SSL Certificate formats, requirements for import into existing keystore
I have a keystore for an application that runs on Tomcat. People here introduced a load balancer (LB) into the mix for this same application and therefore I have to use keytool to import the LB's certificate into the existing keystore. However, the key and the cert are in one file. According to the docs this is not an issue (you can even concatenate them the docs say). So I just ran the keytool command and I continually get an error message: keytool error: java.lang.Exception: Input not an X.509 certificate The IT support folks said that this is the cert that was given to them by the hosting company and that it can be installed successfully on Apache. There is some junk (bag attributes)n the file that I don't' understand. I am used to just seeing -BEGIN CERTIFICATE- END CERTIFICATE- -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- Any suggestions? Thanks. This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.
Re: SSL Certificate formats, requirements for import into existing keystore
There is some junk (bag attributes)n the file that I don't' understand. I am used to just seeing -BEGIN CERTIFICATE- END CERTIFICATE- -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- As far as I know, keytool can only import certificates in PKCS8 format. The junk you mentioned may indicate the key is in SSLeay format. You can use OpenSSL to convert from one format to another. That said, I'm not aware of _any_ method to import a keypair into a keystore using keytool; the private key is inaccessible (with respect to import and export) by design. You should probably determine whether you actually need the private key before proceeding. Sounds like you're doing SSL offloading, but that shouldn't necessarily require using the same keypair on both the LB and endpoint. M - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat is not able to connect to IPV4 (Tomcat Version : 7.0.14)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rohan, On 7/5/2011 12:18 AM, Rohan Kadam wrote: I apologize for the typo made by me. I used only -Djava.net.preferIPv4Stack=true in the java option pane. But it didn't work. Go back and read Konstantin's response. Sounds like you have two options: 1. Use another connector (BIO or NIO) 2. Configure APR to use IPv4 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4UxJUACgkQ9CaO5/Lv0PBpagCfbk2I1OflSti0DwkNzekOH9dG pAAAn0M7VXdoeo3LnMygLDMY4vwVA6/p =8luQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7 applet session problem
Hi All, Web application presently running in the tomcat 6 which has applet in it. In that applet we make a connection to server using URL class and get some data from the server after it loads. In this process we got error after updating to the tomcat 7. The problem is the session between the web application and the applet varies which runs in the same browser tab. Dont know why in tomcat 7 the applet request was considered as separate session but instead in tomcat 6 bot are considered as same session request. Is there any configuration changes for it? Arvind S Many of lifes failure are people who did not realize how close they were to success when they gave up. -Thomas Edison
Need help debugging JSP compilation failure
I install a fresh copy of the latest Tomcat (7.0.16), and deploy my WAR by copying it into Tomcat's webapps/. Then I startup Tomcat and direct my browser to my web app's welcome page --- which is a JSP. The compilation of the JSP fails but with very little information. All I get is the line number of the JSP where something went wrong; I get that in Tomcat's logs/localhost.{date}.log. How can I get more information about what is going wrong? I am running Tomcat on MacOS 10.6.8 on my MacBook Pro (Intel), with $ java -version java version 1.6.0_26 Java(TM) SE Runtime Environment (build 1.6.0_26-b03-384-10M3425) Java HotSpot(TM) 64-Bit Server VM (build 20.1-b02-384, mixed mode) Thanks, Mike Spreitzer
Re: mod_jk restarting during uploads of large files
It seems it is not a mod_jk problem. mod_jk never shuts down Tomcat, but obviously your Tomcat shuts down during processing the request. I would - update Tomcat *and* the service wrapper (jdvc) to the most recent patch update (e.g. Tomcat 5.5.33). - run Tomcat once without the service wrapper to decide, whether the problem comes from the wrapper or from Tomcat respectively your web application. Regards, Rainer On 04.07.2011 18:27, mar...@alt-v.co.uk wrote: Hi I have a problem when uploading files to tomcat through mod_jk. When uploading smaller files (100kb) everything seems to work fine, but when uploading files of about 1.5Mb it seems as if the server is restarting and causing a 503 error. I've tried modifying timeouts in both apache and tomcat, still i get this output on the catalina.err file: (sorry for long log files) 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled 04/07/2011 15:19:32 7210 jsvc.exec error: Service killed by signal 9 Jul 4, 2011 3:19:35 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/local/jdk/jre/lib/i386/client:/usr/local/jdk/jre/lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib Jul 4, 2011 3:19:35 PM org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Jul 4, 2011 3:19:35 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 426 ms Jul 4, 2011 3:19:35 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Jul 4, 2011 3:19:35 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.33 Jul 4, 2011 3:19:35 PM
Re: Need help debugging JSP compilation failure
On 06/07/2011 21:54, Mike Spreitzer wrote: I install a fresh copy of the latest Tomcat (7.0.16), and deploy my WAR by copying it into Tomcat's webapps/. Then I startup Tomcat and direct my browser to my web app's welcome page --- which is a JSP. The compilation of the JSP fails but with very little information. All I get is the line number of the JSP where something went wrong; I get that in Tomcat's logs/localhost.{date}.log. How can I get more information about what is going wrong? What else do you get a line number and what? Did you precompile the JSPs in the app? If not, the work directory contains the .java file from the parsed JSP. p I am running Tomcat on MacOS 10.6.8 on my MacBook Pro (Intel), with $ java -version java version 1.6.0_26 Java(TM) SE Runtime Environment (build 1.6.0_26-b03-384-10M3425) Java HotSpot(TM) 64-Bit Server VM (build 20.1-b02-384, mixed mode) Thanks, Mike Spreitzer signature.asc Description: OpenPGP digital signature
Re: Tomcat 7 applet session problem
On 06/07/2011 21:54, S Arvind wrote: Hi All, Web application presently running in the tomcat 6 which has applet in it. In that applet we make a connection to server using URL class and get some data from the server after it loads. In this process we got error after updating to the tomcat 7. The problem is the session between the web application and the applet varies which runs in the same browser tab. Dont know why in tomcat 7 the applet request was considered as separate session but instead in tomcat 6 bot are considered as same session request. Is there any configuration changes for it? Tomcat 7.0.x and later versions of 6.0.x change the session id after authentication*. You can't rely on the session id remaining the same, the applet will need to check for session id changes in the cookie (or url). p * In order to prevent some session hijacking attacks signature.asc Description: OpenPGP digital signature
Re: Need help debugging JSP compilation failure
I just got a pointer into my original JSP (not the Java version); see copy below. I also looked in my $CATALINA_HOME/work, and found only directories, no files (at any depth) --- see listing below. I did not precompile my JSP. Here is the complaint from logs/localhost.{date}.log: Jul 6, 2011 3:49:36 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet [jsp] in context with path [/rippledriver] threw exception [Unable to compile class for JSP: An error occurred at line: 10 in the jsp file: /index.jsp Unhandled exception type Exception 7: title.../title 8: /head 9: body 10: %!static Driver driver = new RealDriverImpl();% 11: % 12: String p; 13: if (null != (p = request.getParameter(runpause))) Stacktrace:] with root cause org.apache.jasper.JasperException: Unable to compile class for JSP: An error occurred at line: 10 in the jsp file: /index.jsp Unhandled exception type Exception 7: title.../title 8: /head 9: body 10: %!static Driver driver = new RealDriverImpl();% 11: % 12: String p; 13: if (null != (p = request.getParameter(runpause))) Stacktrace: at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:97) at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330) at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:457) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:374) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:352) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:339) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:601) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:344) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:389) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:333) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:301) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:162) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:140) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:680) Here is my futile search for something in work/ (dates don't all match because I shutdown before sending my original complaint, then started up again and reproduced the problem to see if that would give me something to look at; Tomcat is running right now): $ find work -exec ls -ld \{\} \; drwxr-xr-x 3 mspreitz staff 102 Jul 6 15:31 work drwxr-xr-x 3 mspreitz staff 102 Jul 6 15:31 work/Catalina drwxr-xr-x 8 mspreitz staff 272 Jul 6 17:53 work/Catalina/localhost drwxr-xr-x 2 mspreitz staff 68 Jul 6 17:53 work/Catalina/localhost/_ drwxr-xr-x 2 mspreitz staff 68 Jul 6 17:53 work/Catalina/localhost/docs drwxr-xr-x 2 mspreitz staff 68 Jul 6 17:53 work/Catalina/localhost/examples drwxr-xr-x 2 mspreitz staff 68 Jul 6 17:53 work/Catalina/localhost/host-manager drwxr-xr-x 2 mspreitz staff 68 Jul 6 17:53 work/Catalina/localhost/manager drwxr-xr-x 2 mspreitz staff 68 Jul 6 17:53 work/Catalina/localhost/rippledriver Thanks, Mike Spreitzer From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Date: 07/06/2011 05:14 PM Subject:Re: Need help debugging JSP compilation failure On 06/07/2011 21:54, Mike Spreitzer wrote: I install a fresh copy of the latest Tomcat (7.0.16), and deploy my WAR by copying it into Tomcat's webapps/. Then I startup Tomcat and direct my browser
Re: Need help debugging JSP compilation failure
On 06/07/2011 22:59, Mike Spreitzer wrote: I just got a pointer into my original JSP (not the Java version); see copy below. I also looked in my $CATALINA_HOME/work, and found only directories, no files (at any depth) --- see listing below. I did not precompile my JSP. Here is the complaint from logs/localhost.{date}.log: Jul 6, 2011 3:49:36 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet [jsp] in context with path [/rippledriver] threw exception [Unable to compile class for JSP: An error occurred at line: 10 in the jsp file: /index.jsp Unhandled exception type Exception What more information could you possibly want to debug this? The error is Unhandled exception type Exception at line 10 in your JSP. 10: %!static Driver driver = new RealDriverImpl();% And the method signature for the default constructor for RealDriverImpl is what? My money is on: public RealDriverImpl() throws Exception and that is an unhandled exception which is not valid Java. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help debugging JSP compilation failure
Oh, I see, it was a level confusion. I thought I was being told about an Exception in the compilation process rather than in my source. Thanks, Mike Spreitzer
NPE at StandardWrapperValve.invoke() in Tomcat 7.0.16
Hi all, Im using Tomcat 7.0.16 on a system with Java 1.6.0_26 on Windows Serer 2008 and wondered about a strange NPE I got shortly after deploying a webapp to Tomcat: SCHWERWIEGEND: An exception or error occurred in the container during the request processing java.lang.NullPointerException at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:287) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :118) at org.apache.catalina.valves.CrawlerSessionManagerValve.invoke(CrawlerSessionM anagerValve.java:172) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403) at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:284) at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProt ocol.java:146) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java: 1730) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja va:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9 08) at java.lang.Thread.run(Thread.java:662) From looking at Tomcat 7.0.16's source, I can see that line 287 in StandardWrapperValve is inside a catch block: 285 } catch (Throwable e) { 286 ExceptionUtils.handleThrowable(e); 287 container.getLogger().error(sm.getString( 288 standardWrapper.serviceException, wrapper.getName(), 289 context.getName()), e); 290 throwable = e; 291 exception(request, response, e); 292 } So does that mean that another Exception/Error occurred, but was suppressed by that NPE and therefore couldn't be logged? Regards, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Certificate formats, requirements for import into existing keystore
Hi Marvin, Marvin Addison marvin.addi...@gmail.com schrieb: There is some junk (bag attributes)n the file that I don't' understand. I am used to just seeing -BEGIN CERTIFICATE- END CERTIFICATE- -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- As far as I know, keytool can only import certificates in PKCS8 format. The junk you mentioned may indicate the key is in SSLeay format. You can use OpenSSL to convert from one format to another. That said, I'm not aware of _any_ method to import a keypair into a keystore using keytool; the private key is inaccessible (with respect to import and export) by design. I think that restriction is gone. At least my sun jdk 6u12 keytool can import complete pkcs12 files into my Java keystores without a problem. Export works, too. And u12 is really old now. Regards Felix You should probably determine whether you actually need the private key before proceeding. Sounds like you're doing SSL offloading, but that shouldn't necessarily require using the same keypair on both the LB and endpoint. M - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Certificate formats, requirements for import into existing keystore
Peterson, Tommy tommy.peter...@xpandcorp.com schrieb: I have a keystore for an application that runs on Tomcat. People here introduced a load balancer (LB) into the mix for this same application and therefore I have to use keytool to import the LB's certificate into the existing keystore. However, the key and the cert are in one file. According to the docs this is not an issue (you can even concatenate them the docs say). So I just ran the keytool command and I continually get an error message: keytool error: java.lang.Exception: Input not an X.509 certificate The IT support folks said that this is the cert that was given to them by the hosting company and that it can be installed successfully on Apache. There is some junk (bag attributes)n the file that I don't' understand. I am used to just seeing -BEGIN CERTIFICATE- END CERTIFICATE- -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- Any suggestions? Thanks. _ This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version. Hi Tommy, Your file could be a pkcs12 file. Have you tried to use keytool -importkeystore ...? Keytool -help should give you the needed parameters. You need a recent java6 version for this to work. Regards Felix