Re: Tomcat 7.33 update on Windows
Konstantin Kolinko knst.koli...@gmail.com wrote on 12/11/2012 09:12:16 AM: From: Konstantin Kolinko knst.koli...@gmail.com To: Tomcat Users List users@tomcat.apache.org Date: 12/11/2012 09:12 AM Subject: Re: Tomcat 7.33 update on Windows 2012/12/11 Justin Larose justin.lar...@nexweb.org: I just updated Tomcat 7 from version 7.11 to 7.33 on my windows server but when I goto the URL I am seeing 500 error, Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' Not sure why. I made a copy of all config directories prior to install and copied them all to the new Tomcat home. Below is the full stack. (...) root cause java.lang.ClassNotFoundException: com.microsoft.sqlserver.jdbc.SQLServerDriver What jar contains the above class and whether it is present in your installation? I guess you forgot to copy it. (It should be placed into Tomcat's lib/ directory). Thanks for your help Konstantin. It was missing a sql file in the lib directory. It wasn't there when I copied the old Tomcat directory so I had to copy it from another server. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Tomcat 7.33 update on Windows
I just updated Tomcat 7 from version 7.11 to 7.33 on my windows server but when I goto the URL I am seeing 500 error, Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' Not sure why. I made a copy of all config directories prior to install and copied them all to the new Tomcat home. Below is the full stack. _ HTTP Status 500 - javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' type Exception report message javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' description The server encountered an internal error that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:549) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:455) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) root cause javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:912) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:841) org.apache.jsp.index_jsp._jspService(index_jsp.java:286) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) root cause org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1429) org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1371) org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) com.compasseng.jsp.client.cors.Scanner.getScanners(Scanner.java:156) org.apache.jsp.index_jsp._jspService(index_jsp.java:151) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) root cause java.lang.ClassNotFoundException: com.microsoft.sqlserver.jdbc.SQLServerDriver org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1714) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559) org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1420) org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1371) org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) com.compasseng.jsp.client.cors.Scanner.getScanners(Scanner.java:156) org.apache.jsp.index_jsp._jspService(index_jsp.java:151) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) note The full stack trace of the root cause is available in the Apache Tomcat/7.0.33 logs. Apache Tomcat/7.0.33 Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service
RE: Configure SSL under Tomcat 7
ayouB __ ayb-2...@hotmail.fr wrote on 03/19/2012 01:00:59 PM: From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Date: 03/19/2012 01:01 PM Subject: RE: Configure SSL under Tomcat 7 Still not working !! I downloaded Apache Tomcat 7.0.26 (again), i added the tcnative-1.dll in my : apache-tomcat-7.0.26\bin, i created a keystore file with this command : keytool -genkeypair -alias tomcat -keyalg RSA -keystore C:\mykeystore i put the file named mykeystore in my : apache-tomcat-7.0.26\conf i modified my Tomcat's server.xml to be able to support HTTPS as it has been said in apache tomcat's documentation from the official website and as it had been said in the e-book : Apache Tomcat 7 (Aleska Vukotic and James Goodwill) in the chapter 7 : Securing tomcat with SSL ! (Step by step) Here's my conf/server.xml : ===server.xml= ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=mykeystore keystorePass=changeit keyAlias=tomcat keyPass=changeit/ This part looks wrong to me. Is your keystore under /conf or in the tomcat home? If its under /conf try this: Connector SSLEnabled=true clientAuth=false keyAlias=tomcat keystoreFile=conf/mykeystore.jks keystorePass=changeit port=8443 scheme=https secure=true sslProtocol=TLS/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3
RE: Cannot rid of expired Certificate ...
From: Andrew Erskine a.ersk...@darasoft.com To: Tomcat Users List users@tomcat.apache.org Date: 01/20/2012 06:05 AM Subject: RE: Cannot rid of expired Certificate ... -Original Message- From: Pid [mailto:p...@pidster.com] Sent: 20 January 2012 11:00 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... On 20/01/2012 10:52, Andrew Erskine wrote: So how do I do that .. I'm only replying to questions .. S0, scroll down a bit... On 20 Jan 2012, at 10:51, André Warnier a...@ice-sa.com wrote: ... and reply below Top post is like this : when I reply to a message, at the top of the message. It makes it much harder to follow the logic flow of a conversation. Andrew Erskine wrote: Top post ? ... each point. p Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Answering below the question is much clearer. like this ? .. aha Andrew, When you hit the reply button use the option that says Reply with Internet-Style history. That will add the 's to all the previous comments and then you comment under each relevant one. =) - Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Error: Unable to compile class for JSP
Well now that I got the certificate setup and users login to the
application they are not seeing all content...
When they login to the application (Tomcat version 7.0.23) they get the
error below in the initial splash window. (there should be a menu instead)
If I switch back to the Tomcat 6.0 version it runs fine. I checked the
.jps files and are identical between the version 6 and version 7
application.
___
Jan 11, 2012 8:28:23 AM org.apache.catalina.core.ApplicationDispatcher
invoke
SEVERE: Servlet.service() for servlet jsp threw exception
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 230 in the jsp file: /object_table.jsp
The type Part is ambiguous
227:{
228: //do nothing here - we don't want the filter to be displayed
for lifecycles
229: }
230: else if (objType.equals(Part.class))
231: {
232:ObjectTablePagelet.addButton(Pagelet.EDIT_BUTTON,
edit_design_part_master, BarAdapterItem.MODE_ENABLE_ON_ONE, Edit Design
Part, 530, 550);
233: }
Thanks,
Justin LaRose
**
This email and any files transmitted with it are intended solely for
the use of the individual or agency to whom they are addressed.
If you have received this email in error please notify the Navy
Exchange Service Command e-mail administrator. This footnote
also confirms that this email message has been scanned for the
presence of computer viruses.
Thank You!
**
Re: Error: Unable to compile class for JSP
An error occurred at line: 230 in the jsp file: /object_table.jsp
The type Part is ambiguous
227:{
228: //do nothing here - we don't want the filter to be
displayed
for lifecycles
229: }
230: else if (objType.equals(Part.class))
231: {
Have you imported more than one Part.class by accident, via a wildcard
import perhaps?
I did not import any classes. I installed Tomcat 7 in a different
directory and copied all the webapp directories to the new location.
- Justin
**
This email and any files transmitted with it are intended solely for
the use of the individual or agency to whom they are addressed.
If you have received this email in error please notify the Navy
Exchange Service Command e-mail administrator. This footnote
also confirms that this email message has been scanned for the
presence of computer viruses.
Thank You!
**
Re: Error: Unable to compile class for JSP
ma...@apache.org wrote on 01/11/2012 01:19:17 PM:
From: ma...@apache.org
To: Tomcat Users List users@tomcat.apache.org
Date: 01/11/2012 01:20 PM
Subject: Re: Error: Unable to compile class for JSP
Justin Larose justin.lar...@nexweb.org wrote:
An error occurred at line: 230 in the jsp file: /object_table.jsp
The type Part is ambiguous
227:{
228: //do nothing here - we don't want the filter to be
displayed
for lifecycles
229: }
230: else if (objType.equals(Part.class))
231: {
Have you imported more than one Part.class by accident, via a
wildcard
import perhaps?
I did not import any classes.
You must have at least one import to resolve the class Part. Since
I'm pretty sure a class with that name was added in servlet 3,
wildcard imports are very likely the problem.
I downgraded the Tomcat to Version 6.0.35 and looks to be working
correctly now.
Maybe Serena Dimensions cannot work with that higher version of Tomcat
(version 7.0.23)?
The only files I copied over from the 6.0 version to the 6.0.35 version
were the webapps directory the web.xml file and the server.xml file.
The only difference in the server.xml file between the 2 versions is this:
Listener className=org.apache.catalina.mbeans.ServerLifecycleListener
/
Listener className=org.apache.catalina.core.AprLifecycleListener
SSLEngine=on /
- Thanks, Justin
**
This email and any files transmitted with it are intended solely for
the use of the individual or agency to whom they are addressed.
If you have received this email in error please notify the Navy
Exchange Service Command e-mail administrator. This footnote
also confirms that this email message has been scanned for the
presence of computer viruses.
Thank You!
**
Re: SSL Configuration Errors
Ognjen, You must use the same keystore and same alias when you: 1. generate key, 2. generate csr, 3. import certificate. Example: keytool -genkey ... -keystore xxx.jks -alias yyy keytool -certreq ... -keystore xxx.jks -alias yyy and later keytool -import -trustcacerts ... -keystore xxx.jks -alias yyy Same keystore, same alias in all three invocations of keytool. I took screenshots of my actions in doing these steps above. The only problem I see is when I created the keystore at first I named it wcmdev.keystore and now it seems to be named wcmdev.jks . So I have deleted all keystores and will start from scratch again. Here is what I have entered for creating keystore and CSR request: C:\Program Filescd %JAVA_HOME% C:\Program Files\Java\jre6cd bin C:\Program Files\Java\jre6\binkeytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore wcmdev.jks (I deleted this section) Enter key password for tomcat (RETURN if same as keystore password): Re-enter new password: C:\Program Files\Java\jre6\binkeytool -certreq -keyalg RSA -alias tomcat -file wcmdev.csr -keystore wcmdev.jks Enter keystore password: When I get the new certificate should I only import the certificate? Or do I need to import the intermediate and root certificate first? Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors -- Resolved
All, This seems to be the problem. How do I set my imported cert as a key entry or get Tomcat to read it as a CertEntry? You must use the same keystore and same alias when you: 1. generate key, 2. generate csr, 3. import certificate. Example: keytool -genkey ... -keystore xxx.jks -alias yyy keytool -certreq ... -keystore xxx.jks -alias yyy and later keytool -import -trustcacerts ... -keystore xxx.jks -alias yyy Same keystore, same alias in all three invocations of keytool. Thanks for the help everyone. After recreating the .jks and resubmitting the csr all with alias tomcat then importing the root, intermediate and new certificate I was able to access the application. -- Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors
Christopher Schultz ch...@christopherschultz.net wrote on 01/06/2012 05:20:12 PM: From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Date: 01/06/2012 05:20 PM Subject: Re: SSL Configuration Errors -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, On 1/6/12 2:56 PM, Justin Larose wrote: This Tomcat environment was setup long before I worked here, so I am just upgrading from an older version to 7.0.23 and trying to not use a self signed certificate. It's important for you to know if your app actually requires client authentication. Since your Connector says clientAuth=true, it means that all clients must present a valid certificate in order to connect. I actually removed the clientAuth=true statement and I can still access the application with the self signed cert. I have asked the application developers if this is required. I can get the sample-ssl.jks to work with the below connector port information. But when I edit the connector ports to add the new wcmdev-ssl.jks and imported Certificate(s) I received from the CSR I get the error, java.io.IOException: Alias name tomcat does not identify a key entry What do you get if you run this command: $ keytool -list -keystore conf/sample-ssl.jks I cannot run the keytool command from the Tomcat home directory. What I have been doing is making a copy of the .jks and dropping them into the java home/bin directory and running the keytool -list from there. But here is what it looks like from java_home Weird because it is an alias. Is it looking for tomcat as the actual entry name or alias? Your certificate needs to have the alias tomcat. I did import my cert with the alias tomcat. You can see that in the screenshot here: It seems like it is not reading the keystore properly. Should I just create a new CSR from the sample-ssl.jks keystore? That shouldn't be necessary. You may have to re-import your certificate, though. I have used the keytool to delete all 3 certs (root, intermediate and primary) and readd them many times. I even just tried only the Primary cert with the alias tomcat as the only cert. But the log shows same error: SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: Alias name tomcat does not identify a key entry - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8Hc5wACgkQ9CaO5/Lv0PC9LwCcDOxPQ9G8PY6WQAcUq/6zDvjR CU4AoLsvEq++7v0Ml5+A+XjRPilsKA9p =6XzB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors
Chris, This list strips non-text attachments. I will sent it in text format next time. I have used the keytool to delete all 3 certs (root, intermediate and primary) and readd them many times. I even just tried only the Primary cert with the alias tomcat as the only cert. But the log shows same error: SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: Alias name tomcat does not identify a key entry When you created your key to create the CSR, did you use tomcat as the alias for *that* as well? Looks like it can't find a *key*, not a *cert*. I was just looking at that. When I had the 2 list entries and the error log side by side I noticed the error says, Alias name tomcat does not identify a key entry And when I look at the self signed cert it is listed as a PrivateKeyEntry but on my imported cert it is listed as a trustedCertEntry This seems to be the problem. How do I set my imported cert as a key entry or get Tomcat to read it as a CertEntry? Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors
Pid p...@pidster.com wrote on 01/06/2012 04:30:30 AM:
From: Pid p...@pidster.com
To: Tomcat Users List users@tomcat.apache.org
Date: 01/06/2012 04:31 AM
Subject: Re: SSL Configuration Errors
Connector port=18080 protocol=HTTP/1.1
connectionTimeout=2
redirectPort=8443 /
Connector
Are you actually using Client auth?
This Tomcat environment was setup long before I worked here, so I am just
upgrading from an older version to 7.0.23 and trying to not use a self
signed certificate.
clientAuth=true port=8443 minSpareThreads=5
maxSpareThreads=75
enableLookups=true disableUploadTimeout=true
acceptCount=100 maxThreads=200
scheme=https secure=true SSLEnabled=true
keystoreFile=F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
7.0\conf\wcmdev-ssl.jks
keystoreType=JKS keystorePass=**
keystoreType has the default, you can remove it.
I don't like the look of those paths, this is neater:
keystoreFile=${catalina.base}\conf\wcmdev-ssl.jks
truststoreFile=F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
7.0\conf\wcmdev-ssl.jks
truststoreType has the default, you can remove it.
truststoreType=JKS truststorePass=**
SSLVerifyClient=require SSLEngine=on SSLVerifyDepth=2
sslProtocol=TLS /
sslProtocol is also the default, you can remove it.
Removed.
Connector port=8409 protocol=AJP/1.3 redirectPort=8443 /
Are you actually using the AJP connector?
Removed.
Can you remove all of the client auth config and just configure the
keystore alone, first to try to get the SSL working?
Removed.
Did you follow the steps here?
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
Yes.
I can get the sample-ssl.jks to work with the below connector port
information. But when I edit the connector ports to add the new
wcmdev-ssl.jks and imported
Certificate(s) I received from the CSR I get the error,
java.io.IOException: Alias name tomcat does not identify a key entry
Weird because it is an alias. Is it looking for tomcat as the actual entry
name or alias?
It seems like it is not reading the keystore properly. Should I just
create a new CSR from the sample-ssl.jks keystore?
Here is the connector info for the sample-ssl.jks that works.
Service name=Catalina
Connector port=18080 protocol=HTTP/1.1
connectionTimeout=2 redirectPort=8443/
Connector port=8443 SSLEnabled=true scheme=https
secure=true
maxHttpHeaderSize=8192 maxThreads=150
minSpareThreads=25 maxSpareThreads=75
enableLookups=false disableUploadTimeout=true
acceptCount=100 strategy=ms
keystoreFile=conf/sample-ssl.jks keystorePass=***
keyAlias=tomcat
truststoreFile=conf/sample-ssl.jks truststorePass=***/
Connector port=8543 SSLEnabled=true scheme=https
secure=true
maxHttpHeaderSize=8192 maxThreads=150
minSpareThreads=25 maxSpareThreads=75
enableLookups=false disableUploadTimeout=true
acceptCount=100 strategy=ms
keystoreFile=conf/sample-ssl.jks keystorePass=***
keyAlias=tomcat
truststoreFile=conf/sample-ssl.jks
truststorePass=***/
**
This email and any files transmitted with it are intended solely for
the use of the individual or agency to whom they are addressed.
If you have received this email in error please notify the Navy
Exchange Service Command e-mail administrator. This footnote
also confirms that this email message has been scanned for the
presence of computer viruses.
Thank You!
**
Re: SSL Configuration Errors
Sorry. Comments removed. ___ ?xml version='1.0' encoding='utf-8'? Server port=8405 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=18080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector clientAuth=true port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 7.0\conf\wcmdev-ssl.jks keystoreType=JKS keystorePass=** truststoreFile=F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 7.0\conf\wcmdev-ssl.jks truststoreType=JKS truststorePass=** SSLVerifyClient=require SSLEngine=on SSLVerifyDepth=2 sslProtocol=TLS / Connector port=8409 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.LockOutRealm Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Realm Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b resolveHosts=false/ /Host /Engine /Service /Server Thanks, Justin LaRose From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Date: 01/04/2012 03:29 PM Subject:Re: SSL Configuration Errors On 04/01/2012 19:33, Justin Larose wrote: Hello Group, I am seeing this error when starting Tomcat 7 on Windows. SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled. I have 3 certs in the keystore 1 root, 1 intermediate and the one received from the csr. I also confirmed they are pointing to the correct place and I can see them if I do a keytool -list -v -keystore keystore.jks -alias mydomain I have attached my server.xml below. Anyone know where to start? By removing the comments? p ___ ?xml version='1.0' encoding='utf-8'? Server port=8405 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- !-- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / -- !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests
SSL Configuration Errors
documentation) -- !-- Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster/ -- !-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack -- Realm className=org.apache.catalina.realm.LockOutRealm !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Realm Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true !-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html -- !-- Valve className=org.apache.catalina.authenticator.SingleSignOn / -- !-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern=common -- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b resolveHosts=false/ /Host /Engine /Service /Server Thanks, Justin LaRose ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: Tomcat crashes after startup
Chris, You need to have a key in your keystore with the alias tomcat as well. If you have been following http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration, you have either missed or misinterpreted a step. I actually followed the document here: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html because I am using Tomcat 6. I also did import the cert with the alias tomcat (see screenshot below). Is there an order in which to import the certs? I imported the server cert first, then the CA, then the root cert. I would advise against using the same keystore for both the keystore and the truststore. The trust store is only used for validating client certificates and, IMO, should be kept separate from the certificates you use for the web service itself. These config settings were in place long before I worked here... I was just copying the info from the old server.xml and adding in the new keystore info. If we do not Use any client certs can I remove the truststore line? Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: Tomcat crashes after startup
Chris, Here is the first few lines of the output.. I don't think I want to copy my entire cert here. ___ F:\Serena\Dimensions 2009 R2\Common Tools\jre\6.0\binkeytool -list -v -keystore wcmdev-ssl.jks -alias tomcat Enter keystore password: Alias name: tomcat Creation date: Nov 10, 2011 Entry type: trustedCertEntry Owner: CN=wcmdev.nexweb.us, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Date: 12/13/2011 03:08 PM Subject:Re: Tomcat crashes after startup -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, On 12/13/11 8:35 AM, Justin Larose wrote: I actually followed the document here: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html because I am using Tomcat 6. Okay. You just hadn't mentioned that (version) before. I also did import the cert with the alias tomcat (see screenshot below). Is there an order in which to import the certs? I imported the server cert first, then the CA, then the root cert. Your screenshot has been suppressed from the list. Instead, can you post a text copy/paste for a keytool -list? I would advise against using the same keystore for both the keystore and the truststore. The trust store is only used for validating client certificates and, IMO, should be kept separate from the certificates you use for the web service itself. These config settings were in place long before I worked here... I was just copying the info from the old server.xml and adding in the new keystore info. If we do not Use any client certs can I remove the truststore line? Almost certainly. You probably want to fix one problem at a time, though. :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7nsIkACgkQ9CaO5/Lv0PD1EgCeNlYJ1udAFvbU4LGOw0lAxrKc s/0An3XMoGo1WCkYjRe7OhJ9gkdj1GlK =ANqY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat crashes after startup
Group, Can anyone help me with this error below from the catalina.log? I have attached my server.xml as well. I have done some searches on the internet and cannot find much on this error. SEVERE: Error initializing endpoint java.io.IOException: AnyCert TrustManagerFactory not available at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:527) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1022) at org.apache.catalina.core.StandardService.initialize(StandardService.java:703) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) at org.apache.catalina.startup.Catalina.load(Catalina.java:538) at org.apache.catalina.startup.Catalina.load(Catalina.java:562) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Dec 12, 2011 3:08:45 PM org.apache.catalina.core.StandardService initialize SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8543]] LifecycleException: Protocol handler initialization failed: java.io.IOException: AnyCert TrustManagerFactory not available at org.apache.catalina.connector.Connector.initialize(Connector.java:1024) at org.apache.catalina.core.StandardService.initialize(StandardService.java:703) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) at org.apache.catalina.startup.Catalina.load(Catalina.java:538) at org.apache.catalina.startup.Catalina.load(Catalina.java:562) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Server.xml . Server port=8405 shutdown=Shutdown.SerenaCommonTomcat !-- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / -- Listener className=org.apache.catalina.core.JasperListener/ Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector connectionTimeout=2 port=18080 protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web Server/1.0/ !-- Define a SSL HTTP/1.1 Connector on port 8443, using only 128-bit+ encryption (remove ciphers attribute if not needed). -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA server=Unknown Web Server/1.0/ -- Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks truststorePass=*/ Connector SSLEnabled=true acceptCount=100 clientAuth=true disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8543 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert truststoreFile=conf/sample-ssl.jks truststorePass=*/ !-- Define an AJP 1.3 Connector on port 8409. -- Connector port=8409 protocol=AJP/1.3 redirectPort=8443 server=Unknown Web
Re: Tomcat crashes after startup
=true enableLookups=false keyAlias=tomcat keystoreFile=conf/wcmdev-ssl.jks keystorePass= maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25port=8443 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/wcmdev-ssl.jks truststorePass=/ Connector SSLEnabled=true acceptCount=100 clientAuth=true disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/wcmdev-ssl.jks keystorePass= maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25port=8543 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/wcmdev-ssl.jks truststorePass=/ !-- Define an AJP 1.3 Connector on port 8409. -- Connector port=8409 protocol=AJP/1.3 redirectPort=8443 server=Unknown Web Server/1.0/ Engine defaultHost=localhost name=Catalina !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false/ /Engine /Service /Server Thanks, Justin From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 12/12/2011 03:29 PM Subject:Re: Tomcat crashes after startup On 12/12/2011 20:20, Justin Larose wrote: Group, Can anyone help me with this error below from the catalina.log? I have attached my server.xml as well. I have done some searches on the internet and cannot find much on this error. SEVERE: Error initializing endpoint java.io.IOException: AnyCert TrustManagerFactory not available Seems pretty clear to me. Connector ... port=8543 ... truststoreAlgorithm=AnyCert .../ Fix your broken connector configuration or provide a JSSE implementation that includes this custom truststoreAlgorithm. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Tomcat won't start after Windows Reboot
[org.apache.axis.utils.XMLUtils$ThreadLocalDocumentBuilder@1682a53]) and a value of type [org.apache.xerces.jaxp.DocumentBuilderImpl] (value [org.apache.xerces.jaxp.DocumentBuilderImpl@1b2d7df]) but failed to remove it when the web application was stopped. This is very likely to create a memory leak. Dec 5, 2011 3:02:43 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap SEVERE: The web application [/dmwebservice] created a ThreadLocal with key of type [org.apache.axis.utils.XMLUtils.ThreadLocalDocumentBuilder] (value [org.apache.axis.utils.XMLUtils$ThreadLocalDocumentBuilder@c07527]) and a value of type [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl] (value [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl@14b74a7]) but failed to remove it when the web application was stopped. This is very likely to create a memory leak. Dec 5, 2011 3:02:43 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-18080 Dec 5, 2011 3:02:43 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-8443 Dec 5, 2011 3:02:43 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-8543 Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: tomcat manager/status question
Dan, Thanks for the help. I opened the server.xml.orig file (from the Tomcat installation) and copied the GlobalNamingResources and Engine and restarted Tomcat. Afterwards I was able to login using the username and password located in the tomcat-users.xml file. Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/16/2011 02:21 PM Subject:Re: tomcat manager/status question Justin, Assuming that is the entire file, it looks like you do not have a UserDatabase or a Realm defined. You need to define a UserDatabase Resource tag and a Realm for the security configuration. This is required by the manager application perform authentication and authorization. This configuration will look something like the following (non-essential elements removed for brevity)... Server.. GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service... Engine... Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Engine /Service /Server For a complete example, grab a fresh copy of Tomcat and take a look at the server.xml file that is packaged with it. It has both of these elements defined and some comments which explain how it works. Dan On Wed, 2011-11-16 at 11:04 -0800, Justin Larose wrote: I have copied my server.xml file below. __ Server port=8405 shutdown=Shutdown.SerenaCommonTomcat !-- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / -- Listener className=org.apache.catalina.core.JasperListener/ Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Service name=Catalina Connector connectionTimeout=2 port=18080 protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web Server/1.0/ !-- Define a SSL HTTP/1.1 Connector on port 8443, using only 128-bit+ encryption (remove ciphers attribute if not needed). -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA server=Unknown Web Server/1.0/ -- Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks truststorePass=*/ Connector SSLEnabled=true acceptCount=100 clientAuth=true disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8543 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert truststoreFile=conf/sample-ssl.jks truststorePass=*/ !-- Define an AJP 1.3 Connector on port 8409. -- Connector port=8409 protocol=AJP/1.3 redirectPort=8443 server=Unknown Web Server/1.0/ Engine defaultHost=localhost name=Catalina Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false/ /Engine /Service /Server ___ Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 04:26 PM Subject:Re: tomcat manager/status question Justin, Your conf/tomcat-users.xml looks fine to me. I copied and pasted it into a stock Tocmat 6.0.33 server on my machine and it worked fine. At this point, you might want to also post your conf/server.xml file. Dan On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote: Yes I have restarted tomcat after editing this file: ?xml version='1.0' encoding='cp1252'? tomcat-users role rolename=manager-gui/ user username=admin password= roles=manager-gui / /tomcat-users Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 02:32 PM Subject:Re: tomcat manager/status
Re: tomcat manager/status question
I have copied my server.xml file below. __ Server port=8405 shutdown=Shutdown.SerenaCommonTomcat !-- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / -- Listener className=org.apache.catalina.core.JasperListener/ Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Service name=Catalina Connector connectionTimeout=2 port=18080 protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web Server/1.0/ !-- Define a SSL HTTP/1.1 Connector on port 8443, using only 128-bit+ encryption (remove ciphers attribute if not needed). -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA server=Unknown Web Server/1.0/ -- Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks truststorePass=*/ Connector SSLEnabled=true acceptCount=100 clientAuth=true disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8543 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert truststoreFile=conf/sample-ssl.jks truststorePass=*/ !-- Define an AJP 1.3 Connector on port 8409. -- Connector port=8409 protocol=AJP/1.3 redirectPort=8443 server=Unknown Web Server/1.0/ Engine defaultHost=localhost name=Catalina Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false/ /Engine /Service /Server ___ Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 04:26 PM Subject:Re: tomcat manager/status question Justin, Your conf/tomcat-users.xml looks fine to me. I copied and pasted it into a stock Tocmat 6.0.33 server on my machine and it worked fine. At this point, you might want to also post your conf/server.xml file. Dan On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote: Yes I have restarted tomcat after editing this file: ?xml version='1.0' encoding='cp1252'? tomcat-users role rolename=manager-gui/ user username=admin password= roles=manager-gui / /tomcat-users Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 02:32 PM Subject:Re: tomcat manager/status question Justin, What exactly do you have in your conf/tomcat-users.xml file? If you could include the contents of the file inline here, that would be helpful. Don't forget to redact passwords and other sensitive info. Dan On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote: Question: I upgraded my Tomcat version to 6.0 using the apache-tomcat-6.0.33.exe file and I am trying to access the manager and the status pages here: localhost:port\index.jsp I get to the default Tomcat page and select status and I get a login prompt. After entering the username and password that I have configured in the \conf\tomcat-users.xml file it just asks for the password again and again. After the 3rd attempt it will default to the 401 page that talks about configuring the tomcat-users.xml file. I also get the same error after selecting the manager link as well. Do I need to install another portion of Tomcat to get this feature to work? Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
tomcat manager/status question
Question: I upgraded my Tomcat version to 6.0 using the apache-tomcat-6.0.33.exe file and I am trying to access the manager and the status pages here: localhost:port\index.jsp I get to the default Tomcat page and select status and I get a login prompt. After entering the username and password that I have configured in the \conf\tomcat-users.xml file it just asks for the password again and again. After the 3rd attempt it will default to the 401 page that talks about configuring the tomcat-users.xml file. I also get the same error after selecting the manager link as well. Do I need to install another portion of Tomcat to get this feature to work? Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: tomcat manager/status question
Yes I have restarted tomcat after editing this file: ?xml version='1.0' encoding='cp1252'? tomcat-users role rolename=manager-gui/ user username=admin password= roles=manager-gui / /tomcat-users Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 02:32 PM Subject:Re: tomcat manager/status question Justin, What exactly do you have in your conf/tomcat-users.xml file? If you could include the contents of the file inline here, that would be helpful. Don't forget to redact passwords and other sensitive info. Dan On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote: Question: I upgraded my Tomcat version to 6.0 using the apache-tomcat-6.0.33.exe file and I am trying to access the manager and the status pages here: localhost:port\index.jsp I get to the default Tomcat page and select status and I get a login prompt. After entering the username and password that I have configured in the \conf\tomcat-users.xml file it just asks for the password again and again. After the 3rd attempt it will default to the 401 page that talks about configuring the tomcat-users.xml file. I also get the same error after selecting the manager link as well. Do I need to install another portion of Tomcat to get this feature to work? Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
