Trouble using SSL with Tomcat 9

[Don Flinn]

I'm trying to use a self signed certificate generated in keytool.  When I
run the application Chrome, Firefox and internet Explorer using
localhost:8080/ all the browsers do a redirect to localhost:8443 and
then return This site can’t be reachedL*ocalhost* refused to connect.
There is no red lined out protocol in any of the browsers.  All the Tomcat
logs show no errors or warnings.  I can access applications that are not
protected and tomcat itself. If I set 
CONFIDENTIAL to NONE everything works with
localhost:8080.

My SSL files in tomcat -

*server.xml -*

Connector
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="c:/temp/mkeystore2.jks" keystorePass="foobar"
secure="true" sslProtocol="TLS" clientAuth="false" />

*web.xml -*



Financials
/*


CONFIDENTIAL



*the output from my keystore  list -*

C:\Users\don\Documents\Mansurus\Security> "%java_home%/bin/keytool.exe"
-list  -v -keystore c:/temp/mkeystore2.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: tomcat
Creation date: Sep 23, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Serial number: 6b5fe428
Valid from: Sat Sep 23 12:57:19 EDT 2017 until: Sun Sep 23 12:57:19 EDT 2018
Certificate fingerprints:
 MD5:  11:9D:2C:50:4A:09:9D:17:2F:46:3C:AF:AF:E5:59:EE
 SHA1: 63:EF:21:21:3C:22:82:46:21:84:9C:81:C6:B0:C1:EC:0F:1C:87:31
 SHA256:
4E:75:D6:6A:6C:23:84:E0:36:AF:CF:1E:56:7D:18:6E:A1:BE:E5:EE:0B:E5:7B:2A:01:96:DF:49:CA:F1:50:C7
 Signature algorithm name: SHA256withRSA
 Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
: 46 C9 48 D4 54 2A 54 CE   24 1F 22 ED 1D FC 6E 14  F.H.T*T.$."...n.
0010: BE 6F 4A 49.oJI
]
]

What am I doing wrong?  I want to get a self-signed keystore working before
I purchase a commercial certificate.

Don

Re: tomcat7 eol date?

[Mark Thomas]

On 23/09/17 13:15, Alex O'Ree wrote:
> Is there an approximate or estimated date in which ASF will stop
> supporting patches for Tomcat7?

Best guess that is at least two to three years away.

> I'm assuming that the tomcat major versions are tied to oracle's
> support for the JRE, which implies that when oracle stops supporting
> JRE7 that tomcat7 support will stop around the same time. Is that more
> or less accurate?

No.

Tomcat major versions are tied to Java EE versions and we currently
support 3 versions in parallel.

Java EE 8 -> Tomcat 9
Java EE 7 -> Tomcat 8
Java EE 6 -> Tomcat 7

Prior to Oracle's announcement of the Java EE donation to Eclipse, my
answer would have been:

Tomcat 10 will support Java EE 9. Once the release date for Java EE 9
looks fairly certain, we'll announce EOL for Tomcat 7. We will give at
least 12 months notice.

Oracle's donation of Java EE to Eclipse the name of what Tomcat 10 will
support is uncertain at this point. Timing wise things are also
uncertain at this point. Based on previous Java EE timescales, at least
2-3 years looks likely.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: publishing tomcat server as maven artifact

[Mark Thomas]

On 23/09/17 12:50, Alex O'Ree wrote:
> They weren't, other than that releases were happening at some point.
> 
> Ahh sorry you're right. What about the other variants, such as the
> windows x64 builds with the service wrappers?

The Tomcat Native binaries aren't in Maven Central at the moment. Adding
them is doable. It probably just needs a Maven upload script added to
the Native build. The one used for Tomcat is probably a good starting point.

Mark


> 
> On Sat, Sep 23, 2017 at 4:05 AM, Mark Thomas  wrote:
>> On 23/09/17 02:27, Alex O'Ree wrote:
>>> In light of the recent security issues, has the tomcat dev's ever
>>> consider publishing the tomcat server as a maven artifact?
>>
>> How are those two related?
>>
>>> I just tomcat as a base server for Apache jUDDI and for several other
>>> projects whereby I create preconfigured tomcat instance. It's also
>>> super useful for integration testing. Anyhow, just food for thought
>>
>> The Tomcat community has been doing that for years:
>>
>> https://search.maven.org/#search%7Cga%7C1%7Corg.apache.tomcat
>>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat7 eol date?

[Alex O'Ree]

Is there an approximate or estimated date in which ASF will stop
supporting patches for Tomcat7?

I'm assuming that the tomcat major versions are tied to oracle's
support for the JRE, which implies that when oracle stops supporting
JRE7 that tomcat7 support will stop around the same time. Is that more
or less accurate?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: publishing tomcat server as maven artifact

[Alex O'Ree]

They weren't, other than that releases were happening at some point.

Ahh sorry you're right. What about the other variants, such as the
windows x64 builds with the service wrappers?

On Sat, Sep 23, 2017 at 4:05 AM, Mark Thomas  wrote:
> On 23/09/17 02:27, Alex O'Ree wrote:
>> In light of the recent security issues, has the tomcat dev's ever
>> consider publishing the tomcat server as a maven artifact?
>
> How are those two related?
>
>> I just tomcat as a base server for Apache jUDDI and for several other
>> projects whereby I create preconfigured tomcat instance. It's also
>> super useful for integration testing. Anyhow, just food for thought
>
> The Tomcat community has been doing that for years:
>
> https://search.maven.org/#search%7Cga%7C1%7Corg.apache.tomcat
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: publishing tomcat server as maven artifact

[Mark Thomas]

On 23/09/17 02:27, Alex O'Ree wrote:
> In light of the recent security issues, has the tomcat dev's ever
> consider publishing the tomcat server as a maven artifact?

How are those two related?

> I just tomcat as a base server for Apache jUDDI and for several other
> projects whereby I create preconfigured tomcat instance. It's also
> super useful for integration testing. Anyhow, just food for thought

The Tomcat community has been doing that for years:

https://search.maven.org/#search%7Cga%7C1%7Corg.apache.tomcat

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Fw: Re: Help needed - JPA probem - No connection specified with project

[Karen Goh]

Hi all,

I'd like to add that I did not add EclipseLink cos I learnt that you cannot mix 
Hibernate with EclipseLink.

Tks & rgds,
Karen

--- On Sat, 9/23/17, Karen Goh  wrote:

> From: Karen Goh 
> Subject: Re: Help needed - JPA probem - No connection specified with project
> To: "Tomcat Users List" , knst.koli...@gmail.com
> Date: Saturday, September 23, 2017, 1:03 PM
> Hi all,
> 
> My apologies, my Tomcat server version
> is Apache Tomcat 8.0.29 Server.
> The JDK is 1.8
> 
> Hope to get some advice what went wrong
> in regards to the No connection specified with project.
> 
> Tks & rgds,
> Karen
> 
> On Fri, 9/22/17, Konstantin Kolinko
> 
> wrote:
> 
>  Subject: Re: Help needed - JPA probem
> - No connection specified with project
>  To: "Tomcat Users List" ,
> "Karen Goh" 
>  Date: Friday, September 22, 2017,
> 10:00 PM
>  
>  2017-09-22 13:35 GMT+03:00 Karen
>  Goh :
>  > Hi expert,
>  >
>  > I have been trying very hard to
> nail the
>  above problem including asking various
> forums like
>  CodeRanch, dream in code etc but to no
> avail.
>  >
>  > As such, I am hoping
>  to get help from the Apache Tomcat
> user support.
>  >
>  > Tools and setting :
>  Eclipse Mars, Tomcat 1.8, MySQL, OS :
> Windows 7, Maven, Java
>  JPA with Hibernate framework 5.1.0
>  
>  There is no such version as "Tomcat
>  1.8". I assume that you meant some
>  version of Tomcat 8.0.x.
>  
>  
>  > The MySQL setting is
>  confirmed correct, as I have managed
> to insert the data via
>  single JDBC connection.
>  >
>  > Project summary : J2ee servlet
> with JSP,
>  Java JPA in Hibernate framework.
> (Hibernate is for pure
>  insertion of data - many to many
> relationship)
>  >
>  > My purpose is to get
>  the JNDI datasource working but till
> now I can't just
>  get it work.
>  >
>  >
>  Here's my context.xml :
>  >
>  >   encoding="UTF-8"?>
>  >
>   docBase="Hi5S"
>  crossContext="true" reloadable="true"
>  antiResourceLocking="true"
>  debug="1">
>  >
>name="jdbc/hi5"
>  type="javax.sql.DataSource"/>
>  > 
>  >   
>   name="jdbc/hi5"
>  >    
>  auth="Container"
>  >    
>  type="javax.sql.DataSource"
>  > 
>     maxTotal="8"
>  >    
>  maxActive="100"
>  >    
>  maxIdle="30"
>  >    
>  maxWait="-1"
>  >    
>  username="root"
>  >    
>  singleton="true"
>  >    
>  override="true"
>  >    
> 
> factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
>  >     password="password"
>  >      
>  alternateUsernameAllowed="true"
>  >    
> 
> driverClassName="com.mysql.jdbc.Driver"
>  >    
>  url="jdbc:mysql://localhost:3306/hi5"
> />
>  >   
>  >   
>  
>  The META-INF/context.xml file of a
> web
>  application must have only one
>  of
>  
> elements with the same value
>  of "name"
>  attribute.
>  
>  
>  If you have a
>  ResourceLink in context.xml, it means
> that your Resource
>  element must go into
> GlobalNamingResources
>  element of conf/server.xml
>  file.
>  http://tomcat.apache.org/tomcat-8.5-doc/config/globalresources.html
>  
>  
>  BTW, you
>  should not modify conf/context.xml
> file. It is the
>  defaults
>  file shared by all web
>  applications. (Modifying it is a
> common
>  configuration mistake).
>  
>  
>  Best regards,
>  Konstantin Kolinko
>  
> 
> -
>  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>  For additional commands, e-mail: users-h...@tomcat.apache.org
>  
>  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org