Work around found....

[Lloyd Hopper]

Hello,
I have now found a work around for this problem:
Because the keytool -genkey was not working I tried installing java again, 
didn't work. Thought about using a different (read older) jdk or maybe a 
jdk for a different platform than FreeBSD.

However, I found a thread on the sun site with a possible work around and 
it is now working fine.

The $JAVA_HOME/jre/lib/security/java.security file has a reference to the 
file /dev/random. If you point securerandom.source to an inexistent file, 
or to /dev/urandom, you will bypass the /dev/random and "circumnavigate" 
your problem. Now the keytool -genkey .... does not hang and the Tomcat 
standalone SSL runs perfectly.

Regards,
Lloyd Hopper
The work around is that you have to circumnavigate the /dev/random . In the
Date: Thu, 12 Aug 2004 14:02:59 +0200
To: [EMAIL PROTECTED]
From: Lloyd Hopper <[EMAIL PROTECTED]>
Subject: Tomcat + ssl problems
Hello,
I am sure somebody has come across something similar before but I have 
been unable to find a resolution as yet. The problem is this; I am trying 
to enable SSL in Tomcat 4.1.29 and several things happen that are not 
correct, even though this should be a rather simple goal to achieve.

Firstly, the keytool will not work properly when generating a new key. You 
get asked all the questions and when you have finished and you confirm the 
information entered with a 'yes' it just hangs. Importing with keytool and 
checking the keystore both work fine (the -list and -import flags) but 
generating doesn't (-genkey). I cannot seem to find any error messages 
either and in top the process appears intermittently.

Secondly, after importing the certificate (made with openssl) I then 
change the server.xml config and ensure that the JSSE_HOME is correct in 
catalina.sh and restart Tomcat using catalina.sh. This is what I get:

 ----- begin excerpt catalina log ------
Exception during startup processing
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
Caused by: java.lang.NoClassDefFoundError: javax/net/ServerSocketFactory
        at java.lang.ClassLoader.findBootstrapClass(Native Method)
        at java.lang.ClassLoader.findBootstrapClass0(ClassLoader.java:709)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:284)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:282)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
        at 
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941)
        at 
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857)
        at 
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941)
        at 
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
        at 
org.apache.tomcat.util.net.jsse.JSSE14Factory.getSocketFactory(JSSE14Factory.java:80)
        at 
org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactory(JSSEImplementation.java:113)
        at 
org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Protocol.java:615)
        at 
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:166)
        at 
org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1173)
        at 
org.apache.catalina.core.StandardService.initialize(StandardService.java:579)
        at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:511)
        at org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
        at org.apache.catalina.startup.Catalina.process(Catalina.java:180)
        ... 5 more

---- end excerpt catalina log -----
Tomcat runs perfectly if I comment the SSL out.
--- begin server.xml excerpt ---
    <!-- Define a non-SSL Coyote HTTP/1.1 Connector -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8180" minProcessors="5" maxProcessors="75"
               enableLookups="true" redirectPort="8443"
               acceptCount="100" debug="0" connectionTimeout="20000"
               useURIValidationHack="false" disableUploadTimeout="true" />
    <!-- Note : To disable connection timeouts, set connectionTimeout value
     to -1 -->
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
             acceptCount="100" debug="0" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true">
      <Factory 
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               keystoreFile="MYKEYSTORE" keystorePass="MYPASSWD"
               clientAuth="false" />
    </Connector>

---- end server.xml excerpt ---
---- begin excerpt catalina.sh ------
# java home
JAVA_HOME=/usr/local/jdk1.4.2; export JAVA_HOME
# JSSE home
JSSE_HOME=/usr/local/jdk1.4.2/jre; export JSSE_HOME
<snip>
# Add on extra jar files to CLASSPATH
if [ -n "$JSSE_HOME" ]; then
CLASSPATH="$CLASSPATH":"$JSSE_HOME"/lib/ext/jcert.jar:"$JSSE_HOME"/lib/ext/jnet.jar:"$JSSE_HOME"/lib/ext/jsse.jar
fi
CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/bootstrap.jar:
---- end catalina.sh excerpt ---
Of course JSSE was already included in JDK 1.4 (we are running jdk 1.4.2) 
so it was not necessary to download that apart.

OS :  FreeBSD 4.9
Any assistance on this issue would be gratefully appreciated as something 
which I feel should only have taken an hour or so has taken up far too 
much time with no option in sight other than to run the Tomcat behind 
Apache+SSL instead of standalone with SSL.

Thanks in advance
Regards,
Lloyd
L. C. Hopper
[EMAIL PROTECTED]
Visit us at http://www.TriMM.nl
TriMM Multimedia BV - POBox 1208 7500 BE Enschede - the Netherlands

----------
Microsoft: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
NT: "Hey, wait a minute while I reboot...."
----------
L. C. Hopper
[EMAIL PROTECTED]
Tel:   +31  (0)53 480 0475
Gsm: +31 (0)6 53 161143
Visit us at http://www.TriMM.nl
TriMM Multimedia BV - POBox 1208 7500 BE Enschede - the Netherlands
Oldenzaalsestr. 141-143 - tel (+)31 (0)53 480 480 - fax (+)31 (0)53 435 3027
----------
Microsoft: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
NT: "Hey, wait a minute while I reboot...."
----------