On Fri, 2011-12-02 at 01:12 -0800, Lau Eng Huat wrote:
Hi everybody,
I'm stuck on this SSL over a month. I hope somebody can help me here. I'm
getting a Warning on "WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLEngine' to 'on' did not find a matching property."
Tomcat is telling you that the property "SSLEngine" does not exist on a
Connector object. Note that it is not listed in the documentation
either.
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
Perhaps you are confused with the "SSLEngine" attribute of the
AprLifecycleListener?
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
and perhaps you meant SSLEnabled="true" on your Connector?
Example from docs:
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="optional" SSLProtocol="TLSv1"/>
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
Dan
I have tried using
all this 3 Connection type but it still does not work. I'm running on
Tomcat 7.0
protocol="org.apache.coyote.http11.Http11Protocol"
protocol="org.apache.coyote.http11.Http11NioProtocol"
protocol="org.apache.coyote.http11.Http11AprProtocol"
1. # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem
-out
cacert.pem -days 3650 -config ./openssl.cnf
Using configuration from ./openssl.cnfGenerating a 1024 bit RSA
private key.......++++++..........................++++++writing new
private key to 'private/cakey.pem'Enter PEM pass
phrase:tomcatVerifying password - Enter PEM pass phrase:tomcat-----You
are about to be asked to enter information that will be
incorporatedinto your certificate request.What you are about to enter
is what is called a Distinguished Name or a DN.There are quite a few
fields but you can leave some blankFor some fields there will be a
default value,If you enter '.', the field will be left
blank.-----Organization Name (company) [The Sample
Company]:<enter>Organizational Unit Name (department, division) []:CA
DivisionEmail Address []:ca@sample.comLocality Name (city, district)
[Metropolis]:<enter>State or Province Name (full name) [New
York]:<enter>Country Name (2 letter code) [US]:<enter>Common Name
(hostname, IP, or your name) []:TSC Root CA
2. openssl req -new -nodes -out req.pem -config ./openssl.cnf
3. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem
Using configuration from ./openssl.cnfEnter PEM pass phrase:demoCheck
that the request matches the signatureSignature okThe Subjects
Distinguished Name is as followsorganizationName :PRINTABLE:'The
Sample Company'organizationalUnitName:PRINTABLE:'Mail
Server'emailAddress
:IA5STRING:'postmas...@sample.com'localityName
:PRINTABLE:'Metropolis'stateOrProvinceName :PRINTABLE:'New
York'countryName :PRINTABLE:'US'commonName
:PRINTABLE:'mail.sample.com'Certificate is to be certified until Dec
8 04:37:38 2002 GMT (365 days)Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]yWrite out
database with 1 new entriesData Base Updated
4. copy cert.pem tmp.pem5. openssl x509 -in tmp.pem -out cert.pem
//====================================== OPENSSL.CFG
======================================================
Attached here is the openssl.cfg
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = $dir/serial
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest
algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
# Variable name Prompt string
#---------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing.
# Variable name Value
#------------------------------ ------------------------------
0.organizationName_default = The Sample Company
localityName_default = Metropolis
stateOrProvinceName_default = New York
countryName_default = US
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
============================================= SERVER.XML
===================================================
Attached here is the server.xml
<Server port="8025" shutdown="SHUTDOWN">
<Listener SSLEngine="on"
className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener className="org.apache.catalina.core.JasperListener"/>
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<GlobalNamingResources>
<Resource auth="Container" description="User database that can be
updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase" pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector URIEncoding="utf-8" connectionTimeout="20000"
port="8084" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector
protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLEngine="on"
SSLCertificateFile="${catalina.base}\conf\cert.pem"
SSLCertificateKeyFile="${catalina.base}\conf\key.pem"
SSLPassword="tomcat"
/>
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm
className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="false" name="localhost"
unpackWARs="true">
<Valve
className="org.apache.catalina.valves.AccessLogValve" directory="logs"
pattern="%h %l %u %t"%r" %s %b" prefix="localhost_access_log."
resolveHosts="false" suffix=".txt"/>
</Host>
</Engine>
</Service>
</Server>
//================================================= NETBEAN OUTPUT
=======================================
Using CATALINA_BASE:
"C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base"
Using CATALINA_HOME: "D:\WEB_PROGRAMS\Apache Tomcat 7.0.14"
Using CATALINA_TMPDIR:
"C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\temp"
Using JRE_HOME: "C:\IMPORTANT SOFTWARE\JDK_32"
Using CLASSPATH: "D:\WEB_PROGRAMS\Apache Tomcat
7.0.14\bin\bootstrap.jar;D:\WEB_PROGRAMS\Apache Tomcat
7.0.14\bin\tomcat-juli.jar"
Dec 2, 2011 5:04:43 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Dec 2, 2011 5:04:43 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Dec 2, 2011 5:04:43 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
property
'SSLEngine' to 'on' did not find a matching property.
Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-apr-8084"]
Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 953 ms
Dec 2, 2011 5:04:44 PM org.apache.catalina.core.StandardService
startInternal
INFO: Starting service Catalina
Dec 2, 2011 5:04:44 PM org.apache.catalina.core.StandardEngine
startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.14
Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deploying configuration descriptor ABC_WEBSITE.xml from
C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
Dec 2, 2011 5:04:47 PM com.sun.faces.config.ConfigureListener
contextInitialized
INFO: Initializing Mojarra 2.1.1 (FCS 20110408) for context
'/ABC_WEBSITE'
Dec 2, 2011 5:04:47 PM com.sun.faces.spi.InjectionProviderFactory
createInstance
INFO: JSF1048: PostConstruct/PreDestroy annotations present.
ManagedBeans
methods marked with these annotations will have said annotations
processed.
Dec 2, 2011 5:04:47 PM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deploying configuration descriptor manager.xml from
C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deploying configuration descriptor ROOT.xml from
C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
INFO: Starting ProtocolHandler ["http-apr-8084"]
Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
INFO: Starting ProtocolHandler ["http-apr-8443"]
Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
INFO: Starting ProtocolHandler ["ajp-apr-8009"]
Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.Catalina start
God Bless
ENg Huat
On Sun, Nov 13, 2011 at 11:19 PM, Pid<p...@pidster.com> wrote:
On 13/11/2011 10:03, Lau Eng Huat wrote:
Hi everybody,
I have followed this example on setting up the SSL on Tomcat Expert
http://www.tomcatexpert.com/knowledge-base/using-openssl-configure-ssl-certificates-tomcat
.
The question that I have is how do you use Apache Common HttpClient
to
sent
and received information from the servlet. I have no idea on how to
write
the code for the httpClient and Servlet. Please help me on this , I'm
stuck
at this for couple of weeks already.
One of those is a question for the Apache Commons community.
Note: Commons HttpClient has been superceded by Http Components.
http://hc.apache.org/httpcomponents-client-ga/index.html
If you don't know how to write a Servlet, then you should have a look
at
the documentation site and examples shipped with your Tomcat version:
http://tomcat.apache.org/
p
--
[key:62590808]