Hi Mark, Have you achived to configure ssl on tomcat? If yes, can you please tell me the documentation that you read? I tried to configure it with the information on this link http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html. but i couldn't do it.
-----Original Message----- From: Faine, Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 05, 2005 7:34 PM To: 'Tomcat Users List' Subject: RE: SSL configuration question Nevermind, It is fixed. Unfortunately though I can't pass on my findings as I'm not sure exactly what fixed it. -Mark -----Original Message----- From: Faine, Mark Sent: Tuesday, April 05, 2005 9:44 AM To: 'Tomcat Users List' Subject: RE: SSL configuration question I tried this same procedure that you suggested below for importing Apache SSL key to tomcat (http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694) on another server and it didn't work. I'm getting the error listed below when tomcat starts up. I've done it exactly like before. Any help resolving this issue would be greatly appreciated it. -Mark SEVERE: Error starting endpoint java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 275) at java.security.KeyStore.load(KeyStore.java:1150) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory .java:278) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFact ory.java:220) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14Soc ketFactory.java:143) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory .java:109) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFac tory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java :259) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.jav a:281) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:171) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1527) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_ab.b(DashoA6275) at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFin al(DashoA6275) at javax.crypto.Cipher.doFinal(DashoA12275) at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 272) ... 19 more Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1529) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 14756 ms -----Original Message----- From: Faine, Mark Sent: Friday, April 01, 2005 9:25 AM To: 'Tomcat Users List' Subject: RE: SSL configuration question Thanks, the link you provided allowed me to get it imported correctly. This should go on a FAQ. Thanks again, -Mark -----Original Message----- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 3:42 PM To: Tomcat Users List Subject: RE: SSL configuration question > The certificate I imported was not self-signed (or should not be). It > is what I received back from Entrust after submitting a CSR. It was > already in use on Apache before I decided not to use Apache anymore. > It worked before on Apache. I shut down apache and was intending to > use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 > > > Thanks, > -Mark > > > -----Original Message----- > From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 31, 2005 2:43 PM > To: Tomcat Users List > Subject: Re: SSL configuration question > > It shows both "issued to" and "issue by" because it is a self signed > certificate. when you get you certificate authorized by some one like > verisign, and then import that certificate into your keystore, you'll > get "issued by" as that certifying authority's name. > ----- Original Message ----- > From: "Faine, Mark" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org> > Sent: Thursday, March 31, 2005 1:13 PM > Subject: RE: SSL configuration question > > > > Thanks, I tried that before and got a permission error, but it works now. > > > > -Mark > > > > > > -----Original Message----- > > From: Hein Behrens [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 31, 2005 12:41 PM > > To: Tomcat Users List > > Subject: Re: SSL configuration question > > > > Answer to number 2 is edit your server.xml change 8443 to 443 in the > > ssl section also check that the the normal port redirects to 443. > > > > Where you see 8443 change to 443. > > > > 2 changes in your server.xml. > > > > > > ----- Original Message ----- > > From: "Faine, Mark" <[EMAIL PROTECTED]> > > To: <tomcat-user@jakarta.apache.org> > > Sent: Thursday, March 31, 2005 7:44 PM > > Subject: SSL configuration question > > > > > > > Solaris 8, Tomcat 5.0.28 > > > > > > I've configured my tomcat installation with my SSL key from > > > Entrust and > it > > > is working (sort of). > > > > > > 1. It is not correctly configured. It shows my organization as > > > both "issued to" and "issue by" when I view the certificate information. > Could > > > someone explain what I have done wrong and how to correct it. > > > > > > 2. It must be run on port 8443 because I need to run it as a user other > > > than root. How can I bypass this limitation and run it on the standard > > 443 > > > port? > > > > > > Thanks, > > > -Mark > > > > > > ------------------------------------------------------------------ > > > --- To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > -------------------------------------------------------------------- > > - To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > -------------------------------------------------------------------- > > - To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
