Thank You, God Bless You a Thousand Fold !!!!!!!
On Fri, Dec 2, 2011 at 11:43 PM, David kerber <[email protected]> wrote:
> On 12/2/2011 10:39 AM, Lau Eng Huat wrote:
>
>> I'm still stuck after correcting the recommendation made by Daniel.
>>
>> <Listener className="org.apache.**catalina.core.**
>> AprLifecycleListener"
>> SSLEngine="on" />
>>
>> <Connector
>> protocol="org.apache.coyote.**http11.Http11AprProtocol"
>> port="8443" maxHttpHeaderSize="8192"
>> maxThreads="150" minSpareThreads="25"
>> enableLookups="false" disableUploadTimeout="true"
>> acceptCount="100" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLS"
>> SSLEngine="true"
>>
>
> ^^^^^^^^^^^^^^^^^^
>
> You still have SSLEngine set in the connector, where it doesn't belong.
>
>
>
> SSLCertificateFile="${**catalina.base}\conf\cert.pem"
>> SSLCertificateKeyFile="${**catalina.base}\conf\key.pem"
>> SSLPassword="tomcat"
>> />
>>
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
>>
>> It still gives me this error
>>
>> WARNING: [SetAllPropertiesRule]{Server/**Service/Connector} Setting
>> property
>> 'SSLEngine' to 'true' did not find a matching property.
>>
>> i'm running tomcat as localhoat under netbeans.
>>
>> On Fri, Dec 2, 2011 at 9:57 PM, Daniel Mikusa<[email protected]> wrote:
>>
>> On Fri, 2011-12-02 at 01:12 -0800, Lau Eng Huat wrote:
>>>
>>>> Hi everybody,
>>>>
>>>> I'm stuck on this SSL over a month. I hope somebody can help me here.
>>>> I'm
>>>> getting a Warning on "WARNING:
>>>> [SetAllPropertiesRule]{Server/**Service/Connector} Setting property
>>>> 'SSLEngine' to 'on' did not find a matching property."
>>>>
>>>
>>> Tomcat is telling you that the property "SSLEngine" does not exist on a
>>> Connector object. Note that it is not listed in the documentation
>>> either.
>>>
>>> https://tomcat.apache.org/**tomcat-7.0-doc/config/http.**
>>> html#SSL_Support<https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support>
>>>
>>>
>>> Perhaps you are confused with the "SSLEngine" attribute of the
>>> AprLifecycleListener?
>>>
>>> <Listener className="org.apache.**catalina.core.**AprLifecycleListener"
>>> SSLEngine="on" />
>>>
>>>
>>> and perhaps you meant SSLEnabled="true" on your Connector?
>>>
>>> Example from docs:
>>>
>>> <Connector
>>> port="8443" maxThreads="200"
>>> scheme="https" secure="true" SSLEnabled="true"
>>> SSLCertificateFile="/usr/**local/ssl/server.crt"
>>> SSLCertificateKeyFile="/usr/**local/ssl/server.pem"
>>> clientAuth="optional" SSLProtocol="TLSv1"/>
>>>
>>> https://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.html<https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html>
>>>
>>> Dan
>>>
>>>
>>>
>>> I have tried using
>>>> all this 3 Connection type but it still does not work. I'm running on
>>>> Tomcat 7.0
>>>>
>>>> protocol="org.apache.coyote.**http11.Http11Protocol"
>>>> protocol="org.apache.coyote.**http11.Http11NioProtocol"
>>>> protocol="org.apache.coyote.**http11.Http11AprProtocol"
>>>>
>>>> 1. # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem
>>>>
>>> -out
>>>
>>>> cacert.pem -days 3650 -config ./openssl.cnf
>>>>
>>>> Using configuration from ./openssl.cnfGenerating a 1024 bit RSA
>>>> private key.......++++++..............**............++++++writing new
>>>> private key to 'private/cakey.pem'Enter PEM pass
>>>> phrase:tomcatVerifying password - Enter PEM pass phrase:tomcat-----You
>>>> are about to be asked to enter information that will be
>>>> incorporatedinto your certificate request.What you are about to enter
>>>> is what is called a Distinguished Name or a DN.There are quite a few
>>>> fields but you can leave some blankFor some fields there will be a
>>>> default value,If you enter '.', the field will be left
>>>> blank.-----Organization Name (company) [The Sample
>>>> Company]:<enter>Organizational Unit Name (department, division) []:CA
>>>> DivisionEmail Address []:[email protected] Name (city, district)
>>>> [Metropolis]:<enter>State or Province Name (full name) [New
>>>> York]:<enter>Country Name (2 letter code) [US]:<enter>Common Name
>>>> (hostname, IP, or your name) []:TSC Root CA
>>>>
>>>> 2. openssl req -new -nodes -out req.pem -config ./openssl.cnf
>>>> 3. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem
>>>>
>>>> Using configuration from ./openssl.cnfEnter PEM pass phrase:demoCheck
>>>> that the request matches the signatureSignature okThe Subjects
>>>> Distinguished Name is as followsorganizationName :PRINTABLE:'The
>>>> Sample Company'**organizationalUnitName:**PRINTABLE:'Mail
>>>> Server'emailAddress
>>>> :IA5STRING:'postmaster@sample.**com<ia5string%3a%[email protected]>
>>>> 'localityName
>>>> :PRINTABLE:'Metropolis'**stateOrProvinceName :PRINTABLE:'New
>>>> York'countryName :PRINTABLE:'US'commonName
>>>> :PRINTABLE:'mail.sample.com'**Certificate is to be certified until Dec
>>>> 8 04:37:38 2002 GMT (365 days)Sign the certificate? [y/n]:y
>>>> 1 out of 1 certificate requests certified, commit? [y/n]yWrite out
>>>> database with 1 new entriesData Base Updated
>>>>
>>>> 4. copy cert.pem tmp.pem5. openssl x509 -in tmp.pem -out cert.pem
>>>>
>>>> //============================**========== OPENSSL.CFG
>>>> ==============================**========================
>>>> Attached here is the openssl.cfg
>>>>
>>>> dir = .
>>>>
>>>> [ ca ]
>>>> default_ca = CA_default
>>>>
>>>> [ CA_default ]
>>>> serial = $dir/serial
>>>> database = $dir/index.txt
>>>> new_certs_dir = $dir/newcerts
>>>> certificate = $dir/cacert.pem
>>>> private_key = $dir/private/cakey.pem
>>>> default_days = 365
>>>> default_md = md5
>>>> preserve = no
>>>> email_in_dn = no
>>>> nameopt = default_ca
>>>> certopt = default_ca
>>>> policy = policy_match
>>>>
>>>> [ policy_match ]
>>>> countryName = match
>>>> stateOrProvinceName = match
>>>> organizationName = match
>>>> organizationalUnitName = optional
>>>> commonName = supplied
>>>> emailAddress = optional
>>>>
>>>> [ req ]
>>>> default_bits = 1024 # Size of keys
>>>> default_keyfile = key.pem # name of generated keys
>>>> default_md = md5 # message digest
>>>>
>>> algorithm
>>>
>>>> string_mask = nombstr # permitted characters
>>>> distinguished_name = req_distinguished_name
>>>> req_extensions = v3_req
>>>>
>>>> [ req_distinguished_name ]
>>>> # Variable name Prompt string
>>>> #---------------------- ------------------------------**----
>>>> 0.organizationName = Organization Name (company)
>>>> organizationalUnitName = Organizational Unit Name (department,
>>>> division)
>>>> emailAddress = Email Address
>>>> emailAddress_max = 40
>>>> localityName = Locality Name (city, district)
>>>> stateOrProvinceName = State or Province Name (full name)
>>>> countryName = Country Name (2 letter code)
>>>> countryName_min = 2
>>>> countryName_max = 2
>>>> commonName = Common Name (hostname, IP, or your name)
>>>> commonName_max = 64
>>>>
>>>> # Default values for the above, for consistency and less typing.
>>>> # Variable name Value
>>>> #-----------------------------**- ------------------------------
>>>> 0.organizationName_default = The Sample Company
>>>> localityName_default = Metropolis
>>>> stateOrProvinceName_default = New York
>>>> countryName_default = US
>>>>
>>>> [ v3_ca ]
>>>> basicConstraints = CA:TRUE
>>>> subjectKeyIdentifier = hash
>>>> authorityKeyIdentifier = keyid:always,issuer:always
>>>>
>>>> [ v3_req ]
>>>> basicConstraints = CA:FALSE
>>>> subjectKeyIdentifier = hash
>>>>
>>>> ==============================**=============== SERVER.XML
>>>> ==============================**=====================
>>>> Attached here is the server.xml
>>>>
>>>> <Server port="8025" shutdown="SHUTDOWN">
>>>> <Listener SSLEngine="on"
>>>> className="org.apache.**catalina.core.**AprLifecycleListener"/>
>>>> <Listener className="org.apache.**catalina.core.JasperListener"/**>
>>>> <Listener
>>>> className="org.apache.**catalina.core.**JreMemoryLeakPreventionListene*
>>>> *r"/>
>>>> <Listener
>>>> className="org.apache.**catalina.mbeans.**
>>>> GlobalResourcesLifecycleListen**er"/>
>>>> <Listener
>>>> className="org.apache.**catalina.core.**ThreadLocalLeakPreventionListe*
>>>> *ner"/>
>>>>
>>>> <GlobalNamingResources>
>>>> <Resource auth="Container" description="User database that can
>>>> be
>>>> updated and saved"
>>>> factory="org.apache.catalina.**users.**MemoryUserDatabaseFactory"
>>>> name="UserDatabase" pathname="conf/tomcat-users.**xml"
>>>> type="org.apache.catalina.**UserDatabase"/>
>>>> </GlobalNamingResources>
>>>>
>>>> <Service name="Catalina">
>>>> <Connector URIEncoding="utf-8" connectionTimeout="20000"
>>>> port="8084" protocol="HTTP/1.1" redirectPort="8443"/>
>>>>
>>>>
>>>> <Connector
>>>> protocol="org.apache.coyote.**http11.Http11AprProtocol"
>>>> port="8443" maxHttpHeaderSize="8192"
>>>> maxThreads="150" minSpareThreads="25"
>>>> enableLookups="false" disableUploadTimeout="true"
>>>> acceptCount="100" scheme="https" secure="true"
>>>> clientAuth="false" sslProtocol="TLS"
>>>> SSLEngine="on"
>>>> SSLCertificateFile="${**catalina.base}\conf\cert.pem"
>>>> SSLCertificateKeyFile="${**catalina.base}\conf\key.pem"
>>>> SSLPassword="tomcat"
>>>> />
>>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
>>>> <Engine defaultHost="localhost" name="Catalina">
>>>> <Realm className="org.apache.**
>>>> catalina.realm.LockOutRealm">
>>>> <Realm
>>>> className="org.apache.**catalina.realm.**UserDatabaseRealm"
>>>> resourceName="UserDatabase"/>
>>>> </Realm>
>>>> <Host appBase="webapps" autoDeploy="false" name="localhost"
>>>> unpackWARs="true">
>>>> <Valve
>>>> className="org.apache.**catalina.valves.**AccessLogValve"
>>>> directory="logs"
>>>> pattern="%h %l %u %t"%r" %s %b" prefix="localhost_access_log."
>>>>
>>>> resolveHosts="false" suffix=".txt"/>
>>>> </Host>
>>>> </Engine>
>>>> </Service>
>>>> </Server>
>>>>
>>>> //============================**===================== NETBEAN OUTPUT
>>>> ==============================**=========
>>>> Using CATALINA_BASE:
>>>> "C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base"
>>>> Using CATALINA_HOME: "D:\WEB_PROGRAMS\Apache Tomcat 7.0.14"
>>>> Using CATALINA_TMPDIR:
>>>> "C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base\**temp"
>>>> Using JRE_HOME: "C:\IMPORTANT SOFTWARE\JDK_32"
>>>> Using CLASSPATH: "D:\WEB_PROGRAMS\Apache Tomcat
>>>> 7.0.14\bin\bootstrap.jar;D:\**WEB_PROGRAMS\Apache Tomcat
>>>> 7.0.14\bin\tomcat-juli.jar"
>>>> Dec 2, 2011 5:04:43 PM org.apache.catalina.core.**AprLifecycleListener
>>>> init
>>>> INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
>>>> Dec 2, 2011 5:04:43 PM org.apache.catalina.core.**AprLifecycleListener
>>>> init
>>>> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
>>>> [false], random [true].
>>>> Dec 2, 2011 5:04:43 PM org.apache.catalina.startup.**
>>>> SetAllPropertiesRule
>>>> begin
>>>> WARNING: [SetAllPropertiesRule]{Server/**Service/Connector} Setting
>>>>
>>> property
>>>
>>>> 'SSLEngine' to 'on' did not find a matching property.
>>>> Dec 2, 2011 5:04:44 PM org.apache.coyote.**AbstractProtocolHandler init
>>>> INFO: Initializing ProtocolHandler ["http-apr-8084"]
>>>> Dec 2, 2011 5:04:44 PM org.apache.coyote.**AbstractProtocolHandler init
>>>> INFO: Initializing ProtocolHandler ["http-apr-8443"]
>>>> Dec 2, 2011 5:04:44 PM org.apache.coyote.**AbstractProtocolHandler init
>>>> INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
>>>> Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.**Catalina load
>>>> INFO: Initialization processed in 953 ms
>>>> Dec 2, 2011 5:04:44 PM org.apache.catalina.core.**StandardService
>>>> startInternal
>>>> INFO: Starting service Catalina
>>>> Dec 2, 2011 5:04:44 PM org.apache.catalina.core.**StandardEngine
>>>>
>>> startInternal
>>>
>>>> INFO: Starting Servlet Engine: Apache Tomcat/7.0.14
>>>> Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.**HostConfig
>>>> deployDescriptor
>>>> INFO: Deploying configuration descriptor ABC_WEBSITE.xml from
>>>>
>>>> C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base\**
>>> conf\Catalina\localhost
>>>
>>>> Dec 2, 2011 5:04:47 PM com.sun.faces.config.**ConfigureListener
>>>> contextInitialized
>>>> INFO: Initializing Mojarra 2.1.1 (FCS 20110408) for context
>>>>
>>> '/ABC_WEBSITE'
>>>
>>>> Dec 2, 2011 5:04:47 PM com.sun.faces.spi.**InjectionProviderFactory
>>>> createInstance
>>>> INFO: JSF1048: PostConstruct/PreDestroy annotations present.
>>>>
>>> ManagedBeans
>>>
>>>> methods marked with these annotations will have said annotations
>>>>
>>> processed.
>>>
>>>> Dec 2, 2011 5:04:47 PM org.apache.catalina.startup.**HostConfig
>>>> deployDescriptor
>>>> INFO: Deploying configuration descriptor manager.xml from
>>>>
>>>> C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base\**
>>> conf\Catalina\localhost
>>>
>>>> Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.**HostConfig
>>>> deployDescriptor
>>>> INFO: Deploying configuration descriptor ROOT.xml from
>>>>
>>>> C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base\**
>>> conf\Catalina\localhost
>>>
>>>> Dec 2, 2011 5:04:48 PM org.apache.coyote.**AbstractProtocolHandler
>>>> start
>>>> INFO: Starting ProtocolHandler ["http-apr-8084"]
>>>> Dec 2, 2011 5:04:48 PM org.apache.coyote.**AbstractProtocolHandler
>>>> start
>>>> INFO: Starting ProtocolHandler ["http-apr-8443"]
>>>> Dec 2, 2011 5:04:48 PM org.apache.coyote.**AbstractProtocolHandler
>>>> start
>>>> INFO: Starting ProtocolHandler ["ajp-apr-8009"]
>>>> Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.**Catalina start
>>>>
>>>> God Bless
>>>> ENg Huat
>>>>
>>>> On Sun, Nov 13, 2011 at 11:19 PM, Pid<[email protected]> wrote:
>>>>
>>>> On 13/11/2011 10:03, Lau Eng Huat wrote:
>>>>>
>>>>>> Hi everybody,
>>>>>>
>>>>>> I have followed this example on setting up the SSL on Tomcat Expert
>>>>>>
>>>>>>
>>>>> http://www.tomcatexpert.com/**knowledge-base/using-openssl-**
>>> configure-ssl-certificates-**tomcat<http://www.tomcatexpert.com/knowledge-base/using-openssl-configure-ssl-certificates-tomcat>
>>>
>>>> .
>>>>>> The question that I have is how do you use Apache Common HttpClient
>>>>>>
>>>>> to
>>>
>>>> sent
>>>>>
>>>>>> and received information from the servlet. I have no idea on how to
>>>>>>
>>>>> write
>>>
>>>> the code for the httpClient and Servlet. Please help me on this , I'm
>>>>>>
>>>>> stuck
>>>>>
>>>>>> at this for couple of weeks already.
>>>>>>
>>>>>
>>>>> One of those is a question for the Apache Commons community.
>>>>> Note: Commons HttpClient has been superceded by Http Components.
>>>>>
>>>>>
>>>>> http://hc.apache.org/**httpcomponents-client-ga/**index.html<http://hc.apache.org/httpcomponents-client-ga/index.html>
>>>>>
>>>>>
>>>>> If you don't know how to write a Servlet, then you should have a look
>>>>>
>>>> at
>>>
>>>> the documentation site and examples shipped with your Tomcat version:
>>>>>
>>>>> http://tomcat.apache.org/
>>>>>
>>>>>
>>>>> p
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> [key:62590808]
>>>>>
>>>>>
>>>>>
>>>
>>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.**apache.org<[email protected]>
> For additional commands, e-mail: [email protected]
>
>
