Trouble using SSL with Tomcat 9
I'm trying to use a self signed certificate generated in keytool. When I run the application Chrome, Firefox and internet Explorer using localhost:8080/ all the browsers do a redirect to localhost:8443 and then return This site can’t be reachedL*ocalhost* refused to connect. There is no red lined out protocol in any of the browsers. All the Tomcat logs show no errors or warnings. I can access applications that are not protected and tomcat itself. If I set CONFIDENTIAL to NONE everything works with localhost:8080. My SSL files in tomcat - *server.xml -* Connector protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxThreads="25" port="8443" keystoreFile="c:/temp/mkeystore2.jks" keystorePass="foobar" secure="true" sslProtocol="TLS" clientAuth="false" /> *web.xml -* Financials /* CONFIDENTIAL *the output from my keystore list -* C:\Users\don\Documents\Mansurus\Security> "%java_home%/bin/keytool.exe" -list -v -keystore c:/temp/mkeystore2.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: tomcat Creation date: Sep 23, 2017 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Serial number: 6b5fe428 Valid from: Sat Sep 23 12:57:19 EDT 2017 until: Sun Sep 23 12:57:19 EDT 2018 Certificate fingerprints: MD5: 11:9D:2C:50:4A:09:9D:17:2F:46:3C:AF:AF:E5:59:EE SHA1: 63:EF:21:21:3C:22:82:46:21:84:9C:81:C6:B0:C1:EC:0F:1C:87:31 SHA256: 4E:75:D6:6A:6C:23:84:E0:36:AF:CF:1E:56:7D:18:6E:A1:BE:E5:EE:0B:E5:7B:2A:01:96:DF:49:CA:F1:50:C7 Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ : 46 C9 48 D4 54 2A 54 CE 24 1F 22 ED 1D FC 6E 14 F.H.T*T.$."...n. 0010: BE 6F 4A 49.oJI ] ] What am I doing wrong? I want to get a self-signed keystore working before I purchase a commercial certificate. Don
Re: tomcat7 eol date?
On 23/09/17 13:15, Alex O'Ree wrote: > Is there an approximate or estimated date in which ASF will stop > supporting patches for Tomcat7? Best guess that is at least two to three years away. > I'm assuming that the tomcat major versions are tied to oracle's > support for the JRE, which implies that when oracle stops supporting > JRE7 that tomcat7 support will stop around the same time. Is that more > or less accurate? No. Tomcat major versions are tied to Java EE versions and we currently support 3 versions in parallel. Java EE 8 -> Tomcat 9 Java EE 7 -> Tomcat 8 Java EE 6 -> Tomcat 7 Prior to Oracle's announcement of the Java EE donation to Eclipse, my answer would have been: Tomcat 10 will support Java EE 9. Once the release date for Java EE 9 looks fairly certain, we'll announce EOL for Tomcat 7. We will give at least 12 months notice. Oracle's donation of Java EE to Eclipse the name of what Tomcat 10 will support is uncertain at this point. Timing wise things are also uncertain at this point. Based on previous Java EE timescales, at least 2-3 years looks likely. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: publishing tomcat server as maven artifact
On 23/09/17 12:50, Alex O'Ree wrote: > They weren't, other than that releases were happening at some point. > > Ahh sorry you're right. What about the other variants, such as the > windows x64 builds with the service wrappers? The Tomcat Native binaries aren't in Maven Central at the moment. Adding them is doable. It probably just needs a Maven upload script added to the Native build. The one used for Tomcat is probably a good starting point. Mark > > On Sat, Sep 23, 2017 at 4:05 AM, Mark Thomaswrote: >> On 23/09/17 02:27, Alex O'Ree wrote: >>> In light of the recent security issues, has the tomcat dev's ever >>> consider publishing the tomcat server as a maven artifact? >> >> How are those two related? >> >>> I just tomcat as a base server for Apache jUDDI and for several other >>> projects whereby I create preconfigured tomcat instance. It's also >>> super useful for integration testing. Anyhow, just food for thought >> >> The Tomcat community has been doing that for years: >> >> https://search.maven.org/#search%7Cga%7C1%7Corg.apache.tomcat >> >> Mark >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat7 eol date?
Is there an approximate or estimated date in which ASF will stop supporting patches for Tomcat7? I'm assuming that the tomcat major versions are tied to oracle's support for the JRE, which implies that when oracle stops supporting JRE7 that tomcat7 support will stop around the same time. Is that more or less accurate? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: publishing tomcat server as maven artifact
They weren't, other than that releases were happening at some point. Ahh sorry you're right. What about the other variants, such as the windows x64 builds with the service wrappers? On Sat, Sep 23, 2017 at 4:05 AM, Mark Thomaswrote: > On 23/09/17 02:27, Alex O'Ree wrote: >> In light of the recent security issues, has the tomcat dev's ever >> consider publishing the tomcat server as a maven artifact? > > How are those two related? > >> I just tomcat as a base server for Apache jUDDI and for several other >> projects whereby I create preconfigured tomcat instance. It's also >> super useful for integration testing. Anyhow, just food for thought > > The Tomcat community has been doing that for years: > > https://search.maven.org/#search%7Cga%7C1%7Corg.apache.tomcat > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: publishing tomcat server as maven artifact
On 23/09/17 02:27, Alex O'Ree wrote: > In light of the recent security issues, has the tomcat dev's ever > consider publishing the tomcat server as a maven artifact? How are those two related? > I just tomcat as a base server for Apache jUDDI and for several other > projects whereby I create preconfigured tomcat instance. It's also > super useful for integration testing. Anyhow, just food for thought The Tomcat community has been doing that for years: https://search.maven.org/#search%7Cga%7C1%7Corg.apache.tomcat Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Fw: Re: Help needed - JPA probem - No connection specified with project
Hi all, I'd like to add that I did not add EclipseLink cos I learnt that you cannot mix Hibernate with EclipseLink. Tks & rgds, Karen --- On Sat, 9/23/17, Karen Gohwrote: > From: Karen Goh > Subject: Re: Help needed - JPA probem - No connection specified with project > To: "Tomcat Users List" , knst.koli...@gmail.com > Date: Saturday, September 23, 2017, 1:03 PM > Hi all, > > My apologies, my Tomcat server version > is Apache Tomcat 8.0.29 Server. > The JDK is 1.8 > > Hope to get some advice what went wrong > in regards to the No connection specified with project. > > Tks & rgds, > Karen > > On Fri, 9/22/17, Konstantin Kolinko > > wrote: > > Subject: Re: Help needed - JPA probem > - No connection specified with project > To: "Tomcat Users List" , > "Karen Goh" > Date: Friday, September 22, 2017, > 10:00 PM > > 2017-09-22 13:35 GMT+03:00 Karen > Goh : > > Hi expert, > > > > I have been trying very hard to > nail the > above problem including asking various > forums like > CodeRanch, dream in code etc but to no > avail. > > > > As such, I am hoping > to get help from the Apache Tomcat > user support. > > > > Tools and setting : > Eclipse Mars, Tomcat 1.8, MySQL, OS : > Windows 7, Maven, Java > JPA with Hibernate framework 5.1.0 > > There is no such version as "Tomcat > 1.8". I assume that you meant some > version of Tomcat 8.0.x. > > > > The MySQL setting is > confirmed correct, as I have managed > to insert the data via > single JDBC connection. > > > > Project summary : J2ee servlet > with JSP, > Java JPA in Hibernate framework. > (Hibernate is for pure > insertion of data - many to many > relationship) > > > > My purpose is to get > the JNDI datasource working but till > now I can't just > get it work. > > > > > Here's my context.xml : > > > > encoding="UTF-8"?> > > > docBase="Hi5S" > crossContext="true" reloadable="true" > antiResourceLocking="true" > debug="1"> > > >name="jdbc/hi5" > type="javax.sql.DataSource"/> > > > > > name="jdbc/hi5" > > > auth="Container" > > > type="javax.sql.DataSource" > > > maxTotal="8" > > > maxActive="100" > > > maxIdle="30" > > > maxWait="-1" > > > username="root" > > > singleton="true" > > > override="true" > > > > factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" > > password="password" > > > alternateUsernameAllowed="true" > > > > driverClassName="com.mysql.jdbc.Driver" > > > url="jdbc:mysql://localhost:3306/hi5" > /> > > > > > > The META-INF/context.xml file of a > web > application must have only one > of > > elements with the same value > of "name" > attribute. > > > If you have a > ResourceLink in context.xml, it means > that your Resource > element must go into > GlobalNamingResources > element of conf/server.xml > file. > http://tomcat.apache.org/tomcat-8.5-doc/config/globalresources.html > > > BTW, you > should not modify conf/context.xml > file. It is the > defaults > file shared by all web > applications. (Modifying it is a > common > configuration mistake). > > > Best regards, > Konstantin Kolinko > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org