Unable to Configure SSL on Tomcat on AIX
Hi, I have been trying to configure SSL on Tomcat 5.0.28 on IBM AIX5.2 OS on port 8070 .(I also tried with port 8443 but i dont get the tomcat default web page even though catalina.out shows Tomcat and my deployed application as started.). After making changes to configure SSL on AIX my server.xml of tomcat file is as shown debug="0" connectionTimeout="2" algorithm="ibmX509" disableUploadTimeout="tr ue"/> I am not able to acesss my deployed application(htpps://172.25.7.50:8070/els) Could you please help me on this. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to Configure SSL on Tomcat on AIX
anil abraham wrote: > I have been trying to configure SSL on Tomcat 5.0.28 on IBM AIX5.2 OS on > port > 8070 .(I also tried with port 8443 but i dont get the tomcat default web > page even though > catalina.out shows Tomcat and my deployed application as started.). > After making changes to configure SSL on AIX my server.xml of tomcat file > is as shown [...] >maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" redirectPort="8443" acceptCount="100" > debug="0" connectionTimeout="2" algorithm="ibmX509" > disableUploadTimeout="tr > ue"/> > > > I am not able to acesss my deployed > application(htpps://172.25.7.50:8070/els) You might want to review these documents: http://tomcat.apache.org/tomcat-5.0-doc/config/http.html and http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html At a first glance, it seems to me that secure="true" and scheme="https" are missing in the 's configuration. Regards mks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to Configure SSL on Tomcat on AIX
Hi Markus, I have made the changes to the server.xml.(secure="true" and scheme="https") but still the default web page is not displayed. When i use the same server.xml config under windows tomcat installation i am able to access the deployed application and tomcat on port 8443 and 8070.please see below the modified server.xml. debug="0" connectionTimeout="2" algorithm="ibmX509" disableUploadTimeout="tr ue" secure="true" scheme="https"/> keystoreType="JKS" keystoreFile="/export/home/elsadmin/ELS_HOME/co nf/certs/KeyStore" keystorePass="changeit" clientAuth="false" sslProtocol="TLS" protocol="SSL" algorithm="ibmX509" /> Do i need to add any other attributes Thanks Anil From: Markus Schönhaber <[EMAIL PROTECTED]> Reply-To: tomcat-user@jakarta.apache.org To: "Tomcat Users List" Subject: Re: Unable to Configure SSL on Tomcat on AIX Date: Tue, 21 Mar 2006 10:18:20 +0100 anil abraham wrote: > I have been trying to configure SSL on Tomcat 5.0.28 on IBM AIX5.2 OS on > port > 8070 .(I also tried with port 8443 but i dont get the tomcat default web > page even though > catalina.out shows Tomcat and my deployed application as started.). > After making changes to configure SSL on AIX my server.xml of tomcat file > is as shown [...] >maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" redirectPort="8443" acceptCount="100" > debug="0" connectionTimeout="2" algorithm="ibmX509" > disableUploadTimeout="tr > ue"/> > > > I am not able to acesss my deployed > application(htpps://172.25.7.50:8070/els) You might want to review these documents: http://tomcat.apache.org/tomcat-5.0-doc/config/http.html and http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html At a first glance, it seems to me that secure="true" and scheme="https" are missing in the 's configuration. Regards mks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to Configure SSL on Tomcat on AIX
anil abraham wrote: > hi Markus, > 1)The page is displayed if i access it via > http://172.25.16.2:localhost:8080/els but cannot when i use > https://172.25.16.2:localhost:8070/els. These are not really the URLs you use, are they? So, chances are, the HTTPS configuration of the Connector did somehow not work, leaving you with a HTTP Connector. You still didn't tell us what happens if you try to access the page via HTTPS. > 2) the default page is the login(start) page of the application deployed in > webapps.But i am not able to access the Tomcat s main page also. You say http://172.25.16.2:8080/els works but http://172.25.16.2:8080/ doesn't? What happens if you try to access http://172.25.16.2:8080/ ? > 3) I tried configuring either of the Connector ports(i.e 8443 and 8070) > in server.xml and started the server .Still cannot start the deployed > application.nor tomcats index page is shown.(although tomcat is started > successfully) > 4)I can access the appllication via https > using(https://172.25.16.2:localhost:8070/els and also on port 8443). the > same server.xml in windows but cannot access via https in AIX 5.2.The > problem is only in tomcat under AIX 5.2 That seems to indicate that the configuration in server.xml itself is correct and there is some other difference wrt to this issue. Maybe the keystore? It also seems to me that with "the same server.xml" you really mean "almost the same server.xml", since you should at least have to adjust the path to the keystore for the Connector on port 8443 to make it work on Windows. Any other adjustments? > 5)The logs in tomcat is not helping for this. I doubt that. > 6) The server.xml has been edited for SSl configuration as per Tomcat > Documetation. OK, what about the keystore on AIX? > What else can i try. Sorry, I'm out of ideas ATM. Regards mks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to Configure SSL on Tomcat on AIX
anil abraham wrote: > I have made the changes to the server.xml.(secure="true" and > scheme="https") but still > the default web page is not displayed. When i use the same server.xml > config under windows tomcat installation i am able to access the deployed > application and tomcat on port 8443 and 8070.please see below the modified > server.xml. First of all, the exact port number you use for your is completely irrelevant - with two obvious exeptions: 1. The specific port must not be in use by another application. 2. To use ports <= 1024 you may need andministative rights (of no importance here). I'd refrain from fiddeling around with two Connectors but instaed try to get one to work. Next, what *exactly* does "the default web page is not displayed" mean? Is there an error message diplayed instead? If so, what does ist say? Is the page displayed if you access it via http://... instead of https://...? And (maybe the most important thing) are there any messages in Tomcat's log files wrt this issue? >maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" redirectPort="8443" acceptCount="100" > debug="0" connectionTimeout="2" algorithm="ibmX509" > disableUploadTimeout="tr > ue" secure="true" scheme="https"/> > > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >enableLookups="false" disableUploadTimeout="true" >acceptCount="100" debug="0" scheme="https" secure="true" > keystoreType="JKS" > keystoreFile="/export/home/elsadmin/ELS_HOME/co > nf/certs/KeyStore" keystorePass="changeit" clientAuth="false" > sslProtocol="TLS" > protocol="SSL" algorithm="ibmX509" /> I don't see an obvious error here. Did you follow the instructions given in the documents I pointed you to in my last post - i. e. correctly set up the keystore etc. (the 8070 for example will use the default keystore while the other will use the one you explicitely configured). Regards mks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to Configure SSL on Tomcat on AIX
hi Markus, 1)The page is displayed if i access it via http://172.25.16.2:localhost:8080/els but cannot when i use https://172.25.16.2:localhost:8070/els. 2) the default page is the login(start) page of the application deployed in webapps.But i am not able to access the Tomcat s main page also. 3) I tried configuring either of the Connector ports(i.e 8443 and 8070) in server.xml and started the server .Still cannot start the deployed application.nor tomcats index page is shown.(although tomcat is started successfully) 4)I can access the appllication via https using(https://172.25.16.2:localhost:8070/els and also on port 8443). the same server.xml in windows but cannot access via https in AIX 5.2.The problem is only in tomcat under AIX 5.2 5)The logs in tomcat is not helping for this. 6) The server.xml has been edited for SSl configuration as per Tomcat Documetation. What else can i try. Regards, Anil From: Markus Schönhaber <[EMAIL PROTECTED]> Reply-To: tomcat-user@jakarta.apache.org To: "Tomcat Users List" Subject: Re: Unable to Configure SSL on Tomcat on AIX Date: Tue, 21 Mar 2006 13:06:15 +0100 anil abraham wrote: > I have made the changes to the server.xml.(secure="true" and > scheme="https") but still > the default web page is not displayed. When i use the same server.xml > config under windows tomcat installation i am able to access the deployed > application and tomcat on port 8443 and 8070.please see below the modified > server.xml. First of all, the exact port number you use for your is completely irrelevant - with two obvious exeptions: 1. The specific port must not be in use by another application. 2. To use ports <= 1024 you may need andministative rights (of no importance here). I'd refrain from fiddeling around with two Connectors but instaed try to get one to work. Next, what *exactly* does "the default web page is not displayed" mean? Is there an error message diplayed instead? If so, what does ist say? Is the page displayed if you access it via http://... instead of https://...? And (maybe the most important thing) are there any messages in Tomcat's log files wrt this issue? >maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" redirectPort="8443" acceptCount="100" > debug="0" connectionTimeout="2" algorithm="ibmX509" > disableUploadTimeout="tr > ue" secure="true" scheme="https"/> > > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >enableLookups="false" disableUploadTimeout="true" >acceptCount="100" debug="0" scheme="https" secure="true" > keystoreType="JKS" > keystoreFile="/export/home/elsadmin/ELS_HOME/co > nf/certs/KeyStore" keystorePass="changeit" clientAuth="false" > sslProtocol="TLS" > protocol="SSL" algorithm="ibmX509" /> I don't see an obvious error here. Did you follow the instructions given in the documents I pointed you to in my last post - i. e. correctly set up the keystore etc. (the 8070 for example will use the default keystore while the other will use the one you explicitely configured). Regards mks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to Configure SSL on Tomcat on AIX
Hi Markus, The Tomcat log is as folows: What does this Indicate. Mar 23, 2006 2:50:28 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler instantiation failed: java.lang.NullPointe rException at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. java:1368) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:609) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2384) at org.apache.catalina.startup.Catalina.load(Catalina.java:507) at org.apache.catalina.startup.Catalina.load(Catalina.java:528) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:61) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:40) at java.lang.reflect.Method.invoke(Method.java:335) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:250) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:424) Mar 23, 2006 2:50:28 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1603 ms Mar 23, 2006 2:50:28 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Mar 23, 2006 2:50:28 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.0.28 Mar 23, 2006 2:50:28 PM org.apache.catalina.core.StandardHost start INFO: XML validation disabled Mar 23, 2006 2:50:28 PM org.apache.catalina.core.StandardHost getDeployer INFO: Create Host deployer for direct deployment ( non-jmx ) Mar 23, 2006 2:50:29 PM org.apache.catalina.core.StandardHostDeployer install INFO: Processing Context configuration file URL file:/export/home/elsadmin/jakar ta-tomcat-5.0.28/conf/Catalina/localhost/admin.xml Mar 23, 2006 2:50:30 PM org.apache.struts.util.PropertyMessageResources INFO: Initializing, config='org.apache.struts.util.LocalStrings', returnNull=tru e Mar 23, 2006 2:50:30 PM org.apache.struts.util.PropertyMessageResources INFO: Initializing, config='org.apache.struts.action.ActionResources', returnNul l=true Mar 23, 2006 2:50:31 PM org.apache.struts.util.PropertyMessageResources INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources', retur nNull=true Mar 23, 2006 2:50:35 PM org.apache.catalina.core.StandardHostDeployer install INFO: Processing Context configuration file URL file:/export/home/elsadmin/jakar ta-tomcat-5.0.28/conf/Catalina/localhost/balancer.xml Mar 23, 2006 2:50:35 PM org.apache.catalina.core.StandardContext resourcesStart SEVERE: Error starting static Resources java.lang.IllegalArgumentException: Document base /export/home/elsadmin/jakarta- tomcat-5.0.28/webapps/balancer does not exist or is not a readable directory at org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext. java:138) at org.apache.catalina.core.StandardContext.resourcesStart(StandardConte xt.jat org.apache.catalina.core.StandardContext.start(StandardContext.java:4 138) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase .java:823) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:80 7) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595) at org.apache.catalina.core.StandardHostDeployer.addChild(StandardHostDe ployer. at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:61) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl at java.lang.reflect.Method.invoke(Method.java(Compiled Code)) at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.jav a(Compi at org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256) at org.apache.commons.digester.Rule.end(Rule.java(Compiled Code)) at org.apache.commons.digester.Digester.endElement(Digester.java(Compile d Code)) at org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester .java:76) at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source ) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement( Unknown at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContent Dispatc at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Un known S at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at org.apache.commons.digester.Digester.parse(Digester.java:1567) at org.apache.catalina.core.StandardHostDeployer.install(Sta
Re: Unable to Configure SSL on Tomcat on AIX
anil abraham wrote: > Hi Markus, > The Tomcat log is as folows: > What does this Indicate. It indicates that there is something going badly wrong when Tomcat tries to set up the Connector. Are you using a Sun VM as the lines like > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) might indicate or one from IBM (don't know if there even is a Sun VM for AIX)? If the former is the case, maybe you should not set algorithm="ibmX509" on the Connector. What about the other questions I asked? BTW: I'd be careful before dismissing crucial information like the content of logfiles as "not helping for this". The fact that neither you nor I can read the cause of the problem from them doesn't prove that nobody else can either. Regards mks > Mar 23, 2006 2:50:28 PM org.apache.catalina.startup.Catalina load > SEVERE: Catalina.start > LifecycleException: Protocol handler instantiation failed: > java.lang.NullPointe > rException > at > org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. > java:1368) > at > org.apache.catalina.core.StandardService.initialize(StandardService.j > ava:609) > at > org.apache.catalina.core.StandardServer.initialize(StandardServer.jav > a:2384) > at org.apache.catalina.startup.Catalina.load(Catalina.java:507) > at org.apache.catalina.startup.Catalina.load(Catalina.java:528) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:61) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl.java:40) > at java.lang.reflect.Method.invoke(Method.java:335) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:250) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:424) > Mar 23, 2006 2:50:28 PM org.apache.catalina.startup.Catalina load > INFO: Initialization processed in 1603 ms > Mar 23, 2006 2:50:28 PM org.apache.catalina.core.StandardService start > INFO: Starting service Catalina > Mar 23, 2006 2:50:28 PM org.apache.catalina.core.StandardEngine start > INFO: Starting Servlet Engine: Apache Tomcat/5.0.28 > Mar 23, 2006 2:50:28 PM org.apache.catalina.core.StandardHost start > INFO: XML validation disabled > Mar 23, 2006 2:50:28 PM org.apache.catalina.core.StandardHost getDeployer > INFO: Create Host deployer for direct deployment ( non-jmx ) > Mar 23, 2006 2:50:29 PM org.apache.catalina.core.StandardHostDeployer > install > INFO: Processing Context configuration file URL > file:/export/home/elsadmin/jakar > ta-tomcat-5.0.28/conf/Catalina/localhost/admin.xml > Mar 23, 2006 2:50:30 PM org.apache.struts.util.PropertyMessageResources > > INFO: Initializing, config='org.apache.struts.util.LocalStrings', > returnNull=tru > e > Mar 23, 2006 2:50:30 PM org.apache.struts.util.PropertyMessageResources > > INFO: Initializing, config='org.apache.struts.action.ActionResources', > returnNul > l=true > Mar 23, 2006 2:50:31 PM org.apache.struts.util.PropertyMessageResources > > INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources', > retur > nNull=true > Mar 23, 2006 2:50:35 PM org.apache.catalina.core.StandardHostDeployer > install > INFO: Processing Context configuration file URL > file:/export/home/elsadmin/jakar > ta-tomcat-5.0.28/conf/Catalina/localhost/balancer.xml > Mar 23, 2006 2:50:35 PM org.apache.catalina.core.StandardContext > resourcesStart > SEVERE: Error starting static Resources > java.lang.IllegalArgumentException: Document base > /export/home/elsadmin/jakarta- > tomcat-5.0.28/webapps/balancer does not exist or is not a readable > directory at > org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext. > java:138) > at > org.apache.catalina.core.StandardContext.resourcesStart(StandardConte > xt.jat > org.apache.catalina.core.StandardContext.start(StandardContext.java:4 > 138) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase > .java:823) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:80 > 7) at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595) > at > org.apache.catalina.core.StandardHostDeployer.addChild(StandardHostDe > ployer. at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:61) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl at java.lang.reflect.Method.invoke(Method.java(Compiled Code)) > at > org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.jav > a(Compi at > org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256) at > org.apache.commons.digester.Rule.end(Rule.java(Compiled Code)) at > org.apache.commons.digester.Digester.endElement(Digester.java(Compile > d Code)) > at > org.apache
