Re: Embedded Tomcat and SSL?
I am using Tomcat as standalone and not with Apache.
I got it to work after playing with it for a while.
You have to set these undocumented properties to get SSL working
properly:
if (isSSLEnabled) {
IntrospectionUtils.setProperty(httpConnector, sslProtocol,
TLS);
IntrospectionUtils.setProperty(httpConnector, keystoreFile,
getPath()+/conf/tomcat.keystore);
IntrospectionUtils.setProperty(httpConnector, keystoreType,
JKS);
IntrospectionUtils.setProperty(httpConnector, clientAuth,
false);
httpConnector.setProtocol( SSL);
}
HTH
--- Mark [EMAIL PROTECTED] wrote:
are you using Apace with Tomcat? I have done embedded Tomcat and
SSL,
but it was Apache sitting in front of Tomcat.
On 10/6/05, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hi,
I am using an embedded tomcat instance within my application. I am
trying to set up a connector using SSL. When I start the server, it
creates the connector and bind to the port successfully. When I
request
a page from the web browser, I get the following error in my
browser:
The connection to the server has terminated unexpectedly. Some
data
may have been transferred.
The same scenario works fine with HTTP.
Here is my code snippet:
// APPPORT and isSSLEnabled are set correctly to 8443 and true.
Connector httpConnector =
this._server.createConnector((java.net.InetAddress)null,
Integer.parseInt(ApplicationResourcesUtil.getProperty(Constants.RESOURCEKEY_APPPORT)),isSSLEnabled);
//add new Connector to set of Connectors for embedded server,
associated with Engine
this._server.addConnector(httpConnector);
this._server.start();
Looking at the tomcat website, they talk about registering
keystore.
What APIs do I use to programmatically specify the keystore file?
Is
there something else that needs to be configured before SSL will
work
in the embedded more?
Thanks,
-Andy
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat and SSL? [255821:132351]
Many thanks for your email. This is an automated response acknowledging receipt.
Please be advised that Badge mailing commences beginning of October 2005.
Should your message require a response we will respond shortly.
Regards
Meridian Club
-Original Message-
From: [EMAIL PROTECTED]
Received: 10/7/2005 5:45 PM
To: Tomcat Users List tomcat-user@jakarta.apache.org; Mark [EMAIL
PROTECTED]
Subject: Re: Embedded Tomcat and SSL?
I am using Tomcat as standalone and not with Apache.
I got it to work after playing with it for a while.
You have to set these undocumented properties to get SSL working
properly:
if (isSSLEnabled) {
IntrospectionUtils.setProperty(httpConnector, sslProtocol,
TLS);
IntrospectionUtils.setProperty(httpConnector, keystoreFile,
getPath()+/conf/tomcat.keystore);
IntrospectionUtils.setProperty(httpConnector, keystoreType,
JKS);
IntrospectionUtils.setProperty(httpConnector, clientAuth,
false);
httpConnector.setProtocol( SSL);
}
HTH
--- Mark [EMAIL PROTECTED] wrote:
are you using Apace with Tomcat? I have done embedded Tomcat and
SSL,
but it was Apache sitting in front of Tomcat.
On 10/6/05, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hi,
I am using an embedded tomcat instance within my application. I am
trying to set up a connector using SSL. When I start the server, it
creates the connector and bind to the port successfully. When I
request
a page from the web browser, I get the following error in my
browser:
The connection to the server has terminated unexpectedly. Some
data
may have been transferred.
The same scenario works fine with HTTP.
Here is my code snippet:
// APPPORT and isSSLEnabled are set correctly to 8443 and true.
Connector httpConnector =
this._server.createConnector((java.net.InetAddress)null,
Integer.parseInt(ApplicationResourcesUtil.getProperty(Constants.RESOURCEKEY_APPPORT)),isSSLEnabled);
//add new Connector to set of Connectors for embedded server,
associated with Engine
this._server.addConnector(httpConnector);
this._server.start();
Looking at the tomcat website, they talk about registering
keystore.
What APIs do I use to programmatically specify the keystore file?
Is
there something else that needs to be configured before SSL will
work
in the embedded more?
Thanks,
-Andy
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Meridian Club
Unit 5, Caxton Centre
Porters Wood
St Albans
Herts
UNITED KINGDOM
AL3 6XT
Tel: +44 1727 738855
Fax: +44 1700 578955
email: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Embedded Tomcat and SSL?
Hi, I am using an embedded tomcat instance within my application. I am trying to set up a connector using SSL. When I start the server, it creates the connector and bind to the port successfully. When I request a page from the web browser, I get the following error in my browser: The connection to the server has terminated unexpectedly. Some data may have been transferred. The same scenario works fine with HTTP. Here is my code snippet: // APPPORT and isSSLEnabled are set correctly to 8443 and true. Connector httpConnector = this._server.createConnector((java.net.InetAddress)null, Integer.parseInt(ApplicationResourcesUtil.getProperty(Constants.RESOURCEKEY_APPPORT)),isSSLEnabled); //add new Connector to set of Connectors for embedded server, associated with Engine this._server.addConnector(httpConnector); this._server.start(); Looking at the tomcat website, they talk about registering keystore. What APIs do I use to programmatically specify the keystore file? Is there something else that needs to be configured before SSL will work in the embedded more? Thanks, -Andy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat and SSL?
are you using Apace with Tomcat? I have done embedded Tomcat and SSL, but it was Apache sitting in front of Tomcat. On 10/6/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I am using an embedded tomcat instance within my application. I am trying to set up a connector using SSL. When I start the server, it creates the connector and bind to the port successfully. When I request a page from the web browser, I get the following error in my browser: The connection to the server has terminated unexpectedly. Some data may have been transferred. The same scenario works fine with HTTP. Here is my code snippet: // APPPORT and isSSLEnabled are set correctly to 8443 and true. Connector httpConnector = this._server.createConnector((java.net.InetAddress)null, Integer.parseInt(ApplicationResourcesUtil.getProperty(Constants.RESOURCEKEY_APPPORT)),isSSLEnabled); //add new Connector to set of Connectors for embedded server, associated with Engine this._server.addConnector(httpConnector); this._server.start(); Looking at the tomcat website, they talk about registering keystore. What APIs do I use to programmatically specify the keystore file? Is there something else that needs to be configured before SSL will work in the embedded more? Thanks, -Andy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5 + SSL - Overriding default certificate authentication
Hi, Need to override the default certificate authentication to provide some own validation. Need to embed some new extensions in the certificate and validate them Got the following information but having problems doing what is explained 1. Write new SSLImplementation subclassing org.apache.tomcat.util.net.SSLImplementation 2. Specify SSLImplementation=com.MySSLImplementation in connector for port 8443 in server.xml However i get a class not found error = org.apache.tomcat.util.net.SSLImplementation Any guidelines? Regards, Chandan P.S. : I got tomcat to load my sslimplementation - was as simple a matter as placing my jar in server\lib - sorry for being dumb. Still posting this in case there is an elegant simpler way.
Re: Apache + Tomcat + Mod_JK + SSL How to?
Hi,
I've been following this thread for a bit and can offer some of my
painfully gained insights. I have Apache, tomcat 5.0.28, mod_jk and
SSL.
This is not a real fix, just my workarounds.
It drove me nuts forever until I figured out that Apache webserver does
not successful apply rewrite rules to the JkMount directive.
In my httpd.conf:
#tomcat worker
JkWorkersFile conf/workers.properties
JkLogFile logs/jk.log
JkLogLevel info
JkMount /*.jsp jkworker
Under my virtual host port 80 I tested a few rewrite rules(the first
was to the 'admin' directory, the second was for all requests):
RewriteRule ^/admin/(.*)$ https://server.name.com/$1 [R]
RewriteRule ^.*$ https://server.name.com%{REQUEST_URI} [R]
The rewrite would work for non JkMount items, but the behavior seemed
to show apache just handing off the transaction to tomcat via the mount
BEFORE applying the rewrite.
(please check this for yourself, if you use a rewrite rule to a non
JkMount directory Apache should redirect it successfully)
Tomcat would not bounce it to port 443 because the rewrite rule was not
in the tomcat layer.
Our java programer ended up writing a custom jsp that redirected the
transaction to a SSL port.
I then made the redirect directory forbidden under non-SSL.
I suspect there maybe a more graceful way to do this please let me know
if you find it.
-Kiarna
Apache + Tomcat + Mod_JK + SSL How to?
I know this has been asked, but the all the emails and on-line docs don't seem to make sense to me. What I have is this. Apache, Tomcat, Mod_JK all running and working on my server. The SSL on Apache is working as well. All I want to do is have certain urls use SSL on Apache. So when you go to /site it's non-ssl, which works now, but when you access /admin it redirects to SSL, this is not working now. How do I get this working? -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Well, maybe I've just make a mistake somewhere. I looked at my jsp-examples/ url work with ssl and without in mod_jk. Where should I look to see why this one works but my app doesn't? Stanczak Group wrote: I know this has been asked, but the all the emails and on-line docs don't seem to make sense to me. What I have is this. Apache, Tomcat, Mod_JK all running and working on my server. The SSL on Apache is working as well. All I want to do is have certain urls use SSL on Apache. So when you go to /site it's non-ssl, which works now, but when you access /admin it redirects to SSL, this is not working now. How do I get this working? -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Stanczak Group wrote: Well, maybe I've just make a mistake somewhere. I looked at my jsp-examples/ url work with ssl and without in mod_jk. Where should I look to see why this one works but my app doesn't? Stanczak Group wrote: I know this has been asked, but the all the emails and on-line docs don't seem to make sense to me. What I have is this. Apache, Tomcat, Mod_JK all running and working on my server. The SSL on Apache is working as well. All I want to do is have certain urls use SSL on Apache. So when you go to /site it's non-ssl, which works now, but when you access /admin it redirects to SSL, this is not working now. How do I get this working? Hi, Your question is a little bit unclear. If you need a redirection from http://site/admin/ to https://site/admin/ look at the mod_rewrite, or simply make a absolute link to https page. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. But the real issue is when I access the url for example http://www.myapp.com/thisapp it works, but when I add https://www.myapp.com/thisapp it fails saying The requested URL /MemCarQue/cars was not found on this server.. But the default jsp-examples/ url works with SSL and without. Once this works then I'll want to make it so the /thisapp/secure part works like Tomcat stand alone and redirects based on the security constraint in web.xml of the app. I'm guessing this can be done by setting the Tomcat to redirect to SSL port. Mladen Turk wrote: Stanczak Group wrote: Well, maybe I've just make a mistake somewhere. I looked at my jsp-examples/ url work with ssl and without in mod_jk. Where should I look to see why this one works but my app doesn't? Stanczak Group wrote: I know this has been asked, but the all the emails and on-line docs don't seem to make sense to me. What I have is this. Apache, Tomcat, Mod_JK all running and working on my server. The SSL on Apache is working as well. All I want to do is have certain urls use SSL on Apache. So when you go to /site it's non-ssl, which works now, but when you access /admin it redirects to SSL, this is not working now. How do I get this working? Hi, Your question is a little bit unclear. If you need a redirection from http://site/admin/ to https://site/admin/ look at the mod_rewrite, or simply make a absolute link to https page. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? Also, adjust your clock. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Mladen Turk wrote: Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? yes that is correct. Also, adjust your clock. ? What do you mean? Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
test time Stanczak Group wrote: Mladen Turk wrote: Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? yes that is correct. Also, adjust your clock. ? What do you mean? Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Mladen Turk wrote: Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? Also, adjust your clock. That fix it? I didn't even see it was off. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to? Got it.
It was something simple. I didn't have to mod_jk directive setup on the virtual host with ssl. Stanczak Group wrote: Mladen Turk wrote: Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? Also, adjust your clock. That fix it? I didn't even see it was off. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL
i dont think https and http requests from the same machine will be having any impact on the session created already. I mean even if u call request.getSession(true) in a secure page and if a valid session already exists , nothinng like creating a new session and invalidating it will happen. There will not any difference between a http request and https request from web server point of view, except that they are received on different ports and one needs to be decrypted before processing any detailed explaination on this will be appreciated On 7/19/05, Mufaddal Khumri [EMAIL PROTECTED] wrote: Hello, I wanted to verify if I am understanding this right. The website has certain sections of it using HTTPS (secure) and certain sections use only HTTP (unsecure). 1. A new session resulting from a call to request.getSession(true) in a secure area of a website is invalidated automatically when the session transitions from the secure to an unsecure area of the website. 2. A new session resulting from a call to request.getSession(true) in an unsecure area of a website is untouched when the session transitions from the unsecure to a secure area of the website and from the unsecure to a secure area of the website. Am I understanding 1 and 2 right? Thanks, Mufaddal. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Consult your physician prior to the use of any medical supplies or product. -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and SSL
Hello, I wanted to verify if I am understanding this right. The website has certain sections of it using HTTPS (secure) and certain sections use only HTTP (unsecure). 1. A new session resulting from a call to request.getSession(true) in a secure area of a website is invalidated automatically when the session transitions from the secure to an unsecure area of the website. 2. A new session resulting from a call to request.getSession(true) in an unsecure area of a website is untouched when the session transitions from the unsecure to a secure area of the website and from the unsecure to a secure area of the website. Am I understanding 1 and 2 right? Thanks, Mufaddal. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Consult your physician prior to the use of any medical supplies or product. -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
apache-tomcat-mod_jk-ssl
hi guyz i ve just configured to use my tomcat 5.5.x running on win2k machine with apache web server 2.0.49 running on fedora core 2 machine. my application are running perfectly well. infact i m noticing a certain level of increase in performance. however, i get into troubles as soon as i take my login page to SSL. i get the error The connection was refused when attempting to contact myserver:8443. i will appreciate any help or any pointer to any thread. P.S. i did try to search through those hundreds of threads. Thanx in advance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache-tomcat-mod_jk-ssl
I have Tomcat 5.5.9 and Apache 2.0.54 running on Windows 2000, connecting them with mod_jk (not jk2). The only thing I want to do now is have Apache run Tomcat in-process like I did with jk2, is this possible? And if it is, what files do I need to update and configure? Thanks. Tom faisal wrote: hi guyz i ve just configured to use my tomcat 5.5.x running on win2k machine with apache web server 2.0.49 running on fedora core 2 machine. my application are running perfectly well. infact i m noticing a certain level of increase in performance. however, i get into troubles as soon as i take my login page to SSL. i get the error The connection was refused when attempting to contact myserver:8443. i will appreciate any help or any pointer to any thread. P.S. i did try to search through those hundreds of threads. Thanx in advance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat For SSL
Hello, I have a webapp that is running on Tomcat 5.5. I have always developed just using Tomcat. Now I want to take a site, and host it. The site will also run certificates for SSL. Should I wrap my site around Apache now. Meaning should I install apache and put tomcat inside? Or however this is done. Or can tomcat handle SSL certificates (from Verisign?) as it is. I hear of security issues, etc. Any information would be appreciated. Thanks, Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat For SSL
Tomcat handles SSL certificates as it is, but I'd recommend install Apache to handle all cert instead of Tomcat. -Original Message- From: Scott Purcell [mailto:[EMAIL PROTECTED] Sent: Monday, May 23, 2005 9:39 AM To: tomcat-user@jakarta.apache.org Subject: Tomcat For SSL Hello, I have a webapp that is running on Tomcat 5.5. I have always developed just using Tomcat. Now I want to take a site, and host it. The site will also run certificates for SSL. Should I wrap my site around Apache now. Meaning should I install apache and put tomcat inside? Or however this is done. Or can tomcat handle SSL certificates (from Verisign?) as it is. I hear of security issues, etc. Any information would be appreciated. Thanks, Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat For SSL
Get ready for differing opinions on this, it's been asked loads of times before, try searching the archives for more info. My very quick summary would be that you do not need apache httpd to do SSL, and it can be very fast and stable without apache, as well as simpler to config if you don't already know apache, but there are good reasons to introduce apache. depending on the exact requirements of your site, there are some useful feature benefits from using apache+tomcat, and when the site gets heavily loaded, apache+tc performs better than tc alone, if you let apache handle the static page requests. A friend of mine advises me that he uses apache+tc for these reasons: - server side includes which is easier for most people to use to do minor dynamic content in otherwise static pages - mod_rewrite can help with redirection between http - https if you have pages that can only be accessed through one or other protocol - can config reverse proxy content off another server I do not run apache with my TC because I do not require any of these features; however I am not against using it for the right app. -Original Message- From: Scott Purcell [mailto:[EMAIL PROTECTED] Sent: Monday 23 May 2005 14:39 To: tomcat-user@jakarta.apache.org Subject: Tomcat For SSL Hello, I have a webapp that is running on Tomcat 5.5. I have always developed just using Tomcat. Now I want to take a site, and host it. The site will also run certificates for SSL. Should I wrap my site around Apache now. Meaning should I install apache and put tomcat inside? Or however this is done. Or can tomcat handle SSL certificates (from Verisign?) as it is. I hear of security issues, etc. Any information would be appreciated. Thanks, Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat For SSL
Scott Purcell wrote: Should I wrap my site around Apache now. Meaning should I install apache and put tomcat inside? There is no standard answer to this question. It depends what you are trying to achieve. Apache adds both functionality and configuration complexity. You have to weigh the costs of one against the benefits of the other. If you don't know, stick with Tomcat standalone - you can always change your mind later. Or can tomcat handle SSL certificates (from Verisign?) as it is. Yes. I hear of security issues, etc. Like what? It is difficult to answer your concerns when you are this vauge. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and SSL
Hi, I'm having problems using Tomcat with SSL Protocol. I setup Client Authentication in Tomcat administration tool. When i try to use access a page that needs a certificate, i receive error DNS Error cause the site is unreachable. Is there anyone who knows how to solve this problem. Thanks. PS.: Tomcat 5.0.28 Windows 2000 Port 8443 listener OK ** Informação transmitida destina-se apenas à pessoa a quem foi endereçada e pode conter informação confidencial, legalmente protegida e para conhecimento exclusivo do destinatário. Se o leitor desta advertência não for o seu destinatário, fica ciente de que sua leitura, divulgação ou cópia é estritamente proibida. Caso a mensagem tenha sido recebida por engano, favor comunicar ao remetente e apagar o texto de qualquer computador. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by person or entity other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. **
RE: Tomcat and SSL
How did you create the certificate ? And with what details ? -Original Message- From: Marcos Ferreira [mailto:[EMAIL PROTECTED] Sent: 19 April 2005 13:39 To: tomcat-user@jakarta.apache.org Subject: Tomcat and SSL Hi, I'm having problems using Tomcat with SSL Protocol. I setup Client Authentication in Tomcat administration tool. When i try to use access a page that needs a certificate, i receive error DNS Error cause the site is unreachable. Is there anyone who knows how to solve this problem. Thanks. PS.: Tomcat 5.0.28 Windows 2000 Port 8443 listener OK ** Informação transmitida destina-se apenas à pessoa a quem foi endereçada e pode conter informação confidencial, legalmente protegida e para conhecimento exclusivo do destinatário. Se o leitor desta advertência não for o seu destinatário, fica ciente de que sua leitura, divulgação ou cópia é estritamente proibida. Caso a mensagem tenha sido recebida por engano, favor comunicar ao remetente e apagar o texto de qualquer computador. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by person or entity other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html Set enableLookups to false. Doug - Original Message - From: Marcos Ferreira [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Tuesday, April 19, 2005 8:39 AM Subject: Tomcat and SSL Hi, I'm having problems using Tomcat with SSL Protocol. I setup Client Authentication in Tomcat administration tool. When i try to use access a page that needs a certificate, i receive error DNS Error cause the site is unreachable. Is there anyone who knows how to solve this problem. Thanks. PS.: Tomcat 5.0.28 Windows 2000 Port 8443 listener OK ** Informação transmitida destina-se apenas à pessoa a quem foi endereçada e pode conter informação confidencial, legalmente protegida e para conhecimento exclusivo do destinatário. Se o leitor desta advertência não for o seu destinatário, fica ciente de que sua leitura, divulgação ou cópia é estritamente proibida. Caso a mensagem tenha sido recebida por engano, favor comunicar ao remetente e apagar o texto de qualquer computador. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by person or entity other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL
I created the certificate using keytool and choosed JKS type. I'm using false to enableLookups attribute. Thanx - Original Message - From: Raghupathy,Gurumoorthy [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Tuesday, April 19, 2005 9:46 AM Subject: RE: Tomcat and SSL How did you create the certificate ? And with what details ? -Original Message- From: Marcos Ferreira [mailto:[EMAIL PROTECTED] Sent: 19 April 2005 13:39 To: tomcat-user@jakarta.apache.org Subject: Tomcat and SSL Hi, I'm having problems using Tomcat with SSL Protocol. I setup Client Authentication in Tomcat administration tool. When i try to use access a page that needs a certificate, i receive error DNS Error cause the site is unreachable. Is there anyone who knows how to solve this problem. Thanks. PS.: Tomcat 5.0.28 Windows 2000 Port 8443 listener OK ** Informação transmitida destina-se apenas à pessoa a quem foi endereçada e pode conter informação confidencial, legalmente protegida e para conhecimento exclusivo do destinatário. Se o leitor desta advertência não for o seu destinatário, fica ciente de que sua leitura, divulgação ou cópia é estritamente proibida. Caso a mensagem tenha sido recebida por engano, favor comunicar ao remetente e apagar o texto de qualquer computador. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by person or entity other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** Informação transmitida destina-se apenas à pessoa a quem foi endereçada e pode conter informação confidencial, legalmente protegida e para conhecimento exclusivo do destinatário. Se o leitor desta advertência não for o seu destinatário, fica ciente de que sua leitura, divulgação ou cópia é estritamente proibida. Caso a mensagem tenha sido recebida por engano, favor comunicar ao remetente e apagar o texto de qualquer computador. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by person or entity other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re[9]: Tomcat/4.1.31 - SSL Troubles
On 4/14/05, Andrey [EMAIL PROTECTED] wrote: Hello, HTTPS: GET /application/index.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101:8443 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101:8443/ Content-Length: 0 Date: Thu, 14 Apr 2005 09:17:36 GMT Server: Apache-Coyote/1.1 A few more things: Can you try accessing the server by it's name instead of IP? Also can you try with Firefox - http://getfirefox.com and if that works fine like I expect it will then install http://livehttpheaders.mozdev.org/ to get the same info you have above for MSIE. Plus what URL are you requesting to begin with and what does your connector in your server.xml (minus any passwords) look like? Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[8]: Tomcat/4.1.31 - SSL Troubles
Hello, Wednesday, April 13, 2005, 11:19:00 PM, you wrote: Well so far that is normal, what isn't normal is that the browser isn't sending another GET request for https://62.86.16.101/index.jsp what happens if you request that URL directly? Hang on you know what is happening? I bet HTTP/1.1 isn't enabled in the browser, I had the exact same problem the other day... Tools / Internet Options, Advanced, HTTP/1.1 Settings: enable both of those for some reason the Proxy one still seems to effect things even when you tell IE to not use the proxy for the site you are accessing. Regards, I can POST more... It's loop. .. if i use non-https connection all work fine. (https is configured on 443 port now .. no difference) GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/index.jsp Content-Length: 0 Date: Thu, 14 Apr 2005 06:42:27 GMT Server: Apache-Coyote/1.1 GET /index.jsp HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/ Content-Length: 0 Date: Thu, 14 Apr 2005 06:42:27 GMT Server: Apache-Coyote/1.1 GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/index.jsp Content-Length: 0 Date: Thu, 14 Apr 2005 06:42:27 GMT Server: Apache-Coyote/1.1 GET /index.jsp HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/ Content-Length: 0 Date: Thu, 14 Apr 2005 06:42:27 GMT Server: Apache-Coyote/1.1 GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/index.jsp Content-Length: 0 Date: Thu, 14 Apr 2005 06:42:27 GMT Server: Apache-Coyote/1.1 GET /index.jsp HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/ Content-Length: 0 Date: Thu, 14 Apr 2005 06:42:27 GMT Server: Apache-Coyote/1.1 -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[9]: Tomcat/4.1.31 - SSL Troubles
Hello, HTTPS: GET /application/index.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101:8443 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101:8443/ Content-Length: 0 Date: Thu, 14 Apr 2005 09:17:36 GMT Server: Apache-Coyote/1.1 GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101:8443 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101:8443/index.jsp Content-Length: 0 Date: Thu, 14 Apr 2005 09:17:36 GMT Server: Apache-Coyote/1.1 GET /index.jsp HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101:8443 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101:8443/ Content-Length: 0 Date: Thu, 14 Apr 2005 09:17:36 GMT Server: Apache-Coyote/1.1 GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101:8443 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101:8443/index.jsp Content-Length: 0 Date: Thu, 14 Apr 2005 09:17:36 GMT Server: Apache-Coyote/1.1 and again and again.. -- But for HTTP: GET /application/index.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101:8080 Connection: Keep-Alive HTTP/1.1 200 OK ETag: W/735-1088131466000 Last-Modified: Fri, 25 Jun 2004 02:44:26 GMT Content-Type: text/html Content-Length: 735 Date: Thu, 14 Apr 2005 09:33:40 GMT Server: Apache-Coyote/1.1 GET /application/subdirectory/main.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: http://62.86.16.101:8080/application/index.html Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101:8080 Connection: Keep-Alive HTTP/1.1 200 OK ETag: W/364-108813149 Last-Modified: Fri, 25 Jun 2004 02:44:50 GMT Content-Type: text/html Content-Length: 364 Date: Thu, 14 Apr 2005 09:33:40 GMT Server: Apache-Coyote/1.1 -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat/4.1.31 - SSL Troubles
Hello, (j2re1.4.1_02 is installed) I've created certificate keystore as described: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/printer/ssl-howto.html then i uncommented Connector element for an SSL connector i server.xml. I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. No errors in log files. What should i check? .. -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat/4.1.31 - SSL Troubles
On 4/13/05, Andrey [EMAIL PROTECTED] wrote: Hello, (j2re1.4.1_02 is installed) I've created certificate keystore as described: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/printer/ssl-howto.html then i uncommented Connector element for an SSL connector i server.xml. I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Sounds like you are using Internet Explorer so the first step would be to disable Show friendly HTTP error messages and if you are using IE for any sort of web development testing that is one of the first things you should do: Tools / Internet Options, Advanced tab, then it is under the Browsing subheading. Then you can see the real error. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Tomcat/4.1.31 - SSL Troubles
Hello, Wednesday, April 13, 2005, 8:21:22 PM, you wrote: Sounds like you are using Internet Explorer so the first step would be to disable Show friendly HTTP error messages and if you are using IE for any sort of web development testing that is one of the first things you should do: Tools / Internet Options, Advanced tab, then it is under the Browsing subheading. Then you can see the real error. Regards, Same error.. and it looks like loop. -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat/4.1.31 - SSL Troubles
I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Is the page OK on http then? - https://server.com:8443/app1/page1.jsp - http://server.com:8080/app1/page1.jsp Regards, Ben Kim Database Developer/Systems Administrator 434E Harrington Tower / College of Education Texas AM University - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Tomcat/4.1.31 - SSL Troubles
Hello, Wednesday, April 13, 2005, 8:47:13 PM, you wrote: I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Is the page OK on http then? - https://server.com:8443/app1/page1.jsp - http://server.com:8080/app1/page1.jsp Yes. usual http works. -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Re[2]: Tomcat/4.1.31 - SSL Troubles
I followed Tomcat directions and did not worked. I do find this and it worked, just go to http://galatea.com/flashguides/tomcat-ssl-5-unix Lorenzo -Original Message- From: Andrey [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:53 a.m. To: Tomcat Users List Subject: Re[2]: Tomcat/4.1.31 - SSL Troubles Hello, Wednesday, April 13, 2005, 8:47:13 PM, you wrote: I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Is the page OK on http then? - https://server.com:8443/app1/page1.jsp - http://server.com:8080/app1/page1.jsp Yes. usual http works. -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Si usted no es el destinatario indicado en este mensaje o responsable como persona de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor notifique al correo [EMAIL PROTECTED] Para más referencia sobre términos importantes relacionados a este correo visite http://www.nacion.com/disclaimer/index_es2.htm If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or send this message to anyone, please notify to [EMAIL PROTECTED] Click here for important additional terms relating to this e-mail. http://www.nacion.com/disclaimer/index_en2.htm - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[4]: Tomcat/4.1.31 - SSL Troubles
Hello, Wednesday, April 13, 2005, 9:07:34 PM, you wrote: I followed Tomcat directions and did not worked. I do find this and it worked, just go to http://galatea.com/flashguides/tomcat-ssl-5-unix Lorenzo It's Windows. Sorry. -Original Message- From: Andrey [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:53 a.m. To: Tomcat Users List Subject: Re[2]: Tomcat/4.1.31 - SSL Troubles Hello, Wednesday, April 13, 2005, 8:47:13 PM, you wrote: I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Is the page OK on http then? - https://server.com:8443/app1/page1.jsp - http://server.com:8080/app1/page1.jsp Yes. usual http works. -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re[4]: Tomcat/4.1.31 - SSL Troubles
I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Just a basic guesswork... Assuming the code does not differentiate between ssl and non-ssl, could it be a browser specific problem? Also, can you see it from local machine, i.e. https://localhost:8443/...? Just my 2 pence... Regards, Ben Kim Database Developer/Systems Administrator 434E Harrington Tower / College of Education Texas AM University - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re[2]: Tomcat/4.1.31 - SSL Troubles
On 4/13/05, Andrey [EMAIL PROTECTED] wrote: Hello, Wednesday, April 13, 2005, 8:21:22 PM, you wrote: Sounds like you are using Internet Explorer so the first step would be to disable Show friendly HTTP error messages and if you are using IE for any sort of web development testing that is one of the first things you should do: Tools / Internet Options, Advanced tab, then it is under the Browsing subheading. Then you can see the real error. Regards, Same error.. and it looks like loop. Do you have any other web servers running on the same machine? MSIE gets confused when you access say IIS on https://mymachine and then access Tomcat on http://mymachine:8443 and produces the behaviour you describe. Try installing iehttpheaders and monitor the requests and responses: http://www.blunck.info/iehttpheaders.html Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[6]: Tomcat/4.1.31 - SSL Troubles
Hello, Wednesday, April 13, 2005, 10:17:42 PM, you wrote: I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Just a basic guesswork... Assuming the code does not differentiate between ssl and non-ssl, could it be a browser specific problem? Also, can you see it from local machine, i.e. https://localhost:8443/...? Just my 2 pence... No difference between local/remote. I don't think it's network/browser related problem. Thanks to Jason.. GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/index.jsp Content-Length: 0 Date: Wed, 13 Apr 2005 19:38:50 GMT Server: Apache-Coyote/1.1 What can i do ? :) -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re[6]: Tomcat/4.1.31 - SSL Troubles
On 4/13/05, Andrey [EMAIL PROTECTED] wrote: GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/index.jsp Content-Length: 0 Date: Wed, 13 Apr 2005 19:38:50 GMT Server: Apache-Coyote/1.1 Well so far that is normal, what isn't normal is that the browser isn't sending another GET request for https://62.86.16.101/index.jsp what happens if you request that URL directly? Hang on you know what is happening? I bet HTTP/1.1 isn't enabled in the browser, I had the exact same problem the other day... Tools / Internet Options, Advanced, HTTP/1.1 Settings: enable both of those for some reason the Proxy one still seems to effect things even when you tell IE to not use the proxy for the site you are accessing. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re[6]: Tomcat/4.1.31 - SSL Troubles
Andrey [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, Wednesday, April 13, 2005, 10:17:42 PM, you wrote: I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Just a basic guesswork... Assuming the code does not differentiate between ssl and non-ssl, could it be a browser specific problem? Also, can you see it from local machine, i.e. https://localhost:8443/...? Just my 2 pence... No difference between local/remote. I don't think it's network/browser related problem. Thanks to Jason.. GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/index.jsp Content-Length: 0 Date: Wed, 13 Apr 2005 19:38:50 GMT Server: Apache-Coyote/1.1 What can i do ? :) MSIE is sending the wrong Host header (it's known to do that :), so the Location is bad on the response (it's asking MSIE to connect to port 443). What you can do is: 1) Use FireFox. 2) Configure the connector to run on the default port of 443. 3) Get MS to fix their browser. -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 / SSL / Digsigtrust Certificate...
I figured it out. I was importing the new signed cert to a new alias in my keystore, rather than the original key I generated when I created the keystore. And, Netscape's CA Chain certs work with JBoss/Tomcat5. John Urban wrote: I have sent my CSR and been approved and received my SSL Web server certificate from Digsigtrust. I have having problems getting the SSL certificate to install properly. I have tried every conceivable combinations to getting my browser to NOT pop up the Security Alart dialog. Most documentation I've read seems to tell me to import the CA chain to my keystore first, then my signed certificate from Digsigtrust. I've had no success. My issue seems to be obtaining the correct Chain certificate from Digsigtrust. Can someone advise me which is the closet server to Tomcat 5: Apache + Mod/Open SSL Apache Raven Microsoft Internet Information Server 5 and 6 Microsoft Internet Information Server 4 iPlanet Enterprise Server 4.1 Domino 4.6 and Higher Netscape Enterprise Server 3.6.1 Stronghold 3.0 Others/Misc This should be a step in the right direction. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 / SSL / Digsigtrust Certificate...
I have sent my CSR and been approved and received my SSL Web server certificate from Digsigtrust. I have having problems getting the SSL certificate to install properly. I have tried every conceivable combinations to getting my browser to NOT pop up the Security Alart dialog. Most documentation I've read seems to tell me to import the CA chain to my keystore first, then my signed certificate from Digsigtrust. I've had no success. My issue seems to be obtaining the correct Chain certificate from Digsigtrust. Can someone advise me which is the closet server to Tomcat 5: Apache + Mod/Open SSL Apache Raven Microsoft Internet Information Server 5 and 6 Microsoft Internet Information Server 4 iPlanet Enterprise Server 4.1 Domino 4.6 and Higher Netscape Enterprise Server 3.6.1 Stronghold 3.0 Others/Misc This should be a step in the right direction. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and SSL
Hi I followed the document http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html and reached to a point where I created .keystore file. * This .keystore is now located at C:\Documents and Settings\Owner * Where as my Tomcat is at C:\jakarta-tomcat-5.0.28 What is the default location that tomcat expects this .keystore file. Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and SSL
Hi I followed the document http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html and reached to a point where I created .keystore file. * This .keystore is now located at C:\Documents and Settings\Owner * Where as my Tomcat is at C:\jakarta-tomcat-5.0.28 What is the default location that tomcat expects this .keystore file. Thanks __ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL
On Sun, 27 Feb 2005 16:22:52 -0800 (PST), deepak suldhal [EMAIL PROTECTED] wrote: Hi I followed the document http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html and reached to a point where I created .keystore file. * This .keystore is now located at C:\Documents and Settings\Owner * Where as my Tomcat is at C:\jakarta-tomcat-5.0.28 What is the default location that tomcat expects this .keystore file. Search for keystoreFile in that document and you will receive your answer... Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and SSL
Hi when I type set on command line I see HOMEPATH=\Documents and Settings\Owner CATALINA_HOME=C:\jakarta-tomcat-5.0.28 And my keystore file is at C:\Documents and Settings\Owner\.keystore I uncommented the server.xml file to enable the 8443 port as secure ssl port. Retarted tomcat server. and connected to https://localhost:8443 This brought me with certificate page. and so I guess I have configured this port for SSL. __ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL : Want Client Authentication but not Server Authentication
I've never heard of being able to connect using SSL without a server certificate. But you don't have to spend money to get one: just use a self-signed certificate. Onkar Singh wrote: Hi , I want Client ( Web Browser) to be authenticated and not the Server ( Web Server). Is it possible to achieve or not because as far as i know JSSE and Claymore' PureTLS (SSL implementations) both make Server authentication mandatory !! Thanks in advance !! Onkar __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and SSL : Want Client Authentication but not Server Authentication
Hi , I want Client ( Web Browser) to be authenticated and not the Server ( Web Server). Is it possible to achieve or not because as far as i know JSSE and Claymore' PureTLS (SSL implementations) both make Server authentication mandatory !! Thanks in advance !! Onkar __
RE: Tomcat - 4.1 - SSL redirect only works on ports 80 and 443
Dave- Please post the non-ssl and ssl connector fields from your server.xml file Azam Khan -Original Message- From: David Austin [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 10, 2004 9:53 AM To: [EMAIL PROTECTED] Subject: Tomcat - 4.1 - SSL redirect only works on ports 80 and 443 Good Morning, This is my first post to this site, so please go easy on me... I am running a tomcat 4.1 standalone server and I am trying to implement an SSL connector. I followed the instructions and was able to successfully get it to work with one problem: For some reason the redirect only works when i set the non-SSL port to 80 and the SSL port to 443. When I try any other ports (including the default ports 8080, and 8443), it fails to redirect. When I type https://localhost:8080 i get a page not found or other browser error. When I change the ports to 80 and 443 respectively, and type in https://localhost/ it works fine. I am running Fedora linux Any ideas? Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - 4.1 - SSL redirect only works on ports 8
Ok, here are my connector tags: !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=1 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=1 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS / /Connector - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat - 4.1 - SSL redirect only works on ports 80 and 443
Good Morning, This is my first post to this site, so please go easy on me... I am running a tomcat 4.1 standalone server and I am trying to implement an SSL connector. I followed the instructions and was able to successfully get it to work with one problem: For some reason the redirect only works when i set the non-SSL port to 80 and the SSL port to 443. When I try any other ports (including the default ports 8080, and 8443), it fails to redirect. When I type https://localhost:8080 i get a page not found or other browser error. When I change the ports to 80 and 443 respectively, and type in https://localhost/ it works fine. I am running Fedora linux Any ideas? Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat smtp SSL transport?
Hi, Tomcat only ships with the basic JavaMail provider, which IIRC doesn't have S/MIME support. You have to get a 3rd party library, such as CryptoMail (a SourceForge project IIRC), and use it. You might need to write a trivial CryptoMailSessionFactory to use as the Bean factory for Tomcat's JNDI resource. Or you could use the library directory from your webapp without going through Tomcat and its JNDI resources. There are numerous providers of S/MIME support for JavaMail listed on the JavaMail java.sun.com site. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 6:04 PM To: Tomcat Users List Subject: Tomcat smtp SSL transport? I need to send email from Tomcat: - smtp server on localhost. - port 465. - smtp encrypts messages using SSL. - smtp authenticates users via CRAM-MD5. I probably need to add more parameters ResourceParams name=mail/Session parameternamemail.smtp.host/namevalue127.0.0.1/value/paramet er parameternamemail.smtp.port/namevalue465/value/parameter /ResourceParams 1. Do I need to set a specific mail.class of the provider, which and how ? 2. How to specify SSL encryption ? 3. How to specify CRAM-MD5 authentication ? Thanks! Evgeny __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat smtp SSL transport?
Hi Yoav. Tomcat and QMail are installed on same host. Currently clients (Mozilla-mail, KMail, ect) send email using SSL encryption. I need also send e-mails from Tomcat. Can I configure Tomcat server.xml or QMail or smtp relay (/etc/tcp.smtp) or ? to send e-mail via TCP and not SSL? Thanks! Evgeny --- Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Tomcat only ships with the basic JavaMail provider, which IIRC doesn't have S/MIME support. You have to get a 3rd party library, such as CryptoMail (a SourceForge project IIRC), and use it. You might need to write a trivial CryptoMailSessionFactory to use as the Bean factory for Tomcat's JNDI resource. Or you could use the library directory from your webapp without going through Tomcat and its JNDI resources. There are numerous providers of S/MIME support for JavaMail listed on the JavaMail java.sun.com site. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 6:04 PM To: Tomcat Users List Subject: Tomcat smtp SSL transport? I need to send email from Tomcat: - smtp server on localhost. - port 465. - smtp encrypts messages using SSL. - smtp authenticates users via CRAM-MD5. I probably need to add more parameters ResourceParams name=mail/Session parameternamemail.smtp.host/namevalue127.0.0.1/value/paramet er parameternamemail.smtp.port/namevalue465/value/parameter /ResourceParams 1. Do I need to set a specific mail.class of the provider, which and how ? 2. How to specify SSL encryption ? 3. How to specify CRAM-MD5 authentication ? Thanks! Evgeny __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat smtp SSL transport?
Hi, I personally don't know, as I haven't tried it. But it's more of a JavaMail question than a Tomcat question. All Tomcat does is provide a Bean factory for the normal JavaMail Session objects. Tomcat doesn't provide customized mail Session objects or anything like that. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 9:46 AM To: Tomcat Users List Subject: RE: Tomcat smtp SSL transport? Hi Yoav. Tomcat and QMail are installed on same host. Currently clients (Mozilla-mail, KMail, ect) send email using SSL encryption. I need also send e-mails from Tomcat. Can I configure Tomcat server.xml or QMail or smtp relay (/etc/tcp.smtp) or ? to send e-mail via TCP and not SSL? Thanks! Evgeny --- Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Tomcat only ships with the basic JavaMail provider, which IIRC doesn't have S/MIME support. You have to get a 3rd party library, such as CryptoMail (a SourceForge project IIRC), and use it. You might need to write a trivial CryptoMailSessionFactory to use as the Bean factory for Tomcat's JNDI resource. Or you could use the library directory from your webapp without going through Tomcat and its JNDI resources. There are numerous providers of S/MIME support for JavaMail listed on the JavaMail java.sun.com site. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 6:04 PM To: Tomcat Users List Subject: Tomcat smtp SSL transport? I need to send email from Tomcat: - smtp server on localhost. - port 465. - smtp encrypts messages using SSL. - smtp authenticates users via CRAM-MD5. I probably need to add more parameters ResourceParams name=mail/Session parameternamemail.smtp.host/namevalue127.0.0.1/value/parame t er parameternamemail.smtp.port/namevalue465/value/parameter /ResourceParams 1. Do I need to set a specific mail.class of the provider, which and how ? 2. How to specify SSL encryption ? 3. How to specify CRAM-MD5 authentication ? Thanks! Evgeny __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Tomcat smtp SSL transport?
Hi Tomcat and QMail are installed on same host. Currently clients (Mozilla-mail, KMail, ect) send email using SSL encryption. If tomcat is on the same host as your mail daemon, ssl encryption makes no sense. Send the mail without ssl. It might be nessessary to configure this in QMail, but since I only use exim4, I cannot help you on this. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: Tomcat smtp SSL transport?
Well, it could be a certificate issue. tail -f /var/log/qmail/smtpd/current | tai64nlocal ... 454 TLS connection failed: error:14094416:SSL routines:SSL _READ_BYTES:sslv3 alert certificate unknown (#4.3.0) Looks like I need to import qmail's clientcert.pem into Tomcat or Java trustStore. Thanks Evgeny --- Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, I personally don't know, as I haven't tried it. But it's more of a JavaMail question than a Tomcat question. All Tomcat does is provide a Bean factory for the normal JavaMail Session objects. Tomcat doesn't provide customized mail Session objects or anything like that. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 9:46 AM To: Tomcat Users List Subject: RE: Tomcat smtp SSL transport? Hi Yoav. Tomcat and QMail are installed on same host. Currently clients (Mozilla-mail, KMail, ect) send email using SSL encryption. I need also send e-mails from Tomcat. Can I configure Tomcat server.xml or QMail or smtp relay (/etc/tcp.smtp) or ? to send e-mail via TCP and not SSL? Thanks! Evgeny --- Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Tomcat only ships with the basic JavaMail provider, which IIRC doesn't have S/MIME support. You have to get a 3rd party library, such as CryptoMail (a SourceForge project IIRC), and use it. You might need to write a trivial CryptoMailSessionFactory to use as the Bean factory for Tomcat's JNDI resource. Or you could use the library directory from your webapp without going through Tomcat and its JNDI resources. There are numerous providers of S/MIME support for JavaMail listed on the JavaMail java.sun.com site. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 6:04 PM To: Tomcat Users List Subject: Tomcat smtp SSL transport? I need to send email from Tomcat: - smtp server on localhost. - port 465. - smtp encrypts messages using SSL. - smtp authenticates users via CRAM-MD5. I probably need to add more parameters ResourceParams name=mail/Session parameternamemail.smtp.host/namevalue127.0.0.1/value/parame t er parameternamemail.smtp.port/namevalue465/value/parameter /ResourceParams 1. Do I need to set a specific mail.class of the provider, which and how ? 2. How to specify SSL encryption ? 3. How to specify CRAM-MD5 authentication ? Thanks! Evgeny __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat smtp SSL transport?
I need to send email from Tomcat: - smtp server on localhost. - port 465. - smtp encrypts messages using SSL. - smtp authenticates users via CRAM-MD5. I probably need to add more parameters ResourceParams name=mail/Session parameternamemail.smtp.host/namevalue127.0.0.1/value/parameter parameternamemail.smtp.port/namevalue465/value/parameter /ResourceParams 1. Do I need to set a specific mail.class of the provider, which and how ? 2. How to specify SSL encryption ? 3. How to specify CRAM-MD5 authentication ? Thanks! Evgeny __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5 SSL problem
Hello all. I'm trying to get SSL working on my Tomcat 5.0.27 instance... I've read all the how-to's and spent an hour Googling, but I can't get past an issue I'm having... I have the following entry in my server.xml: Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory keystoreFile=c:\tomcat\.keystore keystorePass=my_password clientAuth=false protocol=TLS / /Connector The keystore file is there, and I believe generated properly, as per the how-to instructions. When I start Tomcat however, I get the following exception: [INFO] Http11Protocol - Initializing Coyote HTTP/1.1 on http-8181 [ERROR] Http11Protocol - Error initializing socket factory java.lang.ClassNotFo undException: Can't find any SSL implementationjava.lang.ClassNotFoundException : Can't find any SSL implementation at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement ation.java:57) at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement ation.java:63) at org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Prot ocol.java:770) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:119) at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. java:1429) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:609) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2384) at org.apache.catalina.startup.Catalina.load(Catalina.java:507) at org.apache.catalina.startup.Catalina.load(Catalina.java:528) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) [ERROR] Catalina - Catalina.start LifecycleException: Protocol handler initial ization failed: java.lang.ClassNotFoundException: Can't find any SSL implementat ionLifecycleException: Protocol handler initialization failed: java.lang.Class NotFoundException: Can't find any SSL implementation at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. java:1431) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:609) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2384) at org.apache.catalina.startup.Catalina.load(Catalina.java:507) at org.apache.catalina.startup.Catalina.load(Catalina.java:528) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) Tomcat DOES continue to run, but obviously without SSL working. Any ideas? Thanks all! Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies www.omnytex.com _ Get ready for school! Find articles, homework help and more in the Back to School Guide! http://special.msn.com/network/04backtoschool.armx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 SSL problem
Hola Frank, I'm doing it too. My server.xml configuration is: Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true keystoreFile=e:\java\pruebas\WSOverSSL\server.keystore keystorePass=changeit clientAuth=true sslProtocol=TLS/ I don't know if it's the best but the Tomcat Run. Now I'm trying to indetify/authentificate my WS-Client. Con fecha viernes, 27 de agosto de 2004, 19:09:03, escribiste: FZ Hello all. I'm trying to get SSL working on my Tomcat 5.0.27 instance... FZ I've read all the how-to's and spent an hour Googling, but I can't get past FZ an issue I'm having... FZ I have the following entry in my server.xml: FZ Connector className=org.apache.coyote.tomcat5.CoyoteConnector FZ port=8443 minProcessors=5 maxProcessors=75 FZ enableLookups=true FZ acceptCount=100 debug=0 scheme=https secure=true FZ useURIValidationHack=false disableUploadTimeout=true FZ Factory FZ className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory FZ keystoreFile=c:\tomcat\.keystore keystorePass=my_password FZ clientAuth=false protocol=TLS / FZ /Connector FZ The keystore file is there, and I believe generated properly, as per the FZ how-to instructions. When I start Tomcat however, I get the following FZ exception: FZ [INFO] Http11Protocol - Initializing Coyote HTTP/1.1 on http-8181 FZ [ERROR] Http11Protocol - Error initializing socket factory FZ java.lang.ClassNotFo FZ undException: Can't find any SSL implementationjava.lang.ClassNotFoundException FZ : Can't find any SSL implementation FZ at FZ org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement FZ ation.java:57) FZ at FZ org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement FZ ation.java:63) FZ at FZ org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Prot FZ ocol.java:770) FZ at FZ org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:119) FZ at FZ org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. FZ java:1429) FZ at FZ org.apache.catalina.core.StandardService.initialize(StandardService.j FZ ava:609) FZ at FZ org.apache.catalina.core.StandardServer.initialize(StandardServer.jav FZ a:2384) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:507) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:528) FZ at java.lang.reflect.Method.invoke(Native Method) FZ at FZ org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) FZ at FZ org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) FZ [ERROR] Catalina - Catalina.start LifecycleException: Protocol handler FZ initial FZ ization failed: java.lang.ClassNotFoundException: Can't find any SSL FZ implementat FZ ionLifecycleException: Protocol handler initialization failed: FZ java.lang.Class FZ NotFoundException: Can't find any SSL implementation FZ at FZ org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. FZ java:1431) FZ at FZ org.apache.catalina.core.StandardService.initialize(StandardService.j FZ ava:609) FZ at FZ org.apache.catalina.core.StandardServer.initialize(StandardServer.jav FZ a:2384) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:507) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:528) FZ at java.lang.reflect.Method.invoke(Native Method) FZ at FZ org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) FZ at FZ org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) FZ Tomcat DOES continue to run, but obviously without SSL working. Any ideas? FZ Thanks all! FZ Frank W. Zammetti FZ Founder and Chief Software Architect FZ Omnytex Technologies FZ www.omnytex.com FZ _ FZ Get ready for school! Find articles, homework help and more in the Back to FZ School Guide! http://special.msn.com/network/04backtoschool.armx FZ - FZ To unsubscribe, e-mail: [EMAIL PROTECTED] FZ For additional commands, e-mail: FZ [EMAIL PROTECTED] -- Saludos, Danielmailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Web Service (Axis+Tomcat 5+SSL)
Hi, I'm looking for information about how to make a secure WebService. To be exact I would like use SSL in my application, but I don´t know how to configure all the necessary to do it. I have see axis and tomcat web pages, but I'm a bit confused. My first objective is that the client of my web service were authetificated with a electronic certificate. Thank you! Dani - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New idea - Enable Tomcat for SSL?
Hi, I don't know about CRL support -- why not just try it out? Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 7:51 PM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Shapira, Yoav wrote: Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav, I had posted a number of messages about problems I was having, but in any event, thanks for the links. One other question: If I configure Tomcat (5.0.27) as a standalone SSL-enabled (client and server) webserver+container, will the Tomcat SSL handling support the use of certificate revocation lists (CRLs)? I've been trying to research this, and so far have had no luck finding anything on it, and, from the standpoint of security, support for CRLs is going to be a must-have if I go this direction. If you or anyone knows the answer to this question, please let me know. Thanks again, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
Yoav, The problem is that I can't find any info at all on how to configure it to use a CRL. FYI, after an all-nighter, I was just able to get the client and server SSL part working with standalone Tomcat. Very cool :)! And, best of all, I was able to confirm that with this, I can access the client certificate info from my JSPs. I'm just so close to what I need now, if I can just figure out how to enable or incorporate the CRL checking, as from a security standpoint, they won't let me deploy a PKI-enabled system if it doesn't support CRLs. Jim Shapira, Yoav wrote: Hi, I don't know about CRL support -- why not just try it out? Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 7:51 PM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Shapira, Yoav wrote: Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav, I had posted a number of messages about problems I was having, but in any event, thanks for the links. One other question: If I configure Tomcat (5.0.27) as a standalone SSL-enabled (client and server) webserver+container, will the Tomcat SSL handling support the use of certificate revocation lists (CRLs)? I've been trying to research this, and so far have had no luck finding anything on it, and, from the standpoint of security, support for CRLs is going to be a must-have if I go this direction. If you or anyone knows the answer to this question, please let me know. Thanks again, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New idea - Enable Tomcat for SSL?
Hi, I'm afraid I can't help much with CRLs on Tomcat. I've never done that before ;) I don't see much in the docs. I do see hits on Google, such as http://proj-grid-data-build.web.cern.ch/proj-grid-data-build/edg-java-se curity/edg-java-security-1.5.9/tomcat/Authentication_Admin_Guide.html, suggesting a custom SSLSocketFactory is in order. Tomcat of course lets you integrate whatever socket factory you want for your connector, and the one in the above links allows for CRL configuration. Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Friday, August 20, 2004 9:55 AM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Yoav, The problem is that I can't find any info at all on how to configure it to use a CRL. FYI, after an all-nighter, I was just able to get the client and server SSL part working with standalone Tomcat. Very cool :)! And, best of all, I was able to confirm that with this, I can access the client certificate info from my JSPs. I'm just so close to what I need now, if I can just figure out how to enable or incorporate the CRL checking, as from a security standpoint, they won't let me deploy a PKI-enabled system if it doesn't support CRLs. Jim Shapira, Yoav wrote: Hi, I don't know about CRL support -- why not just try it out? Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 7:51 PM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Shapira, Yoav wrote: Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav, I had posted a number of messages about problems I was having, but in any event, thanks for the links. One other question: If I configure Tomcat (5.0.27) as a standalone SSL-enabled (client and server) webserver+container, will the Tomcat SSL handling support the use of certificate revocation lists (CRLs)? I've been trying to research this, and so far have had no luck finding anything on it, and, from the standpoint of security, support for CRLs is going to be a must-have if I go this direction. If you or anyone knows the answer to this question, please let me know. Thanks again, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
Excuse me everyone who has talked on this thread, i haven't followed this thread closely, but why aren't you using a proven software for that matter like Apache HTTPD?. it has years of SSL patches, corrections and improvements, also, tomcat is just too slow to serve static content like images or large files. If you're concerned with security, you should never think on the first place to begin a new development, security has to have a process of maturity before you can decide something is *secure enough* Shapira, Yoav escribió: Hi, I'm afraid I can't help much with CRLs on Tomcat. I've never done that before ;) I don't see much in the docs. I do see hits on Google, such as http://proj-grid-data-build.web.cern.ch/proj-grid-data-build/edg-java-se curity/edg-java-security-1.5.9/tomcat/Authentication_Admin_Guide.html, suggesting a custom SSLSocketFactory is in order. Tomcat of course lets you integrate whatever socket factory you want for your connector, and the one in the above links allows for CRL configuration. Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Friday, August 20, 2004 9:55 AM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Yoav, The problem is that I can't find any info at all on how to configure it to use a CRL. FYI, after an all-nighter, I was just able to get the client and server SSL part working with standalone Tomcat. Very cool :)! And, best of all, I was able to confirm that with this, I can access the client certificate info from my JSPs. I'm just so close to what I need now, if I can just figure out how to enable or incorporate the CRL checking, as from a security standpoint, they won't let me deploy a PKI-enabled system if it doesn't support CRLs. Jim Shapira, Yoav wrote: Hi, I don't know about CRL support -- why not just try it out? Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 7:51 PM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Shapira, Yoav wrote: Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav, I had posted a number of messages about problems I was having, but in any event, thanks for the links. One other question: If I configure Tomcat (5.0.27) as a standalone SSL-enabled (client and server) webserver+container, will the Tomcat SSL handling support the use of certificate revocation lists (CRLs)? I've been trying to research this, and so far have had no luck finding anything on it, and, from the standpoint of security, support for CRLs is going to be a must-have if I go this direction. If you or anyone knows the answer to this question, please let me know. Thanks again, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
On Fri, Aug 20, 2004 at 10:11:01AM -0400, John Villar wrote: : tomcat is just too slow to serve : static content like images or large files. Says who? ;) -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
Somewhere on the net don't know where :-D. just in case, i did test it. with the JK2 integrator with IIS and Tomcat 5.0.19 the performance tripled comparing with Tomcat 5.0.19 alone of course, with a site that has *LOTS* of statically placed images QM escribió: On Fri, Aug 20, 2004 at 10:11:01AM -0400, John Villar wrote: : tomcat is just too slow to serve : static content like images or large files. Says who? ;) -QM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New idea - Enable Tomcat for SSL?
Hi, I just love it when people pop in to a thread with assertions and their own performance tripled benchmarks. http://jakarta.apache.org/tomcat/faq/performance.html#faster Stop basing your decisions on out of date information. Yoav Shapira Millennium Research Informatics -Original Message- From: John Villar [mailto:[EMAIL PROTECTED] Sent: Friday, August 20, 2004 10:18 AM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Somewhere on the net don't know where :-D. just in case, i did test it. with the JK2 integrator with IIS and Tomcat 5.0.19 the performance tripled comparing with Tomcat 5.0.19 alone of course, with a site that has *LOTS* of statically placed images QM escribió: On Fri, Aug 20, 2004 at 10:11:01AM -0400, John Villar wrote: : tomcat is just too slow to serve : static content like images or large files. Says who? ;) -QM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
John, FYI, that (Apache+SSL) was my first approach, and I spent over a week trying to get it working, and posted a bunch of times about my problems. I was able to get the SSL authentication working early on, but what I was struggling with is getting access to the client cert information from JSPs. In the end, I was able to conclude that the reason for that last problem was that the binaries that I was working with (Apache, mod_jk/jk2) were not compiled with the --EAPI directive, and that was preventing the SSL/client cert info from passing to Tomcat. Besides the fact that I'm kind of running out of time to get something working, so I wouldn't have the time to build Apache, mod_ssl, mod_jk/jk2, I'm working in an environment where the binaries are controlled and single-sourced internally, and so even if I did have the time, I wouldn't be allowed to do and deploy a 'special' build. After all of that, I turned back to Tomcat, and like I said, I'm that close now. Also, as I indicated in an earlier msg in this thread, this is not going to be a high-volume website, at most maybe 1-2 people at a time, so performance is not a major concern. Jim John Villar wrote: Excuse me everyone who has talked on this thread, i haven't followed this thread closely, but why aren't you using a proven software for that matter like Apache HTTPD?. it has years of SSL patches, corrections and improvements, also, tomcat is just too slow to serve static content like images or large files. If you're concerned with security, you should never think on the first place to begin a new development, security has to have a process of maturity before you can decide something is *secure enough* Shapira, Yoav escribió: Hi, I'm afraid I can't help much with CRLs on Tomcat. I've never done that before ;) I don't see much in the docs. I do see hits on Google, such as http://proj-grid-data-build.web.cern.ch/proj-grid-data-build/edg-java-se curity/edg-java-security-1.5.9/tomcat/Authentication_Admin_Guide.html, suggesting a custom SSLSocketFactory is in order. Tomcat of course lets you integrate whatever socket factory you want for your connector, and the one in the above links allows for CRL configuration. Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Friday, August 20, 2004 9:55 AM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Yoav, The problem is that I can't find any info at all on how to configure it to use a CRL. FYI, after an all-nighter, I was just able to get the client and server SSL part working with standalone Tomcat. Very cool :)! And, best of all, I was able to confirm that with this, I can access the client certificate info from my JSPs. I'm just so close to what I need now, if I can just figure out how to enable or incorporate the CRL checking, as from a security standpoint, they won't let me deploy a PKI-enabled system if it doesn't support CRLs. Jim Shapira, Yoav wrote: Hi, I don't know about CRL support -- why not just try it out? Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 7:51 PM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Shapira, Yoav wrote: Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav, I had posted a number of messages about problems I was having, but in any event, thanks for the links. One other question: If I configure Tomcat (5.0.27) as a standalone SSL-enabled (client and server) webserver+container, will the Tomcat SSL handling support the use of certificate revocation lists (CRLs)? I've been trying to research this, and so far have had no luck finding anything on it, and, from the standpoint of security, support for CRLs is going to be a must-have if I go this direction. If you or anyone knows the answer to this question, please let me know. Thanks again, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you
Re: New idea - Enable Tomcat for SSL?
Please, don't start a flame war with this but in my enviroment (W2K Server, IIS 5.0, Tomcat 5.0.19, MS SQL Server 2000, J2SDK 1.4.1_02) it considerabily faster with when working in integrated mode. you could blame the OS (possibly that's the cause) but its a fact for me and my customers Stop basing your decisions on out of date information. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
New idea - Enable Tomcat for SSL?
Hi, With the problems that I've posted about, trying to run Apache+Tomcat+mod_jk/jk2/proxy and not being able to retrieve the PKI client certificate information in JSPs, I'm now wondering if the best way to do this might be to just forget about Apache, and just run Tomcat by itself. I've seen some info that SEEMS to indicate that it's possible to configure Tomcat as a standalone webserver+container that supports both client and server SSL authentication, i.e., no Apache, no mod_xxx, etc. Can anyone confirm that this is true? Also, if this is true, does anyone know if I'll then be able to access the client certificate information from my JSPs? If anyone can point to some detailed instructions or HOWTOs on configuring Tomcat this way, I'd really appreciate it. This would be for the latest Tomcat (5.0.27?). Even in production, traffic on the server for my project is going to be very limited, so I'm thinking that this might be the easiest option, if it can work, and if it allows me to access the info in client certs from JSP. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New idea - Enable Tomcat for SSL?
Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 10:47 AM To: [EMAIL PROTECTED] Subject: New idea - Enable Tomcat for SSL? Hi, With the problems that I've posted about, trying to run Apache+Tomcat+mod_jk/jk2/proxy and not being able to retrieve the PKI client certificate information in JSPs, I'm now wondering if the best way to do this might be to just forget about Apache, and just run Tomcat by itself. I've seen some info that SEEMS to indicate that it's possible to configure Tomcat as a standalone webserver+container that supports both client and server SSL authentication, i.e., no Apache, no mod_xxx, etc. Can anyone confirm that this is true? Also, if this is true, does anyone know if I'll then be able to access the client certificate information from my JSPs? If anyone can point to some detailed instructions or HOWTOs on configuring Tomcat this way, I'd really appreciate it. This would be for the latest Tomcat (5.0.27?). Even in production, traffic on the server for my project is going to be very limited, so I'm thinking that this might be the easiest option, if it can work, and if it allows me to access the info in client certs from JSP. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
Shapira, Yoav wrote: Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav, I had posted a number of messages about problems I was having, but in any event, thanks for the links. One other question: If I configure Tomcat (5.0.27) as a standalone SSL-enabled (client and server) webserver+container, will the Tomcat SSL handling support the use of certificate revocation lists (CRLs)? I've been trying to research this, and so far have had no luck finding anything on it, and, from the standpoint of security, support for CRLs is going to be a must-have if I go this direction. If you or anyone knows the answer to this question, please let me know. Thanks again, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
hi out there i am actually new to servlets and tomcat ofcourse. Basically the problem is that i have a servlet that i want to run in Tomcat. If you could just please tell me simple steps on how to run a simple hello world servlet in tomcat ..i would really appreciate it. and also tell me what url i should use to run it thanks -bhaarat
Servlet Basics [WAS: Re: New idea - Enable Tomcat for SSL?]
On Thu, Aug 19, 2004 at 07:55:32PM -0400, [EMAIL PROTECTED] wrote: : i am actually new to servlets and tomcat ofcourse. Basically the problem is : that i have a servlet that i want to run in Tomcat. If you could just please : tell me simple steps on how to run a simple hello world servlet in tomcat ..i : would really appreciate it. and also tell me what url i should use to run it Hello, 1/ When you write to the list, please post a new message. Responding to an old message confuses thread-aware mailers, which makes it more difficult for a helpful person to see your request. I've changed both your subject and yanked the old message-ID to address this. 2/ Tomcat has extensive docs on this subject, as does Sun: http://jakarta.apache.org/tomcat http://java.sun.com -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat with SSL/secure=false
I am having problems with using SSL on Tomcat. When I add an SSL connector to my server.xml, Tomcat hangs on startup. I have been able to identify what causes it to hang, but I still can't figure out why this is happening. Here are the connectors I have defined in server.xml: Connector className=org.apache.coyote.tomcat5.CoyoteConnector acceptCount=100 bufferSize=2048 clientAuth=false compression=off connectionLinger=-1 connectionTimeout=2 connectionUploadTimeout=30 debug=0 disableUploadTimeout=true enableLookups=true keepAlive=true maxKeepAliveRequests=100 maxProcessors=100 minProcessors=5 port=8080 protocol=HTTP/1.1 protocolHandlerClassName=org.apache.coyote.http11.Http11Protocol proxyPort=0 redirectPort=8443 scheme=http secure=false serverSocketTimeout=0 tcpNoDelay=true tomcatAuthentication=true xpoweredBy=true /Connector Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=false keystoreFile=/home/www/.keystore keystorePass=changeit clientAuth=false sslProtocol=TLS Factory className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=/home/www/.keystore keystorePass=changeit/ /Connector If I set the secure attribute to false in the SSL connector, then Tomcat starts without problems. But if it is set to true, then Tomcat hangs when it loads the SSL connector. Has someone experienced this problem before? I am worried of implication of setting secure to false with regards to SSL connector. The version of Tomcat I use is 5.0.19. I am running Tomcat on FreeBSD 4.10 (I may be experiencing a limitation of the J2SDK FreeBSD port). Anybody else running Tomcat with SSL of FreeBSD? Martin __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 4.1.30 + SSL = Problems
I followed the instructions on the tomcat SSL Config page. I generated the .keystore file using changeit password. When I go to the test page http://localhost:8443/ I see 5 squares up in the left corner and that's it. Anyone encountered this?? I'm not sure how to proceed. I'm using Jdk 1.4.1 so I shouldn't have to download the JSSE files according to the instructions. Anyone please! /Fredrik
Re: Tomcat 4.1.30 + SSL = Problems
On 7/8/2004 3:46 PM, Fredrik Liden wrote: I followed the instructions on the tomcat SSL Config page. I generated the .keystore file using changeit password. When I go to the test page http://localhost:8443/ I see 5 squares up in the left corner and that's it. Anyone encountered this?? I'm not sure how to proceed. Use https://... instead of http://... I'm using Jdk 1.4.1 so I shouldn't have to download the JSSE files according to the instructions. Anyone please! /Fredrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 + SSL = Problems
=== Thu, Jul 08, 2004 at 05:35:05PM -0700 / Dennis Dai === I followed the instructions on the tomcat SSL Config page. I generated the .keystore file using changeit password. When I go to the test page http://localhost:8443/ I see 5 squares up in the left corner and that's it. Anyone encountered this?? I'm not sure how to proceed. Use https://... instead of http://... I'm using Jdk 1.4.1 so I shouldn't have to download the JSSE files according to the instructions. Anyone please! /Fredrik === End Quote === Wow, if only I'd held off a few more minutes on my mail; thanks, this was my problem as well. Is there a reason there's not a more legible error? Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 + SSL = Problems
: Use https://... instead of http://... : : Wow, if only I'd held off a few more minutes on my mail; thanks, this : was my problem as well. Is there a reason there's not a more legible : error? The server expects to complete an SSL-enabled handshake before your HTTP-level request makes it to Tomcat proper. Since you don't issue the GET/POST to Tomcat in this case, it certainly can't generate an HTTP-level error page in response. Sniff the connection and you'll see. The four squares are likely your brower's approximation of the non-ASCII chars it received from the server when attempting a handshake. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 + SSL = Problems
On 7/8/2004 7:39 PM, QM wrote: : Use https://... instead of http://... : : Wow, if only I'd held off a few more minutes on my mail; thanks, this : was my problem as well. Is there a reason there's not a more legible : error? The server expects to complete an SSL-enabled handshake before your HTTP-level request makes it to Tomcat proper. Since you don't issue the GET/POST to Tomcat in this case, it certainly can't generate an HTTP-level error page in response. Sniff the connection and you'll see. The four squares are likely your brower's approximation of the non-ASCII chars it received from the server when attempting a handshake. -QM Don't know how Apache's httpd server handles it - if I send an http request to the https port (eg. http://www.domain.com:443) which has ssl support, it managed to display something like: Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://www.domain.com:443/; I wonder if it's possible to hack the coyote connector to have the same behavior ... Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat with ssl
Hi, I search a good description to configure tomcat with ssl on port 443 and redirect from port 80. Has anyone a good solution? Regards, Frank
Re: Tomcat with ssl
Hello, in the official tomcat docu there is a good chapter about how to configure Tomcat with ssl. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html Check it out! Regards, Thilo Hi, I search a good description to configure tomcat with ssl on port 443 and redirect from port 80. Has anyone a good solution? Regards, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Tomcat with ssl
Thanks for the answer. But I have read this. I have a problem with redirect from port 80 to 443. I use tomcat 4.1.29. My server.xml contains this code: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 enableLookups=true debug=0 scheme=https secure=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS / /Connector It doesn't redirect if I will use http://www.myDomain.de/. https://www.myDomain.de functions. I have no idea. Regards, Frank -Ursprüngliche Nachricht- Von: Thilo Krawietz [mailto:[EMAIL PROTECTED] Gesendet: Montag, 5. Juli 2004 13:36 An: Tomcat Users List Betreff: Re: Tomcat with ssl Hello, in the official tomcat docu there is a good chapter about how to configure Tomcat with ssl. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html Check it out! Regards, Thilo Hi, I search a good description to configure tomcat with ssl on port 443 and redirect from port 80. Has anyone a good solution? Regards, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: Tomcat with ssl
hi you can implement it through a servlet filter. As far as i can remember there is a standard valve implementaion for Tomcat, which implements it for you. HTH, Alvin Alvin Antony Software Engineer Ludwig-Maximilians-Universitaet München Zentrale Universitaetsverwaltung Referat IIIA 3 (Anwendungs Entwicklung) Theresienstr. 37 / 2. Stock Zi. 249 80333 Muenchen phone +49 (089) 2180 - 4005 mail [EMAIL PROTECTED] web http://informationstechnik.verwaltung.uni-muenchen.de [EMAIL PROTECTED] 07/05/04 1:56 PM Thanks for the answer. But I have read this. I have a problem with redirect from port 80 to 443. I use tomcat 4.1.29. My server.xml contains this code: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 enableLookups=true debug=0 scheme=https secure=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS / /Connector It doesn't redirect if I will use http://www.myDomain.de/. https://www.myDomain.de functions. I have no idea. Regards, Frank -Ursprüngliche Nachricht- Von: Thilo Krawietz [mailto:[EMAIL PROTECTED] Gesendet: Montag, 5. Juli 2004 13:36 An: Tomcat Users List Betreff: Re: Tomcat with ssl Hello, in the official tomcat docu there is a good chapter about how to configure Tomcat with ssl. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html Check it out! Regards, Thilo Hi, I search a good description to configure tomcat with ssl on port 443 and redirect from port 80. Has anyone a good solution? Regards, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat + Apache + SSL
Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
I followed John Turner's Web page: http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-how-to.html and it worked perfectly. This site is only for connecting Tomcat and apache through a connector. But not sure about the ssl. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:41 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
Thanks Claudia, Do you know about TC5 and A2 -Mensaje original- De: Casas, Claudia [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 02:48 p.m. Para: Tomcat Users List Asunto: RE: Tomcat + Apache + SSL I followed John Turner's Web page: http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-how-to.html and it worked perfectly. This site is only for connecting Tomcat and apache through a connector. But not sure about the ssl. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:41 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 3:46 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
I tried did try to install tomcat5 and apache2 with success following the same steps. BUT, I could not get the connector working since it is recommended that you use the jk2 connector when using tomcat5 already. If you get it working, please let me know. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 3:46 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks Claudia, Do you know about TC5 and A2 -Mensaje original- De: Casas, Claudia [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 02:48 p.m. Para: Tomcat Users List Asunto: RE: Tomcat + Apache + SSL I followed John Turner's Web page: http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-how-to.html and it worked perfectly. This site is only for connecting Tomcat and apache through a connector. But not sure about the ssl. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:41 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 3:46 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately
Tomcat 5 + SSL
Hello all, I have a question about the SSL-handling in tomcat 5. The Apache Webserver has a feature, that allows to send not only the last certificate of a certificate chain, but the whole certificate chain. Example: I have a verisign certificate. The tomcat only sends this single certificate. The apache in contrast sends also the two higher-ranking verisign root certificates, so the browser or the client can take them to verify the server certificate. Is it possible to configure ssl in tomcat, that is works like the apache webserver and sends the full certificate chain to the client? - Jens - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and SSL
Hi, We're having problems getting Tomcat to work under SSL in WinXP and Win2K3. I have it configured and it serves up pages just fine. When we run load tests, however, it starts to fall apart. When the load increases the client starts showing up ConnectException: connection refused messages. Under http it works fine and handles an adequate load. I've set the maxThreads to 500 and am only running 400 concurrent client threads averaging out at around 20-30 rps at peak so I can't see that this is what is causing the problem. I have tried various versions of tomcat (4.1.18, 4.1.30, 5.0.16, 5.0.24) and all of them have the same problem. I also tried it through IIS and Apache using connectors and the same thing happens. I've tried playing with maxThreads, minThreads, maxKeepAlive, acceptCount and anything else I could find We've used both JMeter, a custom built java load client and a custom built .NET load client (just in case it was something to do with the JSSE) Any help or suggestions would be greatly appreciated. Jesse
Tomcat 4.1.30 SSL redirect half working
This is my first time using a mailing list, so hopefully I'm doing this right. I assume the same basic rules as usenet--text only, no attachments, bottom post, etc? Okay, my problem: I've set up Tomcat 4.1.30 for secure access via SSL. Unsecure port is 8080, secure port is 8081. I use Tomcat for J2EE application development, and the problem is related to that. Using basic authentication, things work fine. When I move from an unsecure to a secure area of my application, the dialog box pops up and upon entering the correct user/password, I'm redirected to the secure port. However, if I change to form based authentication, when trying to send me to the form, it sends me to the unsecure port using https. In other words: https://localhost:8080/secureApp/login.jsp It should be sending me to 8081. Any clue why this would happen? My connectors in server.xml are below. If you need other info, just ask. Connector className=org.apache.coyote.tomcat4.CoyoteConnector acceptCount=100 bufferSize=2048 compression=off connectionLinger=-1 connectionTimeout=2 connectionUploadTimeout=30 debug=0 disableUploadTimeout=true enableLookups=true maxKeepAliveRequests=100 maxProcessors=75 minProcessors=5 port=8080 protocolHandlerClassName=org.apache.coyote.http11.Http11Protocol proxyPort=0 redirectPort=8081 scheme=http secure=false serverSocketTimeout=0 tcpNoDelay=true tomcatAuthentication=true useBodyEncodingForURI=true useURIValidationHack=false Factory className=org.apache.catalina.net.DefaultServerSocketFactory/ /Connector Connector className=org.apache.coyote.tomcat4.CoyoteConnector acceptCount=10 bufferSize=2048 compression=off connectionLinger=-1 connectionTimeout=2 connectionUploadTimeout=30 debug=0 disableUploadTimeout=false enableLookups=true maxKeepAliveRequests=100 maxProcessors=75 minProcessors=5 port=8009 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler proxyPort=0 redirectPort=8081 scheme=http secure=false serverSocketTimeout=0 tcpNoDelay=true tomcatAuthentication=true useBodyEncodingForURI=true useURIValidationHack=false Factory className=org.apache.catalina.net.DefaultServerSocketFactory/ /Connector Connector className=org.apache.catalina.connector.http.HttpConnector port=8081 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false keystoreFile=.keystore protocol=TLS/ /Connector ___ Check-out GO.com GO get your free GO E-Mail account with expanded storage of 6 MB! http://mail.go.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat 4.04 SSL third party certificates..does it work? need help
Attempting to SSL enable tomcat 4.04. Have implemented JSSE. SSL works fine when I create a keystore with a self generated certificate. keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore We now want to cutover using a production certificate. We create a .cer file by accessing our production web site and export the certificate to a .cer file. then using the keytool we import the .cer file keytool -v -import -file prod.cer -keystore .keystore When we inspect the .keystore file using the -list switch we see the original self signed certificate and the production certificate. Now when we implement the .keystore in tomcat, only the original self generated certificate is presented to the browser, not the production certificate. So, using the keytool we delete the original self generated certificate. So we are only left with the newly imported production certificate. When we implement this updated .keystore file with only the production cert, the browser and tomcat fail to negotiate. Tomcat binds to port 8843 but the ssl negotiation between browser and server is hosed. Has anybody ever gotten tomcat ssl to work with a non self generated certificate? Can you please help? Thanks, John D'Esposito IBM Global Web Architecture - Project Office - Application Integration phone: 732-927-0399
Embedded Tomcat and SSL
I have a problem that I'm unfortunately finding little documentation to help. I'm writing a servlet and embedding it in a larger Java program by using the org.apache.catalina.startup.Embedded class. Things have been working fine up until now. I'm currently trying to add SSL support so that the servlet can operate securely. The only information that I can find about configuring Tomcat to do this is in the config files. This won't work for me - I need to do it programmatically like I'm doing everything else. From what I can understand, I need to create a connector for port 443, and then attach a special socket factory that deals in SSL to this connector. I thought I've done this, as well as configuring this socket factory to read the keystore where I have the necessary certificates. What I see when I run this code is I can connect to port 80 correctly (as was working before), and I can even connect to 443 if I specify http and this works (not sure why). If I try https with 443 then my browser just hangs and I can't seem to see anything going on at the server side. I've created my keystore properly. I acted as my own CA and dummied it all up - even installed the root certificate into Windows so that the browser could find it correctly. For some reason, I don't even think that the keystore file is being accessed. Any ideas on what I need to do? I'm attaching the important parts of the code that worked before and what I did to change it. Thanks for any help, Sander Smith // standard stuff to embed Tomcat Engine engine = null; // Set the home directory System.setProperty(catalina.home, getPath().externalForm()); // Create an embedded server embedded = new Embedded(); // print all log statements to standard error embedded.setDebug(0); // Create an engine engine = embedded.createEngine(); engine.setDefaultHost(localhost); // Create a default virtual host host = embedded.createHost(localhost, webapps); engine.addChild(host); Context context = embedded.createContext(/xxx, xxx.war); context.addParameter(INSTALL_DIR, getPath().externalForm()); host.addChild(context); // Install the assembled container hierarchy embedded.addEngine(engine); /*** ^ Start SSL Code ***/ SSLServerSocketFactoryssf = new SSLServerSocketFactory(); ssf.setKeystoreFile(c:\\KS.Keystore); ssf.setKeystorePass(KSPASSWORD); // Assemble and install a default HTTP connector Connector connector = embedded.createConnector(null, 80, false); embedded.addConnector(connector); connector = embedded.createConnector(null, 443, true); connector.setFactory(ssf); embedded.addConnector(connector); /*** ^ END SSL Code ***/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat and SSL
Sander Smith wrote: I have a problem that I'm unfortunately finding little documentation to help. I'm writing a servlet and embedding it in a larger Java program by using the org.apache.catalina.startup.Embedded class. Things have been working fine up until now. I'm currently trying to add SSL support so that the servlet can operate securely. The only information that I can find about configuring Tomcat to do this is in the config files. This won't work for me - I need to do it programmatically like I'm doing everything else. From what I can understand, I need to create a connector for port 443, and then attach a special socket factory that deals in SSL to this connector. I thought I've done this, as well as configuring this socket factory to read the keystore where I have the necessary certificates. What I see when I run this code is I can connect to port 80 correctly (as was working before), and I can even connect to 443 if I specify http and this works (not sure why). If I try https with 443 then my browser just hangs and I can't seem to see anything going on at the server side. I've created my keystore properly. I acted as my own CA and dummied it all up - even installed the root certificate into Windows so that the browser could find it correctly. For some reason, I don't even think that the keystore file is being accessed. Any ideas on what I need to do? I'm attaching the important parts of the code that worked before and what I did to change it. You don't need to set the SSLServerSocketFactory. All you need to do is to call: connector.setKeyAlias(...) directly. Tomcat will take care of creating the factory. Thanks. -- Jeanfrancois Thanks for any help, Sander Smith // standard stuff to embed Tomcat Engine engine = null; // Set the home directory System.setProperty(catalina.home, getPath().externalForm()); // Create an embedded server embedded = new Embedded(); // print all log statements to standard error embedded.setDebug(0); // Create an engine engine = embedded.createEngine(); engine.setDefaultHost(localhost); // Create a default virtual host host = embedded.createHost(localhost, webapps); engine.addChild(host); Context context = embedded.createContext(/xxx, xxx.war); context.addParameter(INSTALL_DIR, getPath().externalForm()); host.addChild(context); // Install the assembled container hierarchy embedded.addEngine(engine); /*** ^ Start SSL Code ***/ SSLServerSocketFactoryssf = new SSLServerSocketFactory(); ssf.setKeystoreFile(c:\\KS.Keystore); ssf.setKeystorePass(KSPASSWORD); // Assemble and install a default HTTP connector Connector connector = embedded.createConnector(null, 80, false); embedded.addConnector(connector); connector = embedded.createConnector(null, 443, true); connector.setFactory(ssf); embedded.addConnector(connector); /*** ^ END SSL Code ***/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache/jk2/Tomcat with SSL
Hi, We are planning to move a XML/HTTP B2B app from ASP/IIS to JSP/Apache+Tomcat. To make the migration easy, I decided to run this on Windows 2000. We use SSL (with client authentication) for securing the transactions. I plan to have the following configuration Windows 2000 Apache 2.x jk2 Tomcat 4.1.x mod_ssl This should be highly scalable, supporting upto 100 concurrent requests. Did you work with above configuration? Do you see any issues? thank you, Vishu MMS firstam.com made the following annotations on 05/19/2004 03:06:26 PM -- THIS E-MAIL MESSAGE AND ANY FILES TRANSMITTED HEREWITH, ARE INTENDED SOLELY FOR THE USE OF THE INDIVIDUAL(S) ADDRESSED AND MAY CONTAIN CONFIDENTIAL, PROPRIETARY OR PRIVILEGED INFORMATION. IF YOU ARE NOT THE ADDRESSEE INDICATED IN THIS MESSAGE (OR RESPONSIBLE FOR DELIVERY OF THIS MESSAGE TO SUCH PERSON) YOU MAY NOT REVIEW, USE, DISCLOSE OR DISTRIBUTE THIS MESSAGE OR ANY FILES TRANSMITTED HEREWITH. IF YOU RECEIVE THIS MESSAGE IN ERROR, PLEASE CONTACT THE SENDER BY REPLY E-MAIL AND DELETE THIS MESSAGE AND ALL COPIES OF IT FROM YOUR SYSTEM. == - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat with SSL
I believe that you can't use IBM's JSSE with the HttpConnector. You have to use the CoyoteConnector. Hiemer, Bernhard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Tomcat-Users, I found out, that my problem depends on the configuration of the security providers in the java.security file. (On my machine is installed jsse from IBM and Sun). If the configuration is security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.jsse.JSSEProvider security.provider.3=com.sun.net.ssl.internal.ssl.Provider I get the following Exception Catalina.start: LifecycleException: null.open: java.security.NoSuchAlgorithmException: Class com.ibm.jsse.ba configured for SSLContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) at org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) ... In the other case, when the configuration-file looks like security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.ibm.jsse.JSSEProvider this error message occurs: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError The relevant part of the server.xml file is: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS keystoreFile=C:\Programme\IBM\WebSphere Studio\Application Developer\v5.1\runtimes\base_v5\java\jre\lib\security\test keystorePass=changeit / /Connector In the first case it looks like the two different jsse implementations cause the problem. But how to configure it right? Can anyone give me any suggestions? Thanks Bernhard -Ursprüngliche Nachricht- Von: Hiemer, Bernhard Gesendet: Freitag, 16. April 2004 08:00 An: '[EMAIL PROTECTED]' Betreff: Tomcat with SSL Hi at all! I´m trying to configure my Tomcat-Standalone for SSL-Support. I use Win XP, JRE 1.3.1 and JSSE 1.0.3_02. The Tomcat-Versions I tried are 4.1.30 and 5.0.19. I worked along the HOW-TO on the Jakarta-Website: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html BUT I receive the following error on startup of Tomcat: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError I have already tried the Options -Xmx512m -Xms128m to give the VM more memory. What´s to do now? Thanks in advance for each little help! Bernhard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
