Re: SSL Cert install help.

Bill, On 9/22/23 13:25, Bill wrote: Hello All, I may have started my SSL Cert install & config at step 2 instead of step 1... :-( Most mistakes are recoverable :) Basically I have created my key store, my p12 file and have my cert all in a sub directory of the conf directory. All of

Re: SSL issue

Noted - excellent! On 3/18/23, Kevin Huntly wrote: > I was able to read the keystore with both openssl and keytool, but for some > reason the private key within the pkcs#12 file had a different password > than the keystone password. I ended up just rebuilding the cert and the > keystore, and

Re: SSL issue

What kind of key are you using? I generate my certs with certbot. The result needs to be converted thusly to be used: openssl pkcs12 -export -out mykey-bundle.pfx -inkey myprivkey.pem -in cert.pem -certfile chain.pem -password pass:superdupersecretnoteventhealiensknow Is this a possible source

Re: SSL issue

I was able to read the keystore with both openssl and keytool, but for some reason the private key within the pkcs#12 file had a different password than the keystone password. I ended up just rebuilding the cert and the keystore, and it's working now. Thanks !

Re: SSL configuration for Tomcat 9

Vince, On 7/15/22 19:56, Vince Stewart wrote: My system uses embedded Tomcat to connect to a HttpServlet instance. I have just uprgraded from Tomcat 8.0.2 to 9.0.64 I am implementing SSL for the first time. I created a keystore with no alias. Keytool gave it the alias "mykey". (2nd entry

RE: SSL handshake failure logs required for auditing purpose

. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -Original Message- > From: Mark Thomas > Sent: Thursday, July 7, 2022 1:22 PM > To: users@tomcat.apache.org > S

Re: SSL handshake failure logs required for auditing purpose

The next release (9.0.65) will have a dedicated logger for TLS handshake failures. You will be able to configure it like any other logger - including directing it to a dedicated file. Mark On 07/07/2022 17:11, Ragavendhiran Bhiman (rabhiman) wrote: Hi All, I require your kind help in

Re: SSL handshake failure logs required for auditing purpose

Version of tomcat used 9.0.x. Kindly help on the ssl logging for auditing purpose other than -D javax.net option. From: Ragavendhiran Bhiman (rabhiman) Date: Thursday, 7 July 2022 at 9:41 PM To: users@tomcat.apache.org Subject: SSL handshake failure logs required for auditing purpose Hi All,

Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

: Pavan Kumar Tiruvaipati > > Gesendet: Mittwoch, 15. Juni 2022 09:56 > > An: thomas.hoffm...@speed4trade.com.invalid > > Cc: Tomcat Users List > > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0 > > > > Hi, > > > > Thanks for the quick resp

Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

t; > Von: Pavan Kumar Tiruvaipati > > Gesendet: Mittwoch, 15. Juni 2022 08:59 > > An: Christopher Schultz > > Cc: Tomcat Users List > > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0 > > > > Hi, > > > > Tomcat server started successfully.

Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

Hi, Tomcat server started successfully. I'm seeing the following error in the tomcat logs when SSL is enabled in server.xml Application is not able to run on https://localhost:8080. 2022-06-15 12:02:43,923 [http-3003-1] DEBUG *org.apache.tomcat.util.net.JIoEndpoint - Handshake failed*

Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

Pavan, Please reply to the list and not me personally. On 6/14/22 11:21, Pavan Kumar Tiruvaipati wrote:                acceptCount="100"  scheme="https" secure="true" connectionTimeout="2"                clientAuth="false" algorithm="SunX509" sslProtocol="TLS"      

Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

Pavan, On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote: We have replaced JDK 1.8 with JRE 1.8.0_333. SSL configuration was working fine with Tomcat 6.0.45 before replacing JDK with JRE. Now it's not working. In server.xml, SSL Protocol is set to "TLS". Does Tomcat 6.0.45 support SSL with

Re: [External] Re: SSL Handshake Failure - Logging Level

, in this case, we could change the Tomcat logging configuration and get this log. Thanks, Amit -Original Message- From: Mark Thomas Sent: Saturday, June 4, 2022 6:13 AM To: users@tomcat.apache.org Subject: Re: [External] Re: SSL Handshake Failure - Logging Level On 03/06/2022 21:29, Amit

RE: [External] Re: SSL Handshake Failure - Logging Level

Message- From: Mark Thomas Sent: Saturday, June 4, 2022 6:13 AM To: users@tomcat.apache.org Subject: Re: [External] Re: SSL Handshake Failure - Logging Level On 03/06/2022 21:29, Amit Pande wrote: > Thank you, Mark. > > I agree changing the log level to error could cause pro

Re: [External] Re: SSL Handshake Failure - Logging Level

- From: Mark Thomas Sent: Friday, June 3, 2022 12:24 PM To: users@tomcat.apache.org Subject: [External] Re: SSL Handshake Failure - Logging Level On 03/06/2022 15:33, Amit Pande wrote: Hello, First, thank you to Mark for adding the access logs in case of SSL handshake failures (htt

RE: [External] Re: SSL Handshake Failure - Logging Level

at SSL host config level in "server.xml". Thanks, Amit -Original Message- From: Mark Thomas Sent: Friday, June 3, 2022 12:24 PM To: users@tomcat.apache.org Subject: [External] Re: SSL Handshake Failure - Logging Level On 03/06/2022 15:33, Amit Pande wrote: > Hello, >

Re: SSL Handshake Failure - Logging Level

On 03/06/2022 15:33, Amit Pande wrote: Hello, First, thank you to Mark for adding the access logs in case of SSL handshake failures (https://github.com/apache/tomcat/commit/acf6076d7118571ebc881984b96792f861b72bb2#). Really useful enhancement. On a related note, I am trying to understand

Re: SSL trouble in embeddedLand

On 1/22/21 3:06 PM, Christopher Schultz wrote: You are telling keytool to read-in localhost-rsa-key.pem as a PKCS12 file, which is most likely wrong. You don't want to import a keystore, you want to import a key. Unfortunately, keytool doesn't allow that. But openssl does: $ openssl

Re: SSL trouble in embeddedLand

Rob, On 1/22/21 15:21, Rob Sargent wrote: For completeness, I must admit that I was unable to use PKCS12 files.  I had to use JKS format. I copied and transformed my cacerts files as per keytool recommendation:    keytool -importkeystore -srckeystore   

Re: SSL trouble in embeddedLand

For completeness, I must admit that I was unable to use PKCS12 files.  I had to use JKS format. I copied and transformed my cacerts files as per keytool recommendation: keytool -importkeystore -srckeystore /usr/lib/jvm/java-15-oracle/lib/security/cacerts -destkeystore

Re: SSL trouble in embeddedLand

On 1/20/21 8:15 AM, Rémy Maucherat wrote: On Tue, Jan 19, 2021 at 5:02 AM Rob Sargent wrote: Dealing with a complex configuration using the embedded API can be a bit problematic. If you're using a recent Tomcat 9 (9.0.38+), you could use the code generator that was designed for ahead of time

Re: SSL trouble in embeddedLand

On Tue, Jan 19, 2021 at 5:02 AM Rob Sargent wrote: > > Stuck in my basement with no real domain I'm having trouble setting up > SSL/TLS on an embedded tomcat instance. And I'm very lost, having tried > more dead ends than I can remember. > > I used this to generate cert and key > openssl req

Re: SSL trouble in embeddedLand

My recommendation would be: - start with the test certs from the Tomcat unit tests as they are known to work - get your code working so you know the code is good - they try with your own keys certificates Mark That's exactly what I'll do next.  Thank you very much. rjs

Re: SSL trouble in embeddedLand

On 19/01/2021 04:02, Rob Sargent wrote: > > Stuck in my basement with no real domain I'm having trouble setting up > SSL/TLS on an embedded tomcat instance. And I'm very lost, having tried > more dead ends than I can remember. > > I used this to generate cert and key > openssl req -out

Re: SSL certificate makes site dont work

Carles, On 9/22/20 08:57, Carles Franquesa wrote: > Trying to install an SSL certificate on 8.5.57. > > Once created the cert files, and with a jks available, and set in a > connector into server.xml file, cannot connect to the page. > > The connectors code is > > ''' > >

Re: SSL debug?

On 9/8/20 1:12 PM, john.e.gr...@wellsfargo.com.INVALID wrote: I don't remember the precise problem, but verbose SSL will tell you what trust store and key store you're using, among other things. I don't blame you. It's been close to a month since I last attempted to do something about this.

RE: SSL debug?

James, > -Original Message- > From: James H. H. Lampert > Sent: Tuesday, September 08, 2020 2:13 PM > To: Tomcat Users List > Subject: Re: SSL debug? > > I'm finally back on this problem. > > >> We are once again having SSL difficulties with our webap

Re: SSL debug?

I'm finally back on this problem. We are once again having SSL difficulties with our webapp connecting with an outside web service: the java.security override that had solved the problem in the past (specifically, removing "DESede" from the "jdk.tls.disabledAlgorithms" in an override file) is

Re: SSL debug?

On 12/08/2020 16:29, James H. H. Lampert wrote: > Question: > > We are once again having SSL difficulties with our webapp connecting > with an outside web service: the java.security override that had solved > the problem in the past (specifically, removing "DESede" from the >

Re: Problem with protocols, Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

On 19/07/2020 13:55, Christopher Schultz wrote: > Mark, > > On 7/18/20 10:01, Mark Thomas wrote: >> On 17/07/2020 21:47, James H. H. Lampert wrote: >>> Running two connectors seems to work just fine, but I'm having >>> trouble getting one of them to only take TLS 1.2 >>> >>> In reply to my query:

Re: Problem with protocols, Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

Mark Thomas and Christopher Schultz wrote: You want: sslProtocol="TLS" sslEnabledProtocols="TLSv1.2" And to answer my question above, because that is the way the JSSE API has been written. We should probably just merge these into a single attribute and "do the right thing": 1. If not

Re: Problem with protocols, Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 7/18/20 10:01, Mark Thomas wrote: > On 17/07/2020 21:47, James H. H. Lampert wrote: >> Running two connectors seems to work just fine, but I'm having >> trouble getting one of them to only take TLS 1.2 >> >> In reply to my query: >>

Re: Problem with protocols, Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

On 17/07/2020 21:47, James H. H. Lampert wrote: > Running two connectors seems to work just fine, but I'm having trouble > getting one of them to only take TLS 1.2 > > In reply to my query: > >>> Given all this, is it possible to (1) have Tomcat listen on two separate >>> HTTPS ports, and (2)

Re: Problem with protocols, Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

On 7/17/20 2:36 PM, jonmcalexan...@wellsfargo.com.INVALID wrote: This looks like a cipher, not an alias TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256 As I said, of course it's a cipher. I said up front that the lines were truncated, in order to fit in an email. I can't imagine

Re: Problem with protocols, Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

On 7/17/20 2:36 PM, jonmcalexan...@wellsfargo.com.INVALID wrote: This looks like a cipher, not an alias TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256 It is. The lines are truncated at 72 characters for the email. -- JHHL

RE: Problem with protocols, Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

3:47 PM To: Tomcat Users List Subject: Problem with protocols, Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled? Running two connectors seems to work just fine, but I'm having trouble getting one of them to only take TLS 1.2 In reply to my query

Problem with protocols, Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

Running two connectors seems to work just fine, but I'm having trouble getting one of them to only take TLS 1.2 In reply to my query: Given all this, is it possible to (1) have Tomcat listen on two separate HTTPS ports, and (2) have one of the ports require TLS 1.2, but the other accept

RE: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

To: users@tomcat.apache.org Subject: Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled? On 17/07/2020 17:55, James H. H. Lampert wrote: > I've got an issue here. > > On the one hand, we have a Tomcat server running on Amazon (in a > Beans

Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled?

On 17/07/2020 17:55, James H. H. Lampert wrote: > I've got an issue here. > > On the one hand, we have a Tomcat server running on Amazon (in a > Beanstalk cluster). And we have an AS/400 running an old enough OS that, > so far as I'm aware, cannot be configured to use TLS 1.2 at the current > OS

RE: SSL error [EXTERNAL]

problem maybe? Shawn Beard Sr. Systems Engineer BTS +1-515-564-2528 -Original Message- From: john.e.gr...@wellsfargo.com.INVALID Sent: Friday, June 26, 2020 1:32 PM To: users@tomcat.apache.org Subject: RE: SSL error [EXTERNAL] ** CAUTION: External message Shawn, -Original Message

RE: SSL error [EXTERNAL]

Shawn, -Original Message- From: Beard, Shawn M. Sent: Friday, June 26, 2020 11:57 AM To: Tomcat Users List Subject: RE: SSL error [EXTERNAL] The code is calling a new webservice. It has godaddy as its ca signer. It was getting the error before I added those java options. Those java

RE: SSL error [EXTERNAL]

Beard Sr. Systems Engineer BTS +1-515-564-2528 -Original Message- From: calder Sent: Friday, June 26, 2020 11:45 AM To: Tomcat Users List Subject: Re: SSL error [EXTERNAL] ** CAUTION: External message In Fri, Jun 26, 2020, 10:37 Beard, Shawn M. wrote: > We are running tomcat-7.0

Re: SSL error

In Fri, Jun 26, 2020, 10:37 Beard, Shawn M. wrote: > We are running tomcat-7.0.52(old I know) and java 1.7.0_80. > yea, BOTH are very old. When the app makes calls to an external webservice. It keeps throwing this > error: > > javax.net.ssl.SSLException : javax.net.ssl.SSLException: >

RE: SSL issue : java.security.KeyStoreException: Cannot store non-PrivateKeys

John, Thanks for your response. But we have not set any JAVA_OPTS or CATALINA_OPTS in our environment. >From Apache Tomcat perspective what value have we to give for them? Thanks Venkat >>> 9/26/2019 6:35 PM >>> Sounds like you need to share your JAVA_OPTS or CATALINA_OPTS, not your

Re: SSL issue : java.security.KeyStoreException: Cannot store non-PrivateKeys

On Fri, Sep 27, 2019 at 9:40 AM Mark Thomas wrote: > > > certificateFile="key_store/ssl_certificate.p7b" > > certificateAlias="bla" > > keystoreFile="/key_store/blabla.jks" type="RSA" > > keystoreType="JKS" > >

Re: SSL issue : java.security.KeyStoreException: Cannot store non-PrivateKeys

On 26/09/2019 22:30, Venkataraman Srinivasan wrote: > > Hi, >   > I am getting below error while I am starting TOMCAT >   > Caused by: java.lang.IllegalArgumentException: Cannot store non-PrivateKeys This looks like it is related to the work we have been doing to make it easy to swap between

RE: SSL issue : java.security.KeyStoreException: Cannot store non-PrivateKeys

Sounds like you need to share your JAVA_OPTS or CATALINA_OPTS, not your connector. Dream * Excel * Explore * Inspire Jon McAlexander Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale,

Re: SSL Certificate Renewal

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nitin, On 6/18/19 13:50, Nitin Kadam wrote: > Hello, > > I want to renew current SSL certificate So I am confused. Do I need > to recreate keystore and csr for new certificate. > > If I have to create new keystore, how I can create same on

Re: SSL Certificate Renewal

Hello, I want to renew current SSL certificate So I am confused. Do I need to recreate keystore and csr for new certificate. If I have to create new keystore, how I can create same on existing running setup. On Thu, Jun 13, 2019, 12:11 PM Ognjen Blagojevic < ognjen.d.blagoje...@gmail.com>

Re: SSL Certificate Renewal

Nitin On 13.6.2019. 07.37, Nitin Kadam wrote: I have apache tomcat server running with publicly signed SSL certificate configured in server.xml, the same certificate is expiring in next week, I need steps to the to renew of same. *Server OS: Windows 2012 R2* *Apache Tomcat/8.5.38* 1. How to

Re: SSL certificate error in Tomcat 9

On 12/06/2019 15:45, Support wrote: > Hi Sir, > I am using tomcat 9 for my application. > > I got an error with the .keystore file for SSL certificate > > this is my code is this still valid? in tomcat 9 > > maxThreads="150" SSLEnabled="true" scheme="https" secure="true" >

Re: SSL Errors and Warnings with various version of Tomcat

On Tue, 13 Nov 2018 at 14:10, Mark Thomas wrote: > > On 13/11/2018 14:00, Rémy Maucherat wrote: > > On Tue, Nov 13, 2018 at 2:50 PM Richard Tearle < > > richard.tea...@northgateps.com> wrote: > > > >> Hi > >> > >> Our applications are all working fine with Tomcat 8.5.34 and Tomcat > >> Native

Re: SSL Errors and Warnings with various version of Tomcat

On 13/11/2018 14:00, Rémy Maucherat wrote: > On Tue, Nov 13, 2018 at 2:50 PM Richard Tearle < > richard.tea...@northgateps.com> wrote: > >> Hi >> >> Our applications are all working fine with Tomcat 8.5.34 and Tomcat >> Native 1.2.17; Centos 7.5; OpenSSL 1.0.2k-fips 26 Jan 2017; Oracle >> Java

Re: SSL Errors and Warnings with various version of Tomcat

On Tue, Nov 13, 2018 at 2:50 PM Richard Tearle < richard.tea...@northgateps.com> wrote: > Hi > > Our applications are all working fine with Tomcat 8.5.34 and Tomcat > Native 1.2.17; Centos 7.5; OpenSSL 1.0.2k-fips 26 Jan 2017; Oracle > Java JRE 8u172 > > On upgrading to Tomcat 8.5.35 and Tomcat

AW: [bulk] Re: SSL on Tomcat

Betreff: [bulk] Re: SSL on Tomcat Thanks Chris, Luis On Tue, Oct 2, 2018 at 10:00 AM Luis Rodríguez Fernández wrote: > Hello Christopher, > > It makes sense, thank you very much for your advice! > > Cheers, > > Luis > > El lun., 1 oct. 2018 a las 20:39,

Re: SSL on Tomcat

Thanks Chris, Luis On Tue, Oct 2, 2018 at 10:00 AM Luis Rodríguez Fernández wrote: > Hello Christopher, > > It makes sense, thank you very much for your advice! > > Cheers, > > Luis > > El lun., 1 oct. 2018 a las 20:39, Christopher Schultz (< > ch...@christopherschultz.net>) escribió: > > >

Re: SSL on Tomcat

Hello Christopher, It makes sense, thank you very much for your advice! Cheers, Luis El lun., 1 oct. 2018 a las 20:39, Christopher Schultz (< ch...@christopherschultz.net>) escribió: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Luis, > > On 10/1/18 11:06 AM, Luis Rodríguez

Re: SSL on Tomcat

thanks very much , I did it and it works On Mon, Oct 1, 2018 at 6:07 PM Luis Rodríguez Fernández wrote: > Hello Loai, > > Agree with Christopher, you have to fix your client. Just get the root > Certificate Authority public key and import it in your client truststore. > If you did not change it

Re: SSL on Tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Luis, On 10/1/18 11:06 AM, Luis Rodríguez Fernández wrote: > Agree with Christopher, you have to fix your client. Just get the > root Certificate Authority public key and import it in your client > truststore. I'd recommend trusting the

Re: SSL on Tomcat

Hello Loai, Agree with Christopher, you have to fix your client. Just get the root Certificate Authority public key and import it in your client truststore. If you did not change it the client (java) the default keystore is located in $JAVA_HOME/jre/lib/security/cacerts. Something like:

Re: SSL on Tomcat

Thanks Chris, but how to do it, should I copy the ssl certificate from Webserver 192.168.1.120 to my tomcat container (worker0) in 192.168.1.111 in server.xml . any idea please On Sat, Sep 29, 2018 at 1:35 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED

Re: SSL on Tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Loai, On 9/27/18 10:50, Loai Abdallatif wrote: > Hello, > > I have Set Apache Load Balancer ( ModJK) with Server IP > 192.168.1.120 (Webserver01.epsilon.test) which forward the traffic > to tomcat server .(192.168.1.111 (appserver01.epsilon.test)

Re: SSL on Tomcat

s to the local trust store in case > of self-signed certificates. > > Guido > > > >-Original Message- > >From: Loai Abdallatif [mailto:loai.abdalla...@gmail.com] > >Sent: Thursday, September 27, 2018 4:52 PM > >To: Tomcat Users List > >Sub

RE: SSL on Tomcat

l to check the verification chain and/or add exceptions to the local trust store in case of self-signed certificates. Guido >-Original Message- >From: Loai Abdallatif [mailto:loai.abdalla...@gmail.com] >Sent: Thursday, September 27, 2018 4:52 PM >To: Tomcat Users List >S

Re: SSL on Tomcat

hello, shall I add the certificate to server.xml on tomcat server or just on Webserver On Thu, Sep 27, 2018 at 5:50 PM, Loai Abdallatif wrote: > Hello, > > I have Set Apache Load Balancer ( ModJK) with Server IP 192.168.1.120 > (Webserver01.epsilon.test) which forward the traffic to tomcat

Re: SSL Encryption for Cluster Conversations (NioReceiver and Members)

On 14/09/2018 16:01, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 9/14/18 08:34, Mark Thomas wrote: On 14/09/18 13:11, Tim K wrote: Using latest Tomcat 9.0.11. I'm using the securePort attribute for both the NioReceiver and StaticMembers but when

Re: SSL Encryption for Cluster Conversations (NioReceiver and Members)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 9/14/18 08:34, Mark Thomas wrote: > On 14/09/18 13:11, Tim K wrote: >> Using latest Tomcat 9.0.11. I'm using the securePort attribute >> for both the NioReceiver and StaticMembers but when capturing and >> inspecting the traffic over the

Re: SSL Encryption for Cluster Conversations (NioReceiver and Members)

On 14/09/18 13:11, Tim K wrote: > Using latest Tomcat 9.0.11. I'm using the securePort attribute for both > the NioReceiver and StaticMembers but when capturing and inspecting the > traffic over the secure ports with WireShark, I'm seeing all my session > data in clear text, even my username as

Re: SSL Certificates and Tomcat 8.5.11

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Laurie, On 5/17/18 11:33 AM, Laurie Miller-Cook wrote: > I am very new to Tomcat so please bear with me. Welcome. > I currently have a Thawte certificate that is installed within IIS > for our domain that is all managed by Rackspace. > > I now

Re: SSL Certificates and Tomcat 8.5.11

Hi Laurie, This is what I do. I don't use keystore. I use this within SSLHostConfig section. > On May 17, 2018, at 11:33 AM, Laurie Miller-Cook > wrote: > > Hi there, > > I am very new to Tomcat so please bear with me. > > I currently have a Thawte

Re: SSL and IPv6 when using address to set a specific IP

On Mon, Mar 5, 2018 at 10:35 AM, Mark Thomas wrote: > On 05/03/18 15:00, Mark Thomas wrote: >> On 05/03/18 02:02, Rick Trudeau wrote: >>> Hi, >>> I'm having some problems using SSL on my connector when binding it to >>> a specific IPv6 address. >>> I'm trying this on Tomcat v

Re: SSL and IPv6 when using address to set a specific IP

On 05/03/18 15:00, Mark Thomas wrote: > On 05/03/18 02:02, Rick Trudeau wrote: >> Hi, >> I'm having some problems using SSL on my connector when binding it to >> a specific IPv6 address. >> I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12. >> 05-Mar-2018 01:11:11.724 WARNING

Re: SSL and IPv6 when using address to set a specific IP

On 05/03/18 02:02, Rick Trudeau wrote: > Hi, > I'm having some problems using SSL on my connector when binding it to > a specific IPv6 address. > I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12. > > My connector config looks like this: > maxThreads="150" >

Re: SSL: Unexpected end of file from server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alex, On 3/1/18 9:24 AM, Alex O'Ree wrote: > I have a CXF web service client accessing a CXF SOAP service > running in tomcat. I'm seeing intermitent issues only when using > SSL and I'm not entirely sure why. The client logs the following >

Re: SSL connectors

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 12/6/17 7:32 AM, Johan Compagner wrote: > On 1 December 2017 at 16:44, Mark Thomas wrote: > >> On 01/12/17 14:57, Chris Cheshire wrote: >>> I see in the changelog for 8.5.24 >>> >>> 60762: Add the ability to make

Re: SSL connectors

On 1 December 2017 at 16:44, Mark Thomas wrote: > On 01/12/17 14:57, Chris Cheshire wrote: > > I see in the changelog for 8.5.24 > > > > 60762: Add the ability to make changes to the TLS configuration of a > > connector at runtime without having to restart the Connector.

Re: SSL connectors

On 06/12/17 01:06, George S. wrote: > > > On 12/1/2017 8:44 AM, Mark Thomas wrote: >> On 01/12/17 14:57, Chris Cheshire wrote: >>> I see in the changelog for 8.5.24 >>> >>> 60762: Add the ability to make changes to the TLS configuration of a >>> connector at runtime without having to restart the

Re: SSL connectors

On 12/1/2017 8:44 AM, Mark Thomas wrote: On 01/12/17 14:57, Chris Cheshire wrote: I see in the changelog for 8.5.24 60762: Add the ability to make changes to the TLS configuration of a connector at runtime without having to restart the Connector. (markt) What strikes me as odd is that SSL

Re: SSL connectors

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 12/1/17 10:44 AM, Mark Thomas wrote: > On 01/12/17 14:57, Chris Cheshire wrote: >> I see in the changelog for 8.5.24 >> >> 60762: Add the ability to make changes to the TLS configuration >> of a connector at runtime without having to

Re: SSL connectors

On 01/12/17 14:57, Chris Cheshire wrote: > I see in the changelog for 8.5.24 > > 60762: Add the ability to make changes to the TLS configuration of a > connector at runtime without having to restart the Connector. (markt) > > Does this mean we can now update SSL certificates without bouncing the

Re: SSL is not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 M., On 8/4/17 12:16 PM, M. Manna wrote: > Have you imported the signed server certificate into the server > keystore with all the root+intermediate certificates? in other > words, does the "chain-of-trust" exist in server keystore? > > You just

Re: SSL is not working

y store? >> >> Thanks >> -Original Message- >> From: M. Manna [mailto:manme...@gmail.com] >> Sent: Friday, August 4, 2017 12:16 PM >> To: Tomcat Users List <users@tomcat.apache.org> >> Subject: Re: SSL is not working >> >> Have you imported

Re: SSL is not working

From: M. Manna [mailto:manme...@gmail.com] > Sent: Friday, August 4, 2017 12:16 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: SSL is not working > > Have you imported the signed server certificate into the server keystore > with all the root+intermediate ce

Re: SSL is not working

by default, trusted. > >> I am new to Tomcat. Where can I find the trust store and is it separate > from the server key store? > > Thanks > -Original Message- > From: M. Manna [mailto:manme...@gmail.com] > Sent: Friday, August 4, 2017 12:16 PM > To: Tomcat User

RE: SSL is not working

- any server certs signed by them is by default, trusted. >> I am new to Tomcat. Where can I find the trust store and is it separate from >> the server key store? Thanks -Original Message- From: M. Manna [mailto:manme...@gmail.com] Sent: Friday, August 4, 2017 12:16 PM To: Tomcat Users L

Re: SSL is not working

Have you imported the signed server certificate into the server keystore with all the root+intermediate certificates? in other words, does the "chain-of-trust" exist in server keystore? You just need to add the root and intermediate CA certs to trust store - any server certs signed by them is by

Re: SSL on Tomcat7 on AWS not connecting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 George, On 11/17/16 4:48 PM, George Chanady wrote: > Chris, > > I tried curl with the -tls1 switch and received the same error. > > [ec2-user@ip-172-31-52-159 bin]$ curl -vk > https://bageoconsultants.com:8443 -tls1 * Rebuilt URL to: >

RE: SSL on Tomcat7 on AWS not connecting

To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: SSL on Tomcat7 on AWS not connecting On 17 Nov 2016 4:38 am, "George Chanady" <gchan...@webhse.com> wrote: > > I hope someone can help.I have exhausted all my troubleshooting skills and all of my newbie Linux k

RE: SSL on Tomcat7 on AWS not connecting

Compression: NONE Expansion: NONE --- Thanks --George -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, November 17, 2016 9:58 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: SSL on Tomcat7 on AWS not connecting

Re: SSL on Tomcat7 on AWS not connecting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 George, On 11/16/16 12:38 PM, George Chanady wrote: > I hope someone can help.I have exhausted all my troubleshooting > skills and all of my newbie Linux knowledge and I am at the end of > my rope. > > All documentation from around the web always

Re: SSL on Tomcat7 on AWS not connecting

On 17 Nov 2016 4:38 am, "George Chanady" wrote: > > I hope someone can help.I have exhausted all my troubleshooting skills and all of my newbie Linux knowledge and I am at the end of my rope. > > All documentation from around the web always seem to tell me to try everything I

Re: SSL digital cert for each context?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 11/2/16 11:59 AM, Mark Thomas wrote: > On 02/11/2016 15:56, Andrea Galli wrote: >> Hello guys, >> >> I have configured SSL on Tomcat following this How-To: >> https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Introduction_ to_SSL

Re: SSL digital cert for each context?

On 02/11/2016 15:56, Andrea Galli wrote: > Hello guys, > > I have configured SSL on Tomcat following this How-To: > https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Introduction_to_SSL > > > > Everything works fine but this certificate is applied on all Tomcat context > that reside on

Re: SSL setup - Apache Tomcat service won't start

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Khisanth, On 9/26/16 7:45 AM, TJ wrote: > I have Apache Tomcat/9.0.0.M10 on Windows 10 64bit and want to > setup SSL. Am following > https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html and gone > through the steps of creating the keystore

RE: SSL/TLS and ciphers vulnerability

ers@tomcat.apache.org> Subject: Re: SSL/TLS and ciphers vulnerability -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 7/14/16 9:22 PM, Christopher Schultz wrote: > Mark, > > On 7/14/16 4:14 PM, Mark Thomas wrote: >> On 14/07/2016 19:36, uzair rashid wrote: >>> Jeffrey, >

Re: SSL/TLS and ciphers vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 7/14/16 9:22 PM, Christopher Schultz wrote: > Mark, > > On 7/14/16 4:14 PM, Mark Thomas wrote: >> On 14/07/2016 19:36, uzair rashid wrote: >>> Jeffrey, >>> >>> Working for a corporation that has strict ssl and security >>> requirements..

Re: SSL/TLS and ciphers vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 7/14/16 4:14 PM, Mark Thomas wrote: > On 14/07/2016 19:36, uzair rashid wrote: >> Jeffrey, >> >> Working for a corporation that has strict ssl and security >> requirements.. There is no way to use the tools you suggested, >> since the

Re: SSL inconsistency

On 14/07/2016 15:09, i...@flyingfischer.ch wrote: > While testing locally the new 8.5 branch, I did experience some > inconsistency with self-sigend SSL certs. I did manage to resolve them > by installing Tomcat-Native library / APR, but maybe it is still worth > reporting in regard of the

Re: SSL/TLS and ciphers vulnerability

On 14/07/2016 19:36, uzair rashid wrote: > Jeffrey, > > Working for a corporation that has strict ssl and security requirements.. > There is no way to use the tools you suggested, since the tomcat URLs are > not exposed. That doesn't stop you setting up a stand-alone test instance using the same

  1   2   3   4   5   6   7   8   9   10   >