x with mod_ssl, on Linux. - Turbine 2.3 framework - JDK 1.4.x. TIA, Daniel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache/Tomcat/SSL vs. Tomcat/SSL
Hi all- I searched through the archives to see if this question has already been = asked and answered. I did not find anything, but forgive me if I missed = the answer. I am wondering what the general consensus is regarding SSL performance = in both Apache and Tomcat. I am interested in deploying Tomcat and my = application requires SSL. I am debating whether I should access Tomcat = through the AJP connector using Apache, thus allowing Apache to handle = all of the SSL traffic or whether it is better to deploy Tomcat in = standalone mode and allow Tomcat to fulfill requests and handle the SSL = traffic. My thought is that since Apache is written in C it may be more efficient = to have Apache handle the SSL. However, I am not sure if the overhead = of the connector would negate any performance benefits gained from = having Apache handle the SSL rather than Tomcat. If performance is the = same or only marginally better with Apache then I am not sure if the = added complexity of having Apache in the equation is warranted. I have = not benchmarked to see if there is actually a performance difference. = Does anyone have an opinion on this or any benchmarks they could share? Thanks, Jeremy ___ Information Systems Manager Document Systems, Inc. 20501 South Avalon Blvd Carson, CA 90746 Phone: 800-649-1362 ext 241 FAX: 800-564-1362 e-mail: [EMAIL PROTECTED] web: www.docmagic.com=20 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache/Tomcat/SSL vs. Tomcat/SSL
My thought is that since Apache is written in C it may be more efficient = to have Apache handle the SSL. However, I am not sure if the overhead = of the connector would negate any performance benefits gained from = having Apache handle the SSL rather than Tomcat. If performance is the = same or only marginally better with Apache then I am not sure if the = added complexity of having Apache in the equation is warranted. I have = not benchmarked to see if there is actually a performance difference. = Does anyone have an opinion on this or any benchmarks they could share? Great question. I've got the same consideration, but without a way to drive lots of SSL transactions from lots of different clients, it's hard to know. SSL has a lot of overhead in setup, but there's some SSL persistence that gives you a benefit for frequent requests that avoid the re-negotations. But I know that consumes memory, so there's no doubt issues related to the number of different concurrent clients using SSL at the same time. Also, OpenSSL (why it's never reached the 1.0 level I can't say since it's been in production for many years!) is probably more mature than the JSSE. And while C code would surely be faster, the server VMs supposedly do a great job on code that's constantly executed as would be the case for the SSL java code. And surely there are real costs associated with the memory and thread/process overhead of running HTTPD on the same computer. Of course, there are some security advantages if the HTTPD runs on one machine with a public IP addr and TOMCAT on an other server using a private IP addr. And the Apache http engine is certainly more mature than Tomcat's, but I don't have any benchmarks or other info to tell me if it's really that much faster, or if either is more secure (after all, Java typically is less vulerable than C code). We're creating an office edition of our flagship Signed Secured enterprise software, and we're trying to simplify systems dramatically, so we'd like to get rid of Apache just for the simplicity of it all. We're even going to buck the no user threads warning for servlet containers since Tomcat allows them and it will make our system even simpler by removing the need for a couple of standalone Java applications and a few batch java applications. I hope others can comment on real stats they've seen. Thanks, David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problems TOMCAT / SSL activation
Title: Message I'm attempting to enable SSL with Tomcat 4 - I'm getting an exception pointing to an issue with JSSE- Caused by: java.lang.NoClassDefFoundError: com/sun/net/ssl/SSLContext I'm using usl0:/opt/IBMJava2-s390-141/bin # ./java -versionjava version "1.4.1"Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1)Classic VM (build 1.4.1, J2RE 1.4.1 IBM build cx390141-20030522 (JIT enabled: jitc))usl0:/opt/IBMJava2-s390-141/bin # On z/Series Linux SuSE 8 and I thought I did not need to install JSSE? HELP? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems TOMCAT / SSL activation
MessageWith TC 4.1.24, IBM's JSSE mostly works. It should work completely on later versions. Shockley, Gerard C [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm attempting to enable SSL with Tomcat 4 - I'm getting an exception pointing to an issue with JSSE- Caused by: java.lang.NoClassDefFoundError: com/sun/net/ssl/SSLContext I'm using usl0:/opt/IBMJava2-s390-141/bin # ./java -version java version 1.4.1 Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1) Classic VM (build 1.4.1, J2RE 1.4.1 IBM build cx390141-20030522 (JIT enabled: jitc)) usl0:/opt/IBMJava2-s390-141/bin # On z/Series Linux SuSE 8 and I thought I did not need to install JSSE? HELP? -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Apache + tomcat +ssl
Edit apache's httpd.conf and ssl.conf to setup Virtual Hosts Edit Tomcat's server.xml to so that the Host name matches the Virtual Host servername inside httpd.conf and ssl.conf. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/jk.html -Original Message- From: Omkar Joshi [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 6:41 AM To: [EMAIL PROTECTED] Subject: Apache + tomcat +ssl can u give me code, how exactly you specify this .../appserver/* Date: Tue, 13 Jan 2004 10:35:08 +0100 From: Spam [EMAIL PROTECTED] Subject: Apache + tomcat +ssl Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi, It should not depend on the port you use to connect to apache. Both http://myserver.com/index.jsp and https://myserver.com/index.jsp should have the same result with no specific configuration. I've configured mod_jk to redirect all .../appserver/* to tomcat. Then whatever I use http://localhost/appserver/* or https://localhost/appserver, it's ok. Regards. Johann DUPUIS Omkar Joshi wrote: Hi, I have apache on linux 9 with ssl set up. also i have set up tomcat amd mod_jk for apache to redirect all jsp to tomcat now as port 80 is open , http://myserver.com:8080/index.jsp http://myserver.com/index.jsp works fine, apache send jsp to tomcat engine but as apache has ssl 443 , opened on the firewall i want https://myserver.com/index.jsp to work. let me know what setting required _ Meet a mate. Find a soulmate. http://www.msn.co.in/Romance/ Or just chat a while. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Gujarat Kite Fest at http://go.msnserver.com/IN/40247.asp www.gujaratkitefest.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache + tomcat +ssl
Hi, Thanks a lot for all the help, it is working fine now. I added *.jsp and *.gif in Jkmount, as ony '*' redirects everything to tomcat. Thanks again _ Get head-hunted by 10,000 recruiters. http://go.msnserver.com/IN/35984.asp Post your CV on naukri.com today. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
BIG PROBLEM // LINUX TOMCAT SSL
Hello, I have encountered a problem using tomcat, linux and ssl. This is my configuration: OS: Redhat7.2 Tomcat: 4.0 Jdk: 1.3.1_07 I have a servlet that does a post https connexion with a certificat client and server. When I execute 200 (or more) this servlet, we can see that the memory increase. After 200 calls consecutive, the memory has increased of 20M and doesn't decrease. After 1000 calls, the server doesn't have enough memory and tomcat crash. I have upgrated the jdk toV1.4.1 and tomcat to V5.0, and have the same problem. I have add tomcat option like -Xmx without succes. When I do this test with Windows2000, the memory increase but decrease after. It seem to be link with linux. Any help will be welcome. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.552 / Virus Database: 344 - Release Date: 15/12/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + tomcat +ssl
I guess if you put the JkMount inside virtual host 172.16.16.10:80 , the JkMount is only valid for port 80. Put JkMount outside any virtual host ... should make it valid for all ports (included port 443). Whatever it looks around httpd.conf misconfiguration. Try this: IfModule mod_jk.c JkLogLeveldebug JkWorkersFile C:/usr/TMS/AppServer/Resource/workers.properties JkLogFileC:/usr/TMS/AppServer/logs/mod_jk.log JkMount/appserver/* ajp13 /IfModule NameVirtualHost 172.16.16.10:80 virtual host 172.16.16.10:80 servername ... . /virtualhost rather than: NameVirtualHost 172.16.16.10:80 virtual host 172.16.16.10:80 servername ... . JkMount ... /virtualhost Omkar Joshi wrote: Yes, I successfully reach static pages (not redirected to tomcat, served directly by apache) from https://myserver.com/, no problem with that also http://myserver.com/index.jspworks fine, problem with https://myserver.com/index.jsp error : Object not found! The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again. If you think this is a server error, please contact the webmaster Error 404 configuration: -- httpd.conf NameVirtualHost 172.16.16.10:80 virtual host 172.16.16.10:80 servername ... . JkMount ... /virtualhost All settings according to http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-howto.html _ Get head-hunted by 10,000 recruiters. http://go.msnserver.com/IN/35984.asp Post your CV on naukri.com today. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache + tomcat +ssl
Ok, https://myserver.com/index.jsp WORKS am able to browse thru all data only problem is it is not showing all the images which i have stored under tomcats web application. _ Send DD, pay no commission. http://server1.msn.co.in/msnleads/suvidha/dec03.asp?type=hottag Click here. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + tomcat +ssl
You don't say if the displaying of images problem is related to port 80, 8080 or 443 (or any combination of these ports). I guess it's ok for port 8080. Try to display one image by using the full URL, example: https://localhost/appserver/myapp/img/viewmag.gif and http://localhost/appserver/myapp/img/viewmag.gif You should get an error, which one? page 404, 500 (from apache), 500 (from tomcat)? Again, first thing to know is if it's a problem related to apache+mod_jk or tomcat problem. Have a look on logs and forward apache / mod_jk / tomcat logs related to these attempts. Without this information, I would try: - check if your JkMount points out a '*' and not a '*.jsp' - check if you have configured no security restrictions inside apache configuration johann DUPUIS Omkar Joshi wrote: Ok, https://myserver.com/index.jsp WORKS am able to browse thru all data only problem is it is not showing all the images which i have stored under tomcats web application. _ Send DD, pay no commission. http://server1.msn.co.in/msnleads/suvidha/dec03.asp?type=hottag Click here. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache + tomcat +ssl
Hi, I have apache on linux 9 with ssl set up. also i have set up tomcat amd mod_jk for apache to redirect all jsp to tomcat now as port 80 is open , http://myserver.com:8080/index.jsp http://myserver.com/index.jsp works fine, apache send jsp to tomcat engine but as apache has ssl 443 , opened on the firewall i want https://myserver.com/index.jsp to work. let me know what setting required _ Meet a mate. Find a soulmate. http://www.msn.co.in/Romance/ Or just chat a while. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + tomcat +ssl
Hi, It should not depend on the port you use to connect to apache. Both http://myserver.com/index.jsp and https://myserver.com/index.jsp should have the same result with no specific configuration. I've configured mod_jk to redirect all .../appserver/* to tomcat. Then whatever I use http://localhost/appserver/* or https://localhost/appserver, it's ok. Regards. Johann DUPUIS Omkar Joshi wrote: Hi, I have apache on linux 9 with ssl set up. also i have set up tomcat amd mod_jk for apache to redirect all jsp to tomcat now as port 80 is open , http://myserver.com:8080/index.jsp http://myserver.com/index.jsp works fine, apache send jsp to tomcat engine but as apache has ssl 443 , opened on the firewall i want https://myserver.com/index.jsp to work. let me know what setting required _ Meet a mate. Find a soulmate. http://www.msn.co.in/Romance/ Or just chat a while. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache + tomcat +ssl
can u give me code, how exactly you specify this .../appserver/* Date: Tue, 13 Jan 2004 10:35:08 +0100 From: Spam [EMAIL PROTECTED] Subject: Apache + tomcat +ssl Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi, It should not depend on the port you use to connect to apache. Both http://myserver.com/index.jsp and https://myserver.com/index.jsp should have the same result with no specific configuration. I've configured mod_jk to redirect all .../appserver/* to tomcat. Then whatever I use http://localhost/appserver/* or https://localhost/appserver, it's ok. Regards. Johann DUPUIS Omkar Joshi wrote: Hi, I have apache on linux 9 with ssl set up. also i have set up tomcat amd mod_jk for apache to redirect all jsp to tomcat now as port 80 is open , http://myserver.com:8080/index.jsp http://myserver.com/index.jsp works fine, apache send jsp to tomcat engine but as apache has ssl 443 , opened on the firewall i want https://myserver.com/index.jsp to work. let me know what setting required _ Meet a mate. Find a soulmate. http://www.msn.co.in/Romance/ Or just chat a while. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Gujarat Kite Fest at http://go.msnserver.com/IN/40247.asp www.gujaratkitefest.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + tomcat +ssl
Please, find below the contents of workers2.properties (mod_jk2): [shm] file=${serverRoot}/logs/shm.file size=1048576 # Define the communication channel [channel.socket:localhost:8009] info=Ajp13 forwarding over socket tomcatId=localhost:8009 # define the worker [ajp13:localhost:8009] channel=channel.socket:localhost:8009 # Map the Tomcat examples webapp to the Web server uri space [uri:/appserver/*] info=Map the whole webapp worker=ajp13:localhost:8009 For mod_jk it looks like this in apache httpd.conf (see JkMount): IfModule mod_jk.c JkLogLeveldebug JkWorkersFile C:/usr/TMS/AppServer/Resource/workers.properties JkLogFileC:/usr/TMS/AppServer/logs/mod_jk.log JkMount/appserver/* ajp13 /IfModule and workers.properties: workers.tomcat_home=C:/usr/CBK2.4/ApplicationServer/catalina workers.java_home=C:/usr/java/j2sdk1.4.0_01 ps=/ worker.list=ajp12, ajp13 # Definition for Ajp13 worker (Ajp12 left to readers imagination) # worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 Hope this could help you. Johann DUPUIS Omkar Joshi wrote: can u give me code, how exactly you specify this .../appserver/* Date: Tue, 13 Jan 2004 10:35:08 +0100 From: Spam [EMAIL PROTECTED] Subject: Apache + tomcat +ssl Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi, It should not depend on the port you use to connect to apache. Both http://myserver.com/index.jsp and https://myserver.com/index.jsp should have the same result with no specific configuration. I've configured mod_jk to redirect all .../appserver/* to tomcat. Then whatever I use http://localhost/appserver/* or https://localhost/appserver, it's ok. Regards. Johann DUPUIS Omkar Joshi wrote: Hi, I have apache on linux 9 with ssl set up. also i have set up tomcat amd mod_jk for apache to redirect all jsp to tomcat now as port 80 is open , http://myserver.com:8080/index.jsp http://myserver.com/index.jsp works fine, apache send jsp to tomcat engine but as apache has ssl 443 , opened on the firewall i want https://myserver.com/index.jsp to work. let me know what setting required _ Meet a mate. Find a soulmate. http://www.msn.co.in/Romance/ Or just chat a while. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Gujarat Kite Fest at http://go.msnserver.com/IN/40247.asp www.gujaratkitefest.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache + tomcat +ssl
Ye, i have the same settings for mod_jk I have now stoped port 80 for apache, so it listens only on port 443 so i added a virtual host entry for port 443, but then apache application doest work _ Games, MMS cards, ringtones. Operator logos, picture messages more. http://server1.msn.co.in/sp03/mobilesms/ Jazz up your mobile! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + tomcat +ssl
Do you mean it's working (both port 80 and 443) when apache is listening to port 80, but not any more since you stopped listening from this port? Whatever you have mentionned you have a firewall? Why don't you block port 80 using firewall and let apache in its standard configuration? Johann DUPUIS Omkar Joshi wrote: Ye, i have the same settings for mod_jk I have now stoped port 80 for apache, so it listens only on port 443 so i added a virtual host entry for port 443, but then apache application doest work _ Games, MMS cards, ringtones. Operator logos, picture messages more. http://server1.msn.co.in/sp03/mobilesms/ Jazz up your mobile! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache + tomcat +ssl
What is happening is, when port 80 and 443 on for apache http://myserver.com/index.jspand http://myserver.com:8080/index.jsp all work fine that means apache forwards the jsp handling to tomcat, but https://myserver.com/index.jsp doesnt work I get Server Error _ Contact brides grooms FREE! http://www.shaadi.com/ptnr.php?ptnr=hmltag Only on www.shaadi.com. Register now! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Apache + tomcat +ssl
This might be a dumb comment, but you do know that Tomcat's HTTPS port is 8443 by default, defined in server.xml, right? And that is only *after* you uncomment that part of the server.xml and do all the other Tomcat SSL setup tasks. I hope this helps. -Original Message- From: ext Omkar Joshi [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 8:03 AM To: [EMAIL PROTECTED] Subject: Apache + tomcat +ssl What is happening is, when port 80 and 443 on for apache http://myserver.com/index.jspand http://myserver.com:8080/index.jsp all work fine that means apache forwards the jsp handling to tomcat, but https://myserver.com/index.jsp doesnt work I get Server Error _ Contact brides grooms FREE! http://www.shaadi.com/ptnr.php?ptnr=hmltag Only on www.shaadi.com. Register now! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + tomcat +ssl
Apache is used to support SSL requests, in this configuration no need for tomcat to know about https. (of course traffic between apache and tomcat is not encrypted) I guess port 8443 is used only when tomcat is stand-alone (or for paranoiac ;-) ). Server Error Is it a message issued by tomcat or by apache? (if issued by tomcat you will probably see tomcat on the page displayed and some logs messages in tomcat logs?). Do you successfully reach static pages (not redirected to tomcat, served directly by apache) from https://myserver.com/ ? I mean the first thing to discard is a pure SSL configuration problem (not related to tomcat, nor mod_jk). (if needed, remove the mod_jk configuration from apache to check that SSL-alone is ok) Could you provide us some hints about your apache configuration, mod_jk configuration and the log files (not the full log please, only the messages related to the request on https://myserver.com/index.jsp ). Johann DUPUIS [EMAIL PROTECTED] wrote: This might be a dumb comment, but you do know that Tomcat's HTTPS port is 8443 by default, defined in server.xml, right? And that is only *after* you uncomment that part of the server.xml and do all the other Tomcat SSL setup tasks. I hope this helps. -Original Message- From: ext Omkar Joshi [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 8:03 AM To: [EMAIL PROTECTED] Subject: Apache + tomcat +ssl What is happening is, when port 80 and 443 on for apache http://myserver.com/index.jspand http://myserver.com:8080/index.jsp all work fine that means apache forwards the jsp handling to tomcat, but https://myserver.com/index.jsp doesnt work I get Server Error _ Contact brides grooms FREE! http://www.shaadi.com/ptnr.php?ptnr=hmltag Only on www.shaadi.com. Register now! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]