Re:Why TC 7.0.22 can not response any request?
server.xml snippets. Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=600 minSpareThreads=100 maxIdleTime=6 / Connector executor=tomcatThreadPool port=8081 protocol=HTTP/1.1 connectionTimeout=5000 redirectPort=8444 URIEncoding=UTF-8 maxThreads=600 enableLookups=false acceptCount=200 / At 2012-01-09 17:39:46,孙文 stevensincl...@163.com wrote: Enviroment: jdk 1.6.0_29 64bit solaris 10 TC 7.0.22 every visual machine installed two tc 7.0.22,one 8080 , the other 8081. randomly tomcat can't response any request.but no oom,when use IE.the PID is still there. attachment show something be locked,but why? Maybe someone can help me .
SSL Certificate Update Not Reflected on the Website
Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Thank you very much Conway
Re: SSL Certificate Update Not Reflected on the Website
On 9 Jan 2012, at 10:20, Conway Liu c...@xtra.co.nz wrote: Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Which browser are you using? Some cache Certs and don't reflect the change immediately. Have you tried with a command line tool? p Thank you very much Conway - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL Certificate Update Not Reflected on the Website
Hi Pid, I tried different browsers, and tried different computers. What command line tool are you talking about? Thanks Conway -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Monday, 9 January 2012 11:37 p.m. To: Tomcat Users List Subject: Re: SSL Certificate Update Not Reflected on the Website On 9 Jan 2012, at 10:20, Conway Liu c...@xtra.co.nz wrote: Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Which browser are you using? Some cache Certs and don't reflect the change immediately. Have you tried with a command line tool? p Thank you very much Conway - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Certificate Update Not Reflected on the Website
Conway, On 9.1.2012 11:19, Conway Liu wrote: Does anyone have any suggestion where might be wrong? Do you have anything between your browser and Tomcat? Apache HTTPd, perhaps, or some kind of load balancer with SSL termination? -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache tribes deserialization issues
your workaround is valid I would not expect thread context class loader to work, as the thread for deserializing is the thread from the tribes TCP thread pool On 12/29/2011 5:06 AM, Madhav Bhargava wrote: Hi All, We are using Apache tribes library for presence and inter node communication within an OSGi runtime environment. We have a central node (say node A) receiving messages from other nodes ( say node B, C). The message passed is a custom class which is present as part of the API defined in a separate OSGi bundle. This custom class is Serializable. When a send method is invoked on the GroupChannel to send the custom class message to node A then it throws an exception with the following stack trace: java.lang.ClassNotFoundException: com.sap.nm.NodeSnapshot at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:513) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:429) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:417) at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Unknown Source) at java.io.ObjectInputStream.resolveClass(Unknown Source) at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source) at java.io.ObjectInputStream.readClassDesc(Unknown Source) at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) at java.io.ObjectInputStream.readObject0(Unknown Source) at java.io.ObjectInputStream.readObject(Unknown Source) at org.apache.catalina.tribes.io.XByteBuffer.deserialize(XByteBuffer.java:568) at org.apache.catalina.tribes.io.XByteBuffer.deserialize(XByteBuffer.java:554) at org.apache.catalina.tribes.group.GroupChannel.messageReceived(GroupChannel.java:261) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:84) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:84) at org.apache.catalina.tribes.group.ChannelCoordinator.messageReceived(ChannelCoordinator.java:253) at org.apache.catalina.tribes.transport.ReceiverBase.messageDataReceived(ReceiverBase.java:287) at org.apache.catalina.tribes.transport.nio.NioReplicationTask.drainChannel(NioReplicationTask.java:212) at org.apache.catalina.tribes.transport.nio.NioReplicationTask.run(NioReplicationTask.java:101) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) The problem is that OSGi has a totally different class loading mechanism that what is followed in java/j2ee applications. We looked at the tribes source code and found out that following piece of code is the culprit: Class: XByteBuffer.java public static Serializable deserialize(byte[] data, int offset, int length) throws IOException, ClassNotFoundException, ClassCastException { return deserialize(data,offset,length,null); } Instead of passing null to the ClassLoader[] (last argument), Thread context classloader should have been passed. What is happening is that the tribes is trying to load the class with the tribes class loader and not using the current thread classloader and is therefore not able to find the custom class. A workaround that we have adopted now is to use byte[] and set Channel.SEND_OPTIONS_BYTE_MESSAGE option while sending the message. We then explicitly recreate the object in the ChannelListener in bundle A from the bytes message. This is possible because in GroupChannel byte messages are not deserialized using XByteBuffer. It will great if anyone can investigate this issue. Best Regards, Madhav - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB Connection error
I did change my config.xml to Context antiJARLocking=true path=/myApp Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver maxActive=20 maxIdle=10 maxWait=-1 name=jdbc/myName password=myPassword testOnBorrow=true type=javax.sql.DataSource url=jdbc:oracle:thin:@//localhost:8080/MYDBS username=myUsername validationQuery=SELECT 1 FROM DUAL / /Context And this morning when DB restart I had to restart the tomcat to get connection. What can be other solutions? On 1/3/2012 3:33 PM, Propes, Barry L wrote: I also have the following attributes in mine, for what it's worth. maxIdle=30 maxWait=1 maxActive=10 testOnBorrow=true timeBetweenEvictionRunsMillis=-1 minEvictableIdleTimeMillis=28800 poolPreparedStatements=true removeAbandoned=true removeAbandonedTimeout=300 logAbandoned=false -Original Message- From: Daniel Mikusa [mailto:dmik...@vmware.com] Sent: Tuesday, January 03, 2012 1:10 PM To: Tomcat Users List Subject: Re: DB Connection error On Tue, 2012-01-03 at 10:47 -0800, Chema wrote: But in my application I have context.xml with following Context antiJARLocking=true path=/myApp Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver maxActive=20 maxIdle=10 maxWait=-1 name=jdbc/myName password=myPassword type=javax.sql.DataSource url=jdbc:oracle:thin:@//localhost:8080/MYDBS username=myUsername / /Context Well, you can use validationQuery parameter with SELECT 1 FROM DUAL;. +1 Try adding validationQuery=SELECT 1 FROM DUAL and testOnBorrow=true. When you restart the DB, it's going to disconnect all of the connections in your pool. If you add a validation query and one of the testOn* options (testOnBorrow is my personal favorite) then the pool will catch the bad connections, remove them and assuming your DB is back online, create new ones. Dan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB Connection error
2012/1/9 Anjib Mulepati anji...@hotmail.com: I did change my config.xml to Context antiJARLocking=true path=/myApp Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver maxActive=20 maxIdle=10 maxWait=-1 name=jdbc/myName password=myPassword testOnBorrow=true type=javax.sql.DataSource url=jdbc:oracle:thin:@//localhost:8080/MYDBS username=myUsername validationQuery=SELECT 1 FROM DUAL / /Context Can you attach error trace ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB Connection error
com.anjib.exceptions.ICDAOException: Error in your database. at com.anjib.actions.GetMyListAction.execute(GetMyListAction.java:71) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.RequestDumperValve.invoke(RequestDumperValve.java:151) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:619) Caused by: com.anjib.exceptions.ICDAOException: No more data to read from socket at com.anjib.dao.oracle.Table1DAO.getAll(Table1DAO.java:206) at com.anjib.actions.GetMyListAction.execute(GetMyListAction.java:65) ... 20 more Caused by: java.sql.SQLRecoverableException: No more data to read from socket at oracle.jdbc.driver.T4CMAREngine.unmarshalUB1(T4CMAREngine.java:1142) at oracle.jdbc.driver.T4CMAREngine.unmarshalSB1(T4CMAREngine.java:1099) at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:288) at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:191) at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:523) at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:207) at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:863) at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1153) at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1275) at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1477) at oracle.jdbc.driver.OracleStatementWrapper.executeQuery(OracleStatementWrapper.java:392) at org.apache.tomcat.dbcp.dbcp.DelegatingStatement.executeQuery(DelegatingStatement.java:208) at com.anjib.dao.oracle.Table1DAO.getAll(Table1DAO.java:197) ... 21 more On 1/9/2012 10:33 AM, Chema wrote: 2012/1/9 Anjib Mulepatianji...@hotmail.com: I did change my config.xml to Context antiJARLocking=true path=/myApp Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver maxActive=20 maxIdle=10 maxWait=-1 name=jdbc/myName password=myPassword testOnBorrow=true type=javax.sql.DataSource url=jdbc:oracle:thin:@//localhost:8080/MYDBS username=myUsername validationQuery=SELECT 1 FROM DUAL / /Context Can you attach error trace ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB Connection error
Are you getting any kind of error in the logs? -Original Message- From: Anjib Mulepati [mailto:anji...@hotmail.com] Sent: Monday, January 09, 2012 9:22 AM To: Tomcat Users List Subject: Re: DB Connection error I did change my config.xml to Context antiJARLocking=true path=/myApp Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver maxActive=20 maxIdle=10 maxWait=-1 name=jdbc/myName password=myPassword testOnBorrow=true type=javax.sql.DataSource url=jdbc:oracle:thin:@//localhost:8080/MYDBS username=myUsername validationQuery=SELECT 1 FROM DUAL / /Context And this morning when DB restart I had to restart the tomcat to get connection. What can be other solutions? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB Connection error
I have following log com.anjib.exceptions.DAOException: Error in your database. at com.anjib.actions.GetMyListAction.execute(GetMyListAction.java:71) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:662) Caused by: com.anjib.exceptions.DAOException: Cannot create PoolableConnectionFactory (IO Error: The Network Adapter could not establish the connection) at com.anjib.dao.DAOFactory.createConnection(DAOFactory.java:118) at com.anjib.dao.oracle.Table1DAO.getAll(Table1DAO.java:195) at com.anjib.actions.GetMyListAction.execute(GetMyListAction.java:65) ... 18 more Caused by: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (IO Error: The Network Adapter could not establish the connection) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1225) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880) at com.anjib.dao.DAOFactory.createConnection(DAOFactory.java:116) ... 20 more Caused by: java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:419) at oracle.jdbc.driver.PhysicalConnection.(PhysicalConnection.java:536) at oracle.jdbc.driver.T4CConnection.(T4CConnection.java:228) at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521) at org.apache.tomcat.dbcp.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38) at org.apache.tomcat.dbcp.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:294) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1247) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1221) ... 22 more Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:375) at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:422) at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:678) at oracle.net.ns.NSProtocol.connect(NSProtocol.java:238) at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1054) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:308) ... 30 more Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at oracle.net.nt.TcpNTAdapter.connect(TcpNTAdapter.java:209) at oracle.net.nt.ConnOption.connect(ConnOption.java:123) at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:353) ... 35 more On 1/9/2012 12:03 PM, Propes, Barry L wrote: Are you getting any kind of error in the logs? -Original Message- From: Anjib Mulepati [mailto:anji...@hotmail.com] Sent: Monday, January 09, 2012 9:22 AM To: Tomcat Users List Subject: Re: DB Connection error I did change my config.xml to Context antiJARLocking=true path=/myApp Resource auth=Container
Re: DB Connection error
Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:375) at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:422) at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:678) at oracle.net.ns.NSProtocol.connect(NSProtocol.java:238) at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1054) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:308) ... 30 more Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at oracle.net.nt.TcpNTAdapter.connect(TcpNTAdapter.java:209) at oracle.net.nt.ConnOption.connect(ConnOption.java:123) at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:353) ... 35 more I see that database is on the same machine than Tomcat , right ? It's important, for me at least , to know if this error Caused by: java.net.ConnectException: Connection refused: connect occurs while restarting database server or just after that ? One question : after restarting database , can you make a telnet to localhost:8080 from the same machine ? By the way, 8080 is a curious port for a database ...is it the real port for listening incoming connections ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB Connection error
I think some Oracle desktop installations, like Oracle XE, come with 8080 as the out-of-the-box default port. -Original Message- From: Chema [mailto:demablo...@gmail.com] Sent: Monday, January 09, 2012 12:03 PM To: Tomcat Users List Subject: Re: DB Connection error Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:375) at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:422) at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:678) at oracle.net.ns.NSProtocol.connect(NSProtocol.java:238) at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1054) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:308) ... 30 more Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at oracle.net.nt.TcpNTAdapter.connect(TcpNTAdapter.java:209) at oracle.net.nt.ConnOption.connect(ConnOption.java:123) at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:353) ... 35 more I see that database is on the same machine than Tomcat , right ? It's important, for me at least , to know if this error Caused by: java.net.ConnectException: Connection refused: connect occurs while restarting database server or just after that ? One question : after restarting database , can you make a telnet to localhost:8080 from the same machine ? By the way, 8080 is a curious port for a database ...is it the real port for listening incoming connections ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
Hiya, I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere, but not sure where - possibly catalina.policy? Can anyone help?? Here's the error from the log file: 09-Jan-2012 17:33:34 org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet [Manager] in context with path [/manager] threw exception [Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags] with root cause java.lang.NoClassDefFoundError: Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags at org.netbeans.modules.schema2beans.DOMBinding.register(DOMBinding.java:166) at org.netbeans.modules.schema2beans.BeanProp.registerDomNode(BeanProp.java:1809) at org.netbeans.modules.schema2beans.GraphManager.createRootBinding(GraphManager.java:232) at org.netbeans.modules.schema2beans.BaseBean.createRoot(BaseBean.java:288) at org.netbeans.modules.web.monitor.data.MonitorData.init(MonitorData.java:98) at org.netbeans.modules.web.monitor.data.MonitorData.init(MonitorData.java:75) at org.netbeans.modules.web.monitor.data.MonitorData.init(MonitorData.java:71) at org.netbeans.modules.web.monitor.server.MonitorFilter.setupDataRecord(MonitorFilter.java:484) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:331) at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:245) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108) at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:245) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at
Re: SSL Configuration Errors
Christopher Schultz ch...@christopherschultz.net wrote on 01/06/2012 05:20:12 PM: From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Date: 01/06/2012 05:20 PM Subject: Re: SSL Configuration Errors -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, On 1/6/12 2:56 PM, Justin Larose wrote: This Tomcat environment was setup long before I worked here, so I am just upgrading from an older version to 7.0.23 and trying to not use a self signed certificate. It's important for you to know if your app actually requires client authentication. Since your Connector says clientAuth=true, it means that all clients must present a valid certificate in order to connect. I actually removed the clientAuth=true statement and I can still access the application with the self signed cert. I have asked the application developers if this is required. I can get the sample-ssl.jks to work with the below connector port information. But when I edit the connector ports to add the new wcmdev-ssl.jks and imported Certificate(s) I received from the CSR I get the error, java.io.IOException: Alias name tomcat does not identify a key entry What do you get if you run this command: $ keytool -list -keystore conf/sample-ssl.jks I cannot run the keytool command from the Tomcat home directory. What I have been doing is making a copy of the .jks and dropping them into the java home/bin directory and running the keytool -list from there. But here is what it looks like from java_home Weird because it is an alias. Is it looking for tomcat as the actual entry name or alias? Your certificate needs to have the alias tomcat. I did import my cert with the alias tomcat. You can see that in the screenshot here: It seems like it is not reading the keystore properly. Should I just create a new CSR from the sample-ssl.jks keystore? That shouldn't be necessary. You may have to re-import your certificate, though. I have used the keytool to delete all 3 certs (root, intermediate and primary) and readd them many times. I even just tried only the Primary cert with the alias tomcat as the only cert. But the log shows same error: SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: Alias name tomcat does not identify a key entry - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8Hc5wACgkQ9CaO5/Lv0PC9LwCcDOxPQ9G8PY6WQAcUq/6zDvjR CU4AoLsvEq++7v0Ml5+A+XjRPilsKA9p =6XzB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, On 1/9/12 2:24 PM, Justin Larose wrote: I did import my cert with the alias tomcat. You can see that in the screenshot here: This list strips non-text attachments. I have used the keytool to delete all 3 certs (root, intermediate and primary) and readd them many times. I even just tried only the Primary cert with the alias tomcat as the only cert. But the log shows same error: SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: Alias name tomcat does not identify a key entry When you created your key to create the CSR, did you use tomcat as the alias for *that* as well? Looks like it can't find a *key*, not a *cert*. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8LQQkACgkQ9CaO5/Lv0PAEWgCZATL6UwEj2nOs6dvEVUJFW8GV 5A8An0yMRLdNH8HZjkuO3yZIG2KGQAWm =TJbX -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
2012/1/9 ja...@mobilewebexpert.co.uk: Hiya, I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere, Have you read the docs? but not sure where - possibly catalina.policy? That file is not used by Tomcat but by Java runtime. So whether it is used depends on what command was used to launch the JVM. The catalina.bat/catalina.sh files use conf/catalina.policy by default. If you use something else then you are on your own to configure it properly. Can anyone help?? Here's the error from the log file: 09-Jan-2012 17:33:34 org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet [Manager] in context with path [/manager] threw exception [Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags] with root cause java.lang.NoClassDefFoundError: Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags (...) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Certificate Update Not Reflected on the Website
On 09/01/2012 10:44, Conway Liu wrote: Hi Pid, I tried different browsers, and tried different computers. What command line tool are you talking about? Something like: curl or openssl p Thanks Conway -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Monday, 9 January 2012 11:37 p.m. To: Tomcat Users List Subject: Re: SSL Certificate Update Not Reflected on the Website On 9 Jan 2012, at 10:20, Conway Liu c...@xtra.co.nz wrote: Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Which browser are you using? Some cache Certs and don't reflect the change immediately. Have you tried with a command line tool? p Thank you very much Conway - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Why TC 7.0.22 can not response any request?
On 09/01/2012 09:38, 孙文 wrote: Enviroment: jdk 1.6.0_29 64bit solaris 10 TC 7.0.22 every visual machine installed two tc 7.0.22,one 8080 , the other 8081. randomly tomcat can't response any request.but no oom,when use IE.the PID is still there. attachment show something be locked,but why? Maybe someone can help me . Please downgrade to 7.0.21 and repeat your test. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: SSL Configuration Errors
Chris, This list strips non-text attachments. I will sent it in text format next time. I have used the keytool to delete all 3 certs (root, intermediate and primary) and readd them many times. I even just tried only the Primary cert with the alias tomcat as the only cert. But the log shows same error: SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: Alias name tomcat does not identify a key entry When you created your key to create the CSR, did you use tomcat as the alias for *that* as well? Looks like it can't find a *key*, not a *cert*. I was just looking at that. When I had the 2 list entries and the error log side by side I noticed the error says, Alias name tomcat does not identify a key entry And when I look at the self signed cert it is listed as a PrivateKeyEntry but on my imported cert it is listed as a trustedCertEntry This seems to be the problem. How do I set my imported cert as a key entry or get Tomcat to read it as a CertEntry? Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: DB Connection error
2012/1/9 Propes, Barry L barry.l.pro...@citi.com: I think some Oracle desktop installations, like Oracle XE, come with 8080 as the out-of-the-box default port. AFAIK 8080 was used by Oracle XE for its web-based management console. Using it as a database URL is something new. I'd expect 1521 there. By the way, using infinite timeout on the pool (maxWait=-1) is a bad option. I would recommend something more realistic. -Original Message- From: Chema [mailto:demablo...@gmail.com] Sent: Monday, January 09, 2012 12:03 PM To: Tomcat Users List Subject: Re: DB Connection error Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:375) at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:422) at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:678) at oracle.net.ns.NSProtocol.connect(NSProtocol.java:238) at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1054) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:308) ... 30 more Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at oracle.net.nt.TcpNTAdapter.connect(TcpNTAdapter.java:209) at oracle.net.nt.ConnOption.connect(ConnOption.java:123) at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:353) ... 35 more I see that database is on the same machine than Tomcat , right ? It's important, for me at least , to know if this error Caused by: java.net.ConnectException: Connection refused: connect occurs while restarting database server or just after that ? One question : after restarting database , can you make a telnet to localhost:8080 from the same machine ? By the way, 8080 is a curious port for a database ...is it the real port for listening incoming connections ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB Connection error
Oh ok, thanks for the clarification. -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Monday, January 09, 2012 1:51 PM To: Tomcat Users List Subject: Re: DB Connection error 2012/1/9 Propes, Barry L barry.l.pro...@citi.com: I think some Oracle desktop installations, like Oracle XE, come with 8080 as the out-of-the-box default port. AFAIK 8080 was used by Oracle XE for its web-based management console. Using it as a database URL is something new. I'd expect 1521 there. By the way, using infinite timeout on the pool (maxWait=-1) is a bad option. I would recommend something more realistic. -Original Message- From: Chema [mailto:demablo...@gmail.com] Sent: Monday, January 09, 2012 12:03 PM To: Tomcat Users List Subject: Re: DB Connection error Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:375) at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:422) at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:678) at oracle.net.ns.NSProtocol.connect(NSProtocol.java:238) at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1054) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:308) ... 30 more Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at oracle.net.nt.TcpNTAdapter.connect(TcpNTAdapter.java:209) at oracle.net.nt.ConnOption.connect(ConnOption.java:123) at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:353) ... 35 more I see that database is on the same machine than Tomcat , right ? It's important, for me at least , to know if this error Caused by: java.net.ConnectException: Connection refused: connect occurs while restarting database server or just after that ? One question : after restarting database , can you make a telnet to localhost:8080 from the same machine ? By the way, 8080 is a curious port for a database ...is it the real port for listening incoming connections ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7 SSL activation on AS/400?
I'm attempting to bring up SSL support in Tomcat 7, on an AS/400 (V6R1). Tomcat itself runs nicely, but following the instructions on http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html I am consistently getting: SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]] Throwable occurred: org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:573) at org.apache.catalina.startup.Catalina.load(Catalina.java:598) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:939) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... 12 more Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at com.ibm.crypto.provider.JavaKeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:414) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:407) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:306) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:565) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158) at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:369) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:553) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:369) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:937) ... 13 more Caused by: java.security.UnrecoverableKeyException: Password verification failed ... 26 more I've tried it with the default keystore name, location, and passwords; I've tried it with an explicit name, location, and both key and keystore paswords. The above exceptions are thrown consistently, except for one occasion when the keystore simply didn't exist where expected. -- James H. H. Lampert - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 SSL activation on AS/400?
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect Well, I don't know what is the problem. I followed these steps and it worked : http://blog.frankel.ch/ssl-your-tomcat-7 Other option is HTTP Connector in your server.xml is incorrectly configured - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Configuration Errors
Justin, On 9.1.2012 20:40, Justin Larose wrote: This seems to be the problem. How do I set my imported cert as a key entry or get Tomcat to read it as a CertEntry? You must use the same keystore and same alias when you: 1. generate key, 2. generate csr, 3. import certificate. Example: keytool -genkey ... -keystore xxx.jks -alias yyy keytool -certreq ... -keystore xxx.jks -alias yyy and later keytool -import -trustcacerts ... -keystore xxx.jks -alias yyy Same keystore, same alias in all three invocations of keytool. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 SSL activation on AS/400?
Can you successfully run this command: keytool -list -keystore {path/to/your/keystore/file} -storepass {passwd-in-server.xml} If so, perhaps it's a character encoding issue? Don't remember if AS/400 uses EBCDIC as its default character set. On Mon, 2012-01-09 at 14:42 -0800, James Lampert wrote: I'm attempting to bring up SSL support in Tomcat 7, on an AS/400 (V6R1). Tomcat itself runs nicely, but following the instructions on http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html I am consistently getting: SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]] Throwable occurred: org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:573) at org.apache.catalina.startup.Catalina.load(Catalina.java:598) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:939) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... 12 more Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at com.ibm.crypto.provider.JavaKeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:414) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:407) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:306) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:565) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158) at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:369) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:553) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:369) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:937) ... 13 more Caused by: java.security.UnrecoverableKeyException: Password verification failed ... 26 more I've tried it with the default keystore name, location, and passwords; I've tried it with an explicit name, location, and both key and keystore paswords. The above exceptions are thrown consistently, except for one occasion when the keystore simply didn't exist where expected. -- James H.
Re: Tomcat 7 SSL activation on AS/400? (Cross-posted to JAVA400)
Tim Watts (from the Tomcat Users List) wrote: Can you successfully run this command: keytool -list -keystore {path/to/your/keystore/file} -storepass {passwd-in-server.xml} It gives the same error message. And yes, EBCDIC is the default encoding for AS/400s. The attributes on /foo show that it has a CCSID of 819, though, which (if my memory and the IBM docs are correct) is ASCII. Here's a QShell transcript from a test I ran specifically so that I could post everything without betraying any passwords: keytool -genkey -alias foo -keyalg RSA -keystore /foo Enter keystore password: bar What is your first and last name? [Unknown]: James Lampert What is the name of your organizational unit? [Unknown]: Development Lab What is the name of your organization? [Unknown]: Touchtone Corporation What is the name of your City or Locality? [Unknown]: Costa Mesa What is the name of your State or Province? [Unknown]: California What is the two-letter country code for this unit? [Unknown]: US Is CN=James Lampert , OU=Development Lab , O=Touchtone Corporation , L=Costa Mesa , ST=California , C=US correct? (type yes or no) [no]: yes Enter key password for foo: (RETURN if same as keystore password): bar $ keytool -list -keystore /foo -storepass bar keytool error (likely untranslated): java.io.IOException: Keystore was tampered with, or password was incorrect $ Another thought occurred to me: Could the trailing blanks shown in the confirmation message have anything to do with the problem? -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Endorsed directory classloader
Hi- I've got single Tomcat instance with 10 different webapps deployed. I'm in the process of converting the webapps logging from using Tomcat's JULI via java.util.logging to SLF4J, initally backed by log4j. I've run into a classloader problem due to my usage of the endorsed/ directory: we place 2 jars in the endorsed/ dir so that the classes contained within are shared across webapps. However, now that these classes depends on SLF4J class initialization fails since the SLF4J classes are not found on the classpath. I have attempted to put the required jars in: ${catalina.base}/lib, ${catalina.home}/lib and the endorsed/ directory itself, and each time the dependent classes fail to load due to an inability to locate the org.slf4j classes. What do you recommend I do to make the slf4j jars available to the classes within the endorsed/ directory? Thank you, Ryan
Tomcat 7 service not starting
Hello - I use Tomcat with the Business Intelligence Web Application InetSoft. I am in the process of upgrading our development server to their latest version (11.2). I also upgraded Java from 1.6.0_20 to 1.6.0_30. The upgrade procedure for InetSoft is to replace a couple of jar files, which I have done. But now Tomcat is no longer starting up. I get an Error 1067. The process terminated unexpectedly. Can anyone provide any guidance on where to look for why this is no longer starting up? Debbie Shapiro Data Warehouse Manager Cardiac Science Office: 425.402.2233 Visit us at www.cardiacscience.comhttp://www.cardiacscience.com/ Suppliers of Cardiac Science, Criticare, Unetixs, Powerheart, Burdick, and Quinton products Part of the Opto Circuits Family
Re: Tomcat 7 SSL activation on AS/400? (Cross-posted to JAVA400)
On Mon, 2012-01-09 at 15:55 -0800, James Lampert wrote: Tim Watts (from the Tomcat Users List) wrote: Can you successfully run this command: keytool -list -keystore {path/to/your/keystore/file} -storepass {passwd-in-server.xml} It gives the same error message. And yes, EBCDIC is the default encoding for AS/400s. The attributes on /foo show that it has a CCSID of 819, though, which (if my memory and the IBM docs are correct) is ASCII. Here's a QShell transcript from a test I ran specifically so that I could post everything without betraying any passwords: keytool -genkey -alias foo -keyalg RSA -keystore /foo Enter keystore password: bar What is your first and last name? [Unknown]: James Lampert What is the name of your organizational unit? [Unknown]: Development Lab What is the name of your organization? [Unknown]: Touchtone Corporation What is the name of your City or Locality? [Unknown]: Costa Mesa What is the name of your State or Province? [Unknown]: California What is the two-letter country code for this unit? [Unknown]: US Is CN=James Lampert , OU=Development Lab , O=Touchtone Corporation , L=Costa Mesa , ST=California , C=US correct? (type yes or no) [no]: yes Enter key password for foo: (RETURN if same as keystore password): bar $ keytool -list -keystore /foo -storepass bar keytool error (likely untranslated): java.io.IOException: Keystore was tampered with, or password was incorrect $ Another thought occurred to me: Could the trailing blanks shown in the confirmation message have anything to do with the problem? That's a possibility if it's padding the passwords as well. I'm not an AS/400 expert by any means. Is /foo a preallocated file and if so could the problem be with the way it was allocated? Perhaps what's encrypted in the file was ASCII but the keystrokes in your shell (and chars in server.xml file) are EBCDIC? -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: This is a digitally signed message part
RE: Tomcat 7 service not starting
Hi, are you able to see the log files in the log folder? Conway -Original Message- From: Debbie Shapiro [mailto:dshap...@cardiacscience.com] Sent: Tuesday, 10 January 2012 2:17 p.m. To: users@tomcat.apache.org Subject: Tomcat 7 service not starting Hello - I use Tomcat with the Business Intelligence Web Application InetSoft. I am in the process of upgrading our development server to their latest version (11.2). I also upgraded Java from 1.6.0_20 to 1.6.0_30. The upgrade procedure for InetSoft is to replace a couple of jar files, which I have done. But now Tomcat is no longer starting up. I get an Error 1067. The process terminated unexpectedly. Can anyone provide any guidance on where to look for why this is no longer starting up? Debbie Shapiro Data Warehouse Manager Cardiac Science Office: 425.402.2233 Visit us at www.cardiacscience.comhttp://www.cardiacscience.com/ Suppliers of Cardiac Science, Criticare, Unetixs, Powerheart, Burdick, and Quinton products Part of the Opto Circuits Family This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7 service not starting
From: Debbie Shapiro [mailto:dshap...@cardiacscience.com] Subject: Tomcat 7 service not starting I also upgraded Java from 1.6.0_20 to 1.6.0_30. Did you also perhaps change from a 32-bit to a 64-bit JVM (or vice-versa)? The mode of the JVM must match the mode of the Tomcat service wrapper (tomcat7.exe). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 service not starting
2012/1/10 Caldarale, Charles R chuck.caldar...@unisys.com: From: Debbie Shapiro [mailto:dshap...@cardiacscience.com] Subject: Tomcat 7 service not starting I also upgraded Java from 1.6.0_20 to 1.6.0_30. Did you also perhaps change from a 32-bit to a 64-bit JVM (or vice-versa)? The mode of the JVM must match the mode of the Tomcat service wrapper (tomcat7.exe). Are you using JRE or JDK? If JRE then OK, as its path is always the same. If JDK then you must update service configuration to use the new version of JDK. What jar files did you replace? I'd also replace tomcat7.exe and tomcat7w.exe, review configuration changes [1] and clear all files from work directory. Do you use tc-native DLL? What OS it is? [1] http://tomcat.apache.org/migration.html Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL Certificate Update Not Reflected on the Website
Thanks Pid. The problem was actually due to the network admin had to also update the proxy server. Only if he responds quicker to my emails and calls Regards Conway -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Tuesday, 10 January 2012 8:36 a.m. To: Tomcat Users List Subject: Re: SSL Certificate Update Not Reflected on the Website On 09/01/2012 10:44, Conway Liu wrote: Hi Pid, I tried different browsers, and tried different computers. What command line tool are you talking about? Something like: curl or openssl p Thanks Conway -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Monday, 9 January 2012 11:37 p.m. To: Tomcat Users List Subject: Re: SSL Certificate Update Not Reflected on the Website On 9 Jan 2012, at 10:20, Conway Liu c...@xtra.co.nz wrote: Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Which browser are you using? Some cache Certs and don't reflect the change immediately. Have you tried with a command line tool? p Thank you very much Conway - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB Connection error
Hi Anjib Port 8080 looks very odd. For an Oracle XE database, this is an HTTP connection to the database admin console, but you need a TNS connection direct to the database. Try telnet localhost 1521 from the command line. If this connects, you probably have a standard Oracle database on its default port. I would expect something like url=jdbc:oracle:thin:@localhost:1521/XE to connect to a local XE installation (the only supported schema name is XE). This works fine on my local installation. Else url=jdbc:oracle:thin:@localhost:1521/MYDBS if you have a full local Oracle installation and MYDBS is the schema name. Note that the double slashes have gone in the URL. You will also need to put a copy of ojdb6.jar in the Tomcat shared libs directory. You can easily test the connection string by using a simple SQL client like SQuirrel SQL. Hope that helps. Regards Ron - Original Message - From: Anjib Mulepati anji...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, January 04, 2012 7:26 AM Subject: Re: DB Connection error On 1/3/2012 1:12 PM, Chema wrote: 2012/1/3 Anjib Mulepatianji...@hotmail.com: Hi All, One simple question If I have JINDI configuration in my application will my application reconnect to the DB whenever my DB gets restart. I am having DB connection problem every Monday since our DB get restarted on weekends which we don't have control of. I am using Tomcat 6.0.20 Hi: can you attach yourResource/ element in server.xml file ( except sensible data )? I haven't change anythign in server.xml so i have default in it GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources But in my application I have context.xml with following Context antiJARLocking=true path=/myApp Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver maxActive=20 maxIdle=10 maxWait=-1 name=jdbc/myName password=myPassword type=javax.sql.DataSource url=jdbc:oracle:thin:@//localhost:8080/MYDBS username=myUsername / /Context - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org