On Fri, 2011-12-02 at 01:12 -0800, Lau Eng Huat wrote:
> Hi everybody,
>
> I'm stuck on this SSL over a month. I hope somebody can help me here. I'm
> getting a Warning on "WARNING:
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLEngine' to 'on' did not find a matching property."
Tomcat is telling you that the property "SSLEngine" does not exist on a
Connector object. Note that it is not listed in the documentation
either.
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
Perhaps you are confused with the "SSLEngine" attribute of the
AprLifecycleListener?
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
and perhaps you meant SSLEnabled="true" on your Connector?
Example from docs:
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="optional" SSLProtocol="TLSv1"/>
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
Dan
> I have tried using
> all this 3 Connection type but it still does not work. I'm running on
> Tomcat 7.0
>
> protocol="org.apache.coyote.http11.Http11Protocol"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> 1. # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out
> cacert.pem -days 3650 -config ./openssl.cnf
>
> Using configuration from ./openssl.cnfGenerating a 1024 bit RSA
> private key.......++++++..........................++++++writing new
> private key to 'private/cakey.pem'Enter PEM pass
> phrase:tomcatVerifying password - Enter PEM pass phrase:tomcat-----You
> are about to be asked to enter information that will be
> incorporatedinto your certificate request.What you are about to enter
> is what is called a Distinguished Name or a DN.There are quite a few
> fields but you can leave some blankFor some fields there will be a
> default value,If you enter '.', the field will be left
> blank.-----Organization Name (company) [The Sample
> Company]:<enter>Organizational Unit Name (department, division) []:CA
> DivisionEmail Address []:[email protected] Name (city, district)
> [Metropolis]:<enter>State or Province Name (full name) [New
> York]:<enter>Country Name (2 letter code) [US]:<enter>Common Name
> (hostname, IP, or your name) []:TSC Root CA
>
> 2. openssl req -new -nodes -out req.pem -config ./openssl.cnf
> 3. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem
>
> Using configuration from ./openssl.cnfEnter PEM pass phrase:demoCheck
> that the request matches the signatureSignature okThe Subjects
> Distinguished Name is as followsorganizationName :PRINTABLE:'The
> Sample Company'organizationalUnitName:PRINTABLE:'Mail
> Server'emailAddress
> :IA5STRING:'[email protected]'localityName
> :PRINTABLE:'Metropolis'stateOrProvinceName :PRINTABLE:'New
> York'countryName :PRINTABLE:'US'commonName
> :PRINTABLE:'mail.sample.com'Certificate is to be certified until Dec
> 8 04:37:38 2002 GMT (365 days)Sign the certificate? [y/n]:y
> 1 out of 1 certificate requests certified, commit? [y/n]yWrite out
> database with 1 new entriesData Base Updated
>
> 4. copy cert.pem tmp.pem5. openssl x509 -in tmp.pem -out cert.pem
>
> //====================================== OPENSSL.CFG
> ======================================================
> Attached here is the openssl.cfg
>
> dir = .
>
> [ ca ]
> default_ca = CA_default
>
> [ CA_default ]
> serial = $dir/serial
> database = $dir/index.txt
> new_certs_dir = $dir/newcerts
> certificate = $dir/cacert.pem
> private_key = $dir/private/cakey.pem
> default_days = 365
> default_md = md5
> preserve = no
> email_in_dn = no
> nameopt = default_ca
> certopt = default_ca
> policy = policy_match
>
> [ policy_match ]
> countryName = match
> stateOrProvinceName = match
> organizationName = match
> organizationalUnitName = optional
> commonName = supplied
> emailAddress = optional
>
> [ req ]
> default_bits = 1024 # Size of keys
> default_keyfile = key.pem # name of generated keys
> default_md = md5 # message digest algorithm
> string_mask = nombstr # permitted characters
> distinguished_name = req_distinguished_name
> req_extensions = v3_req
>
> [ req_distinguished_name ]
> # Variable name Prompt string
> #---------------------- ----------------------------------
> 0.organizationName = Organization Name (company)
> organizationalUnitName = Organizational Unit Name (department, division)
> emailAddress = Email Address
> emailAddress_max = 40
> localityName = Locality Name (city, district)
> stateOrProvinceName = State or Province Name (full name)
> countryName = Country Name (2 letter code)
> countryName_min = 2
> countryName_max = 2
> commonName = Common Name (hostname, IP, or your name)
> commonName_max = 64
>
> # Default values for the above, for consistency and less typing.
> # Variable name Value
> #------------------------------ ------------------------------
> 0.organizationName_default = The Sample Company
> localityName_default = Metropolis
> stateOrProvinceName_default = New York
> countryName_default = US
>
> [ v3_ca ]
> basicConstraints = CA:TRUE
> subjectKeyIdentifier = hash
> authorityKeyIdentifier = keyid:always,issuer:always
>
> [ v3_req ]
> basicConstraints = CA:FALSE
> subjectKeyIdentifier = hash
>
> ============================================= SERVER.XML
> ===================================================
> Attached here is the server.xml
>
> <Server port="8025" shutdown="SHUTDOWN">
> <Listener SSLEngine="on"
> className="org.apache.catalina.core.AprLifecycleListener"/>
> <Listener className="org.apache.catalina.core.JasperListener"/>
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
>
> <GlobalNamingResources>
> <Resource auth="Container" description="User database that can be
> updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> name="UserDatabase" pathname="conf/tomcat-users.xml"
> type="org.apache.catalina.UserDatabase"/>
> </GlobalNamingResources>
>
> <Service name="Catalina">
> <Connector URIEncoding="utf-8" connectionTimeout="20000"
> port="8084" protocol="HTTP/1.1" redirectPort="8443"/>
>
>
> <Connector
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> port="8443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> SSLEngine="on"
> SSLCertificateFile="${catalina.base}\conf\cert.pem"
> SSLCertificateKeyFile="${catalina.base}\conf\key.pem"
> SSLPassword="tomcat"
> />
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
> <Engine defaultHost="localhost" name="Catalina">
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Realm>
> <Host appBase="webapps" autoDeploy="false" name="localhost"
> unpackWARs="true">
> <Valve
> className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log."
> resolveHosts="false" suffix=".txt"/>
> </Host>
> </Engine>
> </Service>
> </Server>
>
> //================================================= NETBEAN OUTPUT
> =======================================
> Using CATALINA_BASE:
> "C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base"
> Using CATALINA_HOME: "D:\WEB_PROGRAMS\Apache Tomcat 7.0.14"
> Using CATALINA_TMPDIR:
> "C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\temp"
> Using JRE_HOME: "C:\IMPORTANT SOFTWARE\JDK_32"
> Using CLASSPATH: "D:\WEB_PROGRAMS\Apache Tomcat
> 7.0.14\bin\bootstrap.jar;D:\WEB_PROGRAMS\Apache Tomcat
> 7.0.14\bin\tomcat-juli.jar"
> Dec 2, 2011 5:04:43 PM org.apache.catalina.core.AprLifecycleListener init
> INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
> Dec 2, 2011 5:04:43 PM org.apache.catalina.core.AprLifecycleListener init
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> [false], random [true].
> Dec 2, 2011 5:04:43 PM org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLEngine' to 'on' did not find a matching property.
> Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
> INFO: Initializing ProtocolHandler ["http-apr-8084"]
> Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
> INFO: Initializing ProtocolHandler ["http-apr-8443"]
> Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
> INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
> Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.Catalina load
> INFO: Initialization processed in 953 ms
> Dec 2, 2011 5:04:44 PM org.apache.catalina.core.StandardService
> startInternal
> INFO: Starting service Catalina
> Dec 2, 2011 5:04:44 PM org.apache.catalina.core.StandardEngine startInternal
> INFO: Starting Servlet Engine: Apache Tomcat/7.0.14
> Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.HostConfig
> deployDescriptor
> INFO: Deploying configuration descriptor ABC_WEBSITE.xml from
> C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
> Dec 2, 2011 5:04:47 PM com.sun.faces.config.ConfigureListener
> contextInitialized
> INFO: Initializing Mojarra 2.1.1 (FCS 20110408) for context '/ABC_WEBSITE'
> Dec 2, 2011 5:04:47 PM com.sun.faces.spi.InjectionProviderFactory
> createInstance
> INFO: JSF1048: PostConstruct/PreDestroy annotations present. ManagedBeans
> methods marked with these annotations will have said annotations processed.
> Dec 2, 2011 5:04:47 PM org.apache.catalina.startup.HostConfig
> deployDescriptor
> INFO: Deploying configuration descriptor manager.xml from
> C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
> Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.HostConfig
> deployDescriptor
> INFO: Deploying configuration descriptor ROOT.xml from
> C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
> Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
> INFO: Starting ProtocolHandler ["http-apr-8084"]
> Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
> INFO: Starting ProtocolHandler ["http-apr-8443"]
> Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
> INFO: Starting ProtocolHandler ["ajp-apr-8009"]
> Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.Catalina start
>
> God Bless
> ENg Huat
>
> On Sun, Nov 13, 2011 at 11:19 PM, Pid <[email protected]> wrote:
>
> > On 13/11/2011 10:03, Lau Eng Huat wrote:
> > > Hi everybody,
> > >
> > > I have followed this example on setting up the SSL on Tomcat Expert
> > >
> > http://www.tomcatexpert.com/knowledge-base/using-openssl-configure-ssl-certificates-tomcat
> > > .
> > > The question that I have is how do you use Apache Common HttpClient to
> > sent
> > > and received information from the servlet. I have no idea on how to write
> > > the code for the httpClient and Servlet. Please help me on this , I'm
> > stuck
> > > at this for couple of weeks already.
> >
> > One of those is a question for the Apache Commons community.
> > Note: Commons HttpClient has been superceded by Http Components.
> >
> > http://hc.apache.org/httpcomponents-client-ga/index.html
> >
> >
> > If you don't know how to write a Servlet, then you should have a look at
> > the documentation site and examples shipped with your Tomcat version:
> >
> > http://tomcat.apache.org/
> >
> >
> > p
> >
> >
> > --
> >
> > [key:62590808]
> >
> >
