Re: TOMCAT CERTIFICATE RENEWAL

[Christopher Schultz]

Prabu,

On 2/19/24 02:40, Ganesan, Prabu wrote:

Thanks for your information - its jks file do we have any specific
command to pass them for renew the certificate?
If you aren't sure how to do this, maybe you aren't the right person to 
try to do this.


-chris


_
PrabuGanesan
Consultant|MS-Nordics
capgemini India Pvt. Ltd. | Bangalore
Contact: +91 8526554535
Email: prabhu.c.gane...@capgemini.com

www.capgemini.com
People matter, results count.
__
Connect with Capgemini:

  
Please consider the environment and do not print this email unless absolutely necessary.

Capgemini encourages environmental awareness.

-Original Message-
From: Thomas Hoffmann (Speed4Trade GmbH) 

Sent: Monday, February 19, 2024 12:49 PM
To: Tomcat Users List 
Subject: AW: TOMCAT CERTIFICATE RENEWAL

**This mail has been sent from an external source. Do not reply to it, or 
open any links/attachments unless you are sure of the sender's identity.**

Hello Ganesan,


Von: Ganesan, Prabu 
Gesendet: Montag, 19. Februar 2024 08:07
An: Tomcat Users List 
Betreff: TOMCAT CERTIFICATE RENEWAL
Priorität: Hoch

  Hi Guys,
  How to renew the certificate in Tomcat Can anyone provide with steps as we 
have Our tomcat certificate is about to expire in Next week, Anybody can help 
with  renew steps:
  Tomcat version : 8.5.5.0
Thanks & Regards,
_
PrabuGanesan
Consultant|MS-Nordics
capgemini India Pvt. Ltd. | Bangalore
Contact: +91 8526554535


Take a look at the server.xml and inspect the https connector.
There should be a reference to the key file and certificate-file.
Depending on the used format (pem, jks etc) you need to update these files.

Greetings,
Thomas

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


This message contains information that may be privileged or confidential and is 
the property of the Capgemini Group. It is intended only for the person to whom 
it is addressed. If you are not the intended recipient, you are not authorized 
to read, print, retain, copy, disseminate, distribute, or use this message or 
any part thereof. If you receive this message in error, please notify the 
sender immediately and delete all copies of this message.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TOMCAT CERTIFICATE RENEWAL

[bigelytechnol...@yahoo.com]

 Hello Dear
Thanks for your reply
l would use this opportunity to briefly introduce our company, Bigly
Technologies Thailand,  We are one of the leading importers in Asia , and
the Middle East on general Goods and Equipment.
On behalf of Bigly Technologies Thailand, this is the samples of the
product that we want develop.
Please Kindly view our website for the samples and the product we need if
your company can
make the similar like this product.
*E-Catalogue:  *https://biglytechcatalog.es.tl

Please quote us your best prices and the cost of delivery to our port and
if the prices meets our
price target we can place our order as soon as possible.
Thank You!

Best Regards

*Wat Namtip*

Purchase Manager

*Bigly Technologies Thailand*

2/51 BangNa Complex Office Tower, 11th Floor, Soi BangNa Trat 25, Bangna
Nua, Bangna, Bangkok 10260 Thailand

Telephone: +66 (0)2150 10 15

On Mon, Feb 19, 2024 at 2:02 PM Ganesan, Prabu
 wrote:

>  Hi Guys,
>
> How to renew the certificate in Tomcat Can anyone provide with steps as we
> have Our tomcat certificate is about to expire in Next week, Anybody can
> help with  renew steps:
>
> Tomcat version : 8.5.5.0
>
> Thanks & Regards,
> _
> PrabuGanesan
> Consultant|MS-Nordics
> capgemini India Pvt. Ltd. | Bangalore
> Contact: +91 8526554535
> Email: prabhu.c.gane...@capgemini.com
>
> www.capgemini.com
> People matter, results count.
> __
> Connect with Capgemini:
>
>
> Please consider the environment and do not print this email unless
> absolutely necessary.
> Capgemini encourages environmental awareness.
>
> -Original Message-
> From: Christopher Schultz 
> Sent: Friday, February 16, 2024 8:56 PM
> To: users@tomcat.apache.org
> Subject: Re: Tomcat/Java starts using too much memory and not by the heap
> or non-heap memory
>
> **This mail has been sent from an external source. Do not reply to it,
> or open any links/attachments unless you are sure of the sender's
> identity.**
>
> Chuck and Brian,
>
> On 2/15/24 10:53, Chuck Caldarale wrote:
> >
> >> On Feb 15, 2024, at 09:04, Brian Braun  wrote:
> >>
> >> I discovered the JCMD command to perform the native memory tracking.
> >> When running it, after 3-4 days since I started Tomcat, I found out
> >> that the compiler was using hundreds of MB and that is exactly why
> >> the Tomcat process starts abusing the memory! This is what I saw when
> executing "sudo jcmd  VM.native_memory scale=MB":
> >>
> >> Compiler (reserved=3D340MB, commited=3D340MB) (arena=3D340MB #10)
> >>
> >> Then I discovered the Jemalloc tool (http://jemalloc.net
> >> ) and its jeprof tool, so I started launching
> >> Tomcat using it. Then, after 3-4 days after Tomcat starts I was able
> >> to create some GIF images from the dumps that Jemalloc creates. The
> >> GIF files show the problem: 75-90% of the memory is being used by
> >> some weird activity in the compiler! It seems that something called
> >> "The C2 compile/JIT compiler" starts doing something after 3-4 days,
> and that creates the leak. Why after 3-4 days and not sooner? I don't know.
> >
> >
> > There have been numerous bugs filed with OpenJDK for C2 memory leaks
> over the past few years, mostly related to recompiling certain methods. The
> C2 compiler kicks in when fully optimizing methods, and it may recompile
> methods after internal instrumentation shows that additional performance
> can be obtained by doing so.
> >
> >
> >> I am attaching the GIF in this email.
> >
> >
> > Attachments are stripped on this mailing list.
>
> :(
>
> I'd love to see these.
>
> >> Does anybody know how to deal with this?
> >
> >
> > You could disable the C2 compiler temporarily, and just let C1 handle
> your code. Performance will be somewhat degraded, but may well still be
> acceptable. Add the following to the JVM options when you launch Tomcat:
> >
> > -XX:TieredStopAtLevel=1
> >
> >
> >> By the way, I'm running my website using Tomcat 9.0.58, Java
> >> "11.0.21+9-post-Ubuntu-0ubuntu122.04", Ubuntu 22.04.03. And I am
> >> developing using Eclipse and compiling my WAR file with a "Compiler
> >> compliance level:11".
> >
> >
> > You could try a more recent JVM version; JDK 11 was first released over
> 5 years ago, although it is still being maintained.
>
> There is an 11.0.22 -- just a patch-release away from what you appear to
> have. I'm not sure if it's offered through your package-manager, but you
> could give it a try directly from e.g. Eclipse Adoptium / Temurin.
>
> Honestly, if your code runs on Java 11, it's very likely that it will run
> just fine on Java 17 or Java 21. Debian has packages for Java 17 for sure,
> so I suspect Ubuntu will have them available as well.
>
> Debian-based distros will allow you to install and run multiple JDKs/JREs
> in parallel, so you can install Java 17 (or 21) without cutting-off access
> to Java 11 if you still want it.

Re: TOMCAT CERTIFICATE RENEWAL

[bigelytechnol...@yahoo.com]

 Hello Dear
Thanks for your reply
l would use this opportunity to briefly introduce our company, Bigly
Technologies Thailand,  We are one of the leading importers in Asia , and
the Middle East on general Goods and Equipment.
On behalf of Bigly Technologies Thailand, this is the samples of the
product that we want develop.
Please Kindly view our website for the samples and the product we need if
your company can
make the similar like this product.
*E-Catalogue:  *https://biglytechcatalog.es.tl

Please quote us your best prices and the cost of delivery to our port and
if the prices meets our
price target we can place our order as soon as possible.
Thank You!

Best Regards

*Wat Namtip*

Purchase Manager

*Bigly Technologies Thailand*

2/51 BangNa Complex Office Tower, 11th Floor, Soi BangNa Trat 25, Bangna
Nua, Bangna, Bangkok 10260 Thailand

Telephone: +66 (0)2150 10 15

On Mon, Feb 19, 2024 at 2:08 PM Ganesan, Prabu
 wrote:

>  Hi Guys,
>
>  How to renew the certificate in Tomcat Can anyone provide with steps as
> we have Our tomcat certificate is about to expire in Next week, Anybody can
> help with  renew steps:
>
>  Tomcat version : 8.5.5.0
>
> Thanks & Regards,
>
> _[image:
> Email_CBE.gif]
>
> *PrabuGanesan*
>
> *Consultant|MS-Nordics*
>
> capgemini India Pvt. Ltd. | Bangalore
>
> Contact: +91 8526554535
>
> Email: prabhu.c.gane...@capgemini.com
>
>
>
> www.capgemini.com
>
> *People matter, results count.*
>
> __
>
> *Connect with Capgemini:*
> 
>  
> 
> 
> 
>
>
>
> Please consider the environment and do not print this email unless
> absolutely necessary.
>
> Capgemini encourages environmental awareness.
>
>
> This message contains information that may be privileged or confidential
> and is the property of the Capgemini Group. It is intended only for the
> person to whom it is addressed. If you are not the intended recipient, you
> are not authorized to read, print, retain, copy, disseminate, distribute,
> or use this message or any part thereof. If you receive this message in
> error, please notify the sender immediately and delete all copies of this
> message.
>

RE: TOMCAT CERTIFICATE RENEWAL

[Ganesan, Prabu]

Hi  Tomas 

Thanks for your information - its jks file do we have any specific command to 
pass them for renew the certificate?

Thanks & Regards,
_
PrabuGanesan
Consultant|MS-Nordics
capgemini India Pvt. Ltd. | Bangalore 
Contact: +91 8526554535
Email: prabhu.c.gane...@capgemini.com

www.capgemini.com
People matter, results count.
__
Connect with Capgemini:

 
Please consider the environment and do not print this email unless absolutely 
necessary.
Capgemini encourages environmental awareness.

-Original Message-
From: Thomas Hoffmann (Speed4Trade GmbH) 
 
Sent: Monday, February 19, 2024 12:49 PM
To: Tomcat Users List 
Subject: AW: TOMCAT CERTIFICATE RENEWAL

**This mail has been sent from an external source. Do not reply to it, or 
open any links/attachments unless you are sure of the sender's identity.**

Hello Ganesan,

> Von: Ganesan, Prabu  
> Gesendet: Montag, 19. Februar 2024 08:07
> An: Tomcat Users List 
> Betreff: TOMCAT CERTIFICATE RENEWAL
> Priorität: Hoch
>
> Hi Guys,
> How to renew the certificate in Tomcat Can anyone provide with steps as we 
>have Our tomcat certificate is about to expire in Next week, Anybody can help 
>with  renew steps:
> Tomcat version : 8.5.5.0
> Thanks & Regards,
> _
> PrabuGanesan
> Consultant|MS-Nordics
> capgemini India Pvt. Ltd. | Bangalore 
> Contact: +91 8526554535

Take a look at the server.xml and inspect the https connector.
There should be a reference to the key file and certificate-file.
Depending on the used format (pem, jks etc) you need to update these files.

Greetings,
Thomas

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


This message contains information that may be privileged or confidential and is 
the property of the Capgemini Group. It is intended only for the person to whom 
it is addressed. If you are not the intended recipient, you are not authorized 
to read, print, retain, copy, disseminate, distribute, or use this message or 
any part thereof. If you receive this message in error, please notify the 
sender immediately and delete all copies of this message.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat + certificate

[Saravana Kumar]

Duan, Nick wrote:

 Without knowing the details of your problem (you may want to provide a
 stack trace next time), I think the problem is in the java client.  Did
 you use JSSE to implement the client?  The java sockets for accessing
 http are not the same as https.
 
 ND

Duan,

Thanks for the help.

Below is the stack trace of the java client i use:

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:836)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at ClientRequest.communicateGA(ClientRequest.java:46)
at ClientRequest.main(ClientRequest.java:24)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 17 more


I got this while i tried to connect with the sample servlet that comes with
tomcat. Is that enough?

Below is the snippet of the code i use:

URL url = new
URL(https://myserver:8443/servlets-examples/servlet/HelloWorldExample);
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(conn 
.getOutputStream());

Where am i doing wrong? I guess the problem is with client(as you pointed
already) but unable to figure out the exact problem. The client and server
both are in the same system.

regds,
SK

 
 -Original Message-
 From: news [mailto:[EMAIL PROTECTED] On Behalf Of Saravana Kumar
 Sent: Friday, February 10, 2006 2:29 AM
 To: users@tomcat.apache.org
 Subject: tomcat + certificate
 
 Hi,
 
 I am running a tomcat server running here. We have a servlet container
 hosted in the server. The servlet is called from a java client program
 and
 is working fine(http).
 
 Then i following the instructions from the tomcat documentation page i
 installed a self signed certificate. The site now shows up with the
 certificate from the browser.
 
 The problem is while running the java client and connecting to the
 server(https) the program gives out error(connection timed out/SSL
 handshake ... etc).
 
 Hope i am not raising a dumb question here. What is wrong with my setup?
 Any
 pointers. Some one said we have to install apache also. Is that so? Is
 it
 possible to make tomcat handle the certificates itself and free the
 servlet
 from that.
 
 BTW, i am running on FC4, with tomcat version 5.5.12.
 
 
 TIA,
 SK
 
 
 

RE: tomcat + certificate

[Duan, Nick]

Without knowing the details of your problem (you may want to provide a
stack trace next time), I think the problem is in the java client.  Did
you use JSSE to implement the client?  The java sockets for accessing
http are not the same as https.

ND

-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Saravana Kumar
Sent: Friday, February 10, 2006 2:29 AM
To: users@tomcat.apache.org
Subject: tomcat + certificate

Hi,

I am running a tomcat server running here. We have a servlet container
hosted in the server. The servlet is called from a java client program
and
is working fine(http).

Then i following the instructions from the tomcat documentation page i
installed a self signed certificate. The site now shows up with the
certificate from the browser.

The problem is while running the java client and connecting to the
server(https) the program gives out error(connection timed out/SSL
handshake ... etc).

Hope i am not raising a dumb question here. What is wrong with my setup?
Any
pointers. Some one said we have to install apache also. Is that so? Is
it
possible to make tomcat handle the certificates itself and free the
servlet
from that.

BTW, i am running on FC4, with tomcat version 5.5.12.


TIA,
SK


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]