Tomcat + SSL problems!
Hello I need my client to communicate with a servlet using secure xmlrpc. Using Apache's SecureWebServer works (got my own TrustManager, HostnameVerifier, selfsigned certificates/keystores for server/client). Accessing Tomcat with a browser (https://localhost:8443) works too (selfsigned certificate/keystore for tomcat). But when I try to make a secure XMLRPC call to the servlet (https://localhost:8443/myservlets/myservlet), I just get a certificate unknown exception. When adding the selfsigned Tomcat certificate to $JAVA_HOME/jre/lib/security/cacerts, I get this: java.io.IOException: HTTPS hostname wrong: should be localhost. I guess Tomcat does not know of my certificate. With the SecureWebServer/SecureXmlRpcClient implemenation I use an open (trust anyone) TrustManager, HostnameVerifier. What do I need to do? Thanks! ___ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache + mod_jk + Tomcat ... SSL Problems
Hello, we are using the following versions: Apache 2.0.47 mod_jk (not mod_jk2) Tomcat 5.5.9 The SSL-Feature is backed by openssl 0.9.7c. We configured mod_jk to send the SSL information to the tomcat engine: JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT And we configured the SSL-Module of Apache to use the SSL-Cache and to hold the SSL Session for 30 Minutes. SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 1800 Using the trick described in the tomcat documenation, I could activate and use the Session Tracking via the SSL Session ID, which is exactly what we wanted because so we don't need cookies or URL-Rewriting. To manage the SSL Sessions I implemented my own SSLSessionManager-Class in my Webapplication and all worked fine, except one little problem: The SSL Session Key seems to get lost by Apache or mod_ssl or OpenSSL! I used a test application in my servlet engine to experiment with the session tracking via ssl session id-feature. That application showed me if the SSL Session ID was set, what value it has, what my own SessionManagement-Class knew about that session (when it was created, when it was used last time, how long until expiration, which attributes are managed for that session). The SessionManager was configured to hold every SSL Session for unlimited time, only to set an internal invalid-flag after a configured time of 30 minutes. The test application showed that in newly started application instances (apache, tomcat) the SSL Session worked properly and the SSL Session ID was created. When reloading the test application repeatedly, that SSL Session ID kept its value. Bingo! All that I needed. But then... Few minutes later the test application showed that there was *no* SSL Session ID available within the https-request any longer. When I reloaded the test application again, a new SSL Session ID was created. This happened again and again later, always far earlier than the SSLSessionCache was configured. Then I used tomcat's web-connector and tried the same - and there the SSL Session ID worked properly and wasn't lost preemptively. Does someone know something about problems with SSL Session IDs with Apache und mod_jk? Does someone have a solution how to remove that problem? Thank you in advance, Oliver Schoenwald University of Hagen, Germany - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Fwd: Tomcat + ssl problems
Hi, Thanks for your reply. We are using jdk1.4.2. I am busy recompiling it as we speak to be 100% sure that it's ok. At 10:20 AM 8/18/2004 -0700, Hassan Schroeder wrote: Lloyd Hopper wrote: I am re-submitting this mail as I have had absolutely no response as of yet - is there really no one that has come across this before? I haven't (and I'm running Tomcat/SSL), but... Firstly, the keytool will not work properly when generating a new key. right off the bat, that tells me it's not a Tomcat problem, it's a basic JVM install problem of some kind. Keytool should work; until you fix that, you're stuck. Are you on a current JVM? That's where I'd be looking, at least... FWIW, -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Fwd: Tomcat + ssl problems
Hello, I am re-submitting this mail as I have had absolutely no response as of yet - is there really no one that has come across this before? I have seen similar problems both here and via Google groups but no really helpful solutions. Once again, please could somebody point me in the right direction on how to solve this. I was maybe thinking that the Tomcat compilation (with the JSSE automatically included) was not done properly, but standalone without SSL everything runs perfectly. Suggestions please Lloyd Date: Thu, 12 Aug 2004 14:02:59 +0200 To: [EMAIL PROTECTED] From: Lloyd Hopper [EMAIL PROTECTED] Subject: Tomcat + ssl problems Hello, I am sure somebody has come across something similar before but I have been unable to find a resolution as yet. The problem is this; I am trying to enable SSL in Tomcat 4.1.29 and several things happen that are not correct, even though this should be a rather simple goal to achieve. Firstly, the keytool will not work properly when generating a new key. You get asked all the questions and when you have finished and you confirm the information entered with a 'yes' it just hangs. Importing with keytool and checking the keystore both work fine (the -list and -import flags) but generating doesn't (-genkey). I cannot seem to find any error messages either and in top the process appears intermittently. Secondly, after importing the certificate (made with openssl) I then change the server.xml config and ensure that the JSSE_HOME is correct in catalina.sh and restart Tomcat using catalina.sh. This is what I get: - begin excerpt catalina log -- Exception during startup processing java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) Caused by: java.lang.NoClassDefFoundError: javax/net/ServerSocketFactory at java.lang.ClassLoader.findBootstrapClass(Native Method) at java.lang.ClassLoader.findBootstrapClass0(ClassLoader.java:709) at java.lang.ClassLoader.loadClass(ClassLoader.java:284) at java.lang.ClassLoader.loadClass(ClassLoader.java:282) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274) at java.lang.ClassLoader.loadClass(ClassLoader.java:235) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) at org.apache.tomcat.util.net.jsse.JSSE14Factory.getSocketFactory(JSSE14Factory.java:80) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactory(JSSEImplementation.java:113) at org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Protocol.java:615) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:166) at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1173) at org.apache.catalina.core.StandardService.initialize(StandardService.java:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) ... 5 more end excerpt catalina log - Tomcat runs perfectly if I comment the SSL out. --- begin server.xml excerpt --- !-- Define a non-SSL Coyote HTTP/1.1 Connector -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8180 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to -1 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile
Re: Fwd: Tomcat + ssl problems
Lloyd Hopper wrote: I am re-submitting this mail as I have had absolutely no response as of yet - is there really no one that has come across this before? I haven't (and I'm running Tomcat/SSL), but... Firstly, the keytool will not work properly when generating a new key. right off the bat, that tells me it's not a Tomcat problem, it's a basic JVM install problem of some kind. Keytool should work; until you fix that, you're stuck. Are you on a current JVM? That's where I'd be looking, at least... FWIW, -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat + ssl problems
Hello, I am sure somebody has come across something similar before but I have been unable to find a resolution as yet. The problem is this; I am trying to enable SSL in Tomcat 4.1.29 and several things happen that are not correct, even though this should be a rather simple goal to achieve. Firstly, the keytool will not work properly when generating a new key. You get asked all the questions and when you have finished and you confirm the information entered with a 'yes' it just hangs. Importing with keytool and checking the keystore both work fine (the -list and -import flags) but generating doesn't (-genkey). I cannot seem to find any error messages either and in top the process appears intermittently. Secondly, after importing the certificate (made with openssl) I then change the server.xml config and ensure that the JSSE_HOME is correct in catalina.sh and restart Tomcat using catalina.sh. This is what I get: - begin excerpt catalina log -- Exception during startup processing java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) Caused by: java.lang.NoClassDefFoundError: javax/net/ServerSocketFactory at java.lang.ClassLoader.findBootstrapClass(Native Method) at java.lang.ClassLoader.findBootstrapClass0(ClassLoader.java:709) at java.lang.ClassLoader.loadClass(ClassLoader.java:284) at java.lang.ClassLoader.loadClass(ClassLoader.java:282) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274) at java.lang.ClassLoader.loadClass(ClassLoader.java:235) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:941) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:857) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) at org.apache.tomcat.util.net.jsse.JSSE14Factory.getSocketFactory(JSSE14Factory.java:80) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactory(JSSEImplementation.java:113) at org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Protocol.java:615) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:166) at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1173) at org.apache.catalina.core.StandardService.initialize(StandardService.java:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) ... 5 more end excerpt catalina log - Tomcat runs perfectly if I comment the SSL out. --- begin server.xml excerpt --- !-- Define a non-SSL Coyote HTTP/1.1 Connector -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8180 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to -1 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=MYKEYSTORE keystorePass=MYPASSWD clientAuth=false / /Connector end server.xml excerpt --- begin excerpt catalina.sh -- # java home JAVA_HOME=/usr/local/jdk1.4.2; export JAVA_HOME # JSSE home JSSE_HOME=/usr/local/jdk1.4.2/jre; export JSSE_HOME snip # Add on extra jar files to CLASSPATH if [ -n $JSSE_HOME ]; then CLASSPATH=$CLASSPATH:$JSSE_HOME/lib/ext/jcert.jar:$JSSE_HOME/lib/ext/jnet.jar:$JSSE_HOME/lib/ext/jsse.jar fi CLASSPATH=$CLASSPATH:$CATALINA_HOME/bin/bootstrap.jar: end catalina.sh excerpt --- Of course JSSE was already included in JDK 1.4 (we are running jdk 1.4.2) so it was not necessary to download that
tomcat ssl problems( no cihpher suites in common)
Hello all, I use jakarta-tomcat-4.0.6, jdk 1.4.0 on windows xp home edition, I want to use the tomcat with ssl, I modified the server.xml according to the how-to on the jakarta site, I start the tomcat and get no error, but when I use IE to connect the https://localhost:8443/, There are exception fatal: Handshake failed javax.net.ssl.SSLHandshakeException: no cipher suites in common at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.ServerHandshaker.b(DashoA6275) at com.sun.net.ssl.internal.ssl.ServerHandshaker.a(DashoA6275) at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(DashoA62 75) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) at java.io.OutputStream.write(OutputStream.java:58) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFact ory.java:290) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :493) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:533) at java.lang.Thread.run(Thread.java:536) 2002/12/25 11:48:08 org.apache.tomcat.util.log.CommonLogHandler log fatal: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThread@ce bc9f, terminating thread java.lang.NullPointerException at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :512) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:533) at java.lang.Thread.run(Thread.java:536) 2002/12/25 11:48:08 org.apache.tomcat.util.log.CommonLogHandler log fatal: Handshake failed javax.net.ssl.SSLException: Unsupported SSL v2.0 ClientHello at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) at java.io.OutputStream.write(OutputStream.java:58) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFact ory.java:290) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :493) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:533) at java.lang.Thread.run(Thread.java:536) 2002/12/25 11:48:08 org.apache.tomcat.util.log.CommonLogHandler log fatal: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThread@ce bc9f, terminating thread java.lang.NullPointerException at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :512) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:533) at java.lang.Thread.run(Thread.java:536) Please help me check this problem, thanks in advance. ning -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
