Re: Tomcat FREAK Issue
Hello Christopher, Did you or anyone have a gauge on how we might fix this? Thank you! On Thu, Jul 14, 2016 at 8:04 PM, uzair rashid <uzairrashi...@gmail.com> wrote: > Hello Chris, > > We are using Tomcat version: 6.0.36.0 > > JRE 1.6.0 > > Do you think I need to change the settings to the following: > > > > > maxThreads="150" > > SSLEnabled="true" > > minSpareThreads="25" > > enableLookups="false" > > disableUploadTimeout="true" > > acceptCount="100" > > scheme="https" > > secure="true" > > clientAuth="false" > > SSLProtocol="TLSv1,TLSv1.1,TLSv1.2" > > > ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" > > keystorePass="password" > > keystoreFile="/otex/tomcat/.keystore"/> > > > > > > > maxThreads="150" > > SSLEnabled="true" > > minSpareThreads="25" > > enableLookups="false" > > disableUploadTimeout="true" > > acceptCount="100" > > scheme="https" > > secure="true" > > clientAuth="false" > > SSLProtocol="TLSv1,TLSv1.1,TLSv1.2" > > > ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" > > keystorePass="password" > > keystoreFile="/otex/tomcat/.keystore"/> > > > > Really look forward to your expertise on this. > > > Thank you > > > > > > On Thu, Jul 14, 2016 at 7:07 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Uzair, >> >> On 7/14/16 10:12 AM, uzair rashid wrote: >> > Running Tomcat 6.x >> >> Which one exactly? >> >> > and every week during vulnerability scans we are having the >> > following results: >> > >> > Vulnerability References: >> > >> > SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability >> > >> > Impact: Exploitation allows an attacker to bypass security >> > restrictions on the targeted host. Solution: Disable RSA_EXPORT >> > cipher suites. Do not use temporary RSA key multiple times >> > Result: #table cols=2 Public key source key size Public key in >> > certificate 2048(bits) Temporary RSA key 512(bits) >> > >> > [snip] >> > >> > >> > > > SSLEnabled="true" minSpareThreads="25" enableLookups="false" >> > disableUploadTimeout="true" acceptCount="100" scheme="https" >> > secure="true" clientAuth="false" sslProtocol="TLS" >> > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" >> > ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_ >> 128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES >> _256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SH >> A,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" >> > >> > >> SSLCipherSuite="!EXPORT" >> >> Are you using tcnative+APR+OpenSSL or JSSE? "ciphers" is for JSSE and >> SSLCipherSuite is for tcnative+APR+OpenSSL. Either case you should be >> good. >> >> What version of Java are you using? >> >> - -chris >> -BEGIN PGP SIGNATURE- >> Comment: GPGTools - http://gpgtools.org >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iEYEARECAAYFAleIRXsACgkQ9CaO5/Lv0PDuxwCgnlmNaVSkDH4bEHXFEsWcwVxL >> jsYAoLPDf4y6FI0Np/DVPDxL6ijVkhgY >> =X5B9 >> -END PGP SIGNATURE- >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
Re: Tomcat FREAK Issue
Hello Chris, We are using Tomcat version: 6.0.36.0 JRE 1.6.0 Do you think I need to change the settings to the following: Really look forward to your expertise on this. Thank you On Thu, Jul 14, 2016 at 7:07 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Uzair, > > On 7/14/16 10:12 AM, uzair rashid wrote: > > Running Tomcat 6.x > > Which one exactly? > > > and every week during vulnerability scans we are having the > > following results: > > > > Vulnerability References: > > > > SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability > > > > Impact: Exploitation allows an attacker to bypass security > > restrictions on the targeted host. Solution: Disable RSA_EXPORT > > cipher suites. Do not use temporary RSA key multiple times > > Result: #table cols=2 Public key source key size Public key in > > certificate 2048(bits) Temporary RSA key 512(bits) > > > > [snip] > > > > > > > SSLEnabled="true" minSpareThreads="25" enableLookups="false" > > disableUploadTimeout="true" acceptCount="100" scheme="https" > > secure="true" clientAuth="false" sslProtocol="TLS" > > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" > > ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_ > 128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES > _256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SH > A,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" > > > > > SSLCipherSuite="!EXPORT" > > Are you using tcnative+APR+OpenSSL or JSSE? "ciphers" is for JSSE and > SSLCipherSuite is for tcnative+APR+OpenSSL. Either case you should be > good. > > What version of Java are you using? > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAleIRXsACgkQ9CaO5/Lv0PDuxwCgnlmNaVSkDH4bEHXFEsWcwVxL > jsYAoLPDf4y6FI0Np/DVPDxL6ijVkhgY > =X5B9 > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: SSL/TLS and ciphers vulnerability
Jeffrey, Working for a corporation that has strict ssl and security requirements.. There is no way to use the tools you suggested, since the tomcat URLs are not exposed. On Thu, Jul 14, 2016 at 8:41 AM, Jeffrey Jannerwrote: > Hi folks, > > I've been off the list for a bit, getting ducks in a row here and > everything. > I noticed a number of posts about SSL & TLS security settings lately and I > wanted to point out that maintaining your SSL configurations is an on-going > processes. > New exploits are discovered and released quite often, and often the fault > lies with a cipher and not necessarily an overall SSL/TLS protocol. > So using a cipher list like "all except RC4" is probably not sufficient > anymore. > And what is secure may depend completely on the SSL/TLS software you use, > be it OpenSSL or Java's built in SSL libraries. > For example, with OpenSSL, you should be using 1.0.1t or higher, and even > then only TLS1.2 with a handful of ciphers. > I'm not sure what the recommended options for java's libraries are at the > moment. > A really good, free tool is Qualys' SSL Labs server test tool located at: > https://www.ssllabs.com/ssltest/ > Run that against your implementation and follow its recommendations. > > Of course, at the end of the day, it will be up to you and your firm to > decide what risks you are willing to take with your SSL communications and > whether or not you need to support insecure browsers, i.e. browsers that > cannot negotiate up to the most secure protocol and ciphers. > > Jeffrey Janner > p.s. Qualys also has a test suite for the browsers that you use. > >
Tomcat FREAK Issue
Hello Experts: Running Tomcat 6.x and every week during vulnerability scans we are having the following results: Vulnerability References: SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability Impact: Exploitation allows an attacker to bypass security restrictions on the targeted host. Solution: Disable RSA_EXPORT cipher suites. Do not use temporary RSA key multiple times Result: #table cols=2 Public key source key size Public key in certificate 2048(bits) Temporary RSA key 512(bits) Could someone please help? Server.xml:
clustered environment
Hello Experts Background,: windows boxes, cms servers, bobj, tomcat servers 7.057. Distributed landscape. (Clustered) Ive configured the server xml for clustering and distributable to true in the web xml. In the cms, we have a Java null pointer exception. At login it first says page is expired and then once in it gives an jasperexception.java.lang.nullpointer exception: while trying to invoke the method cpm.businessobjects.bip.core.web.appcontext.appweb session context. Get productlocale () of an object returned . The peculiar thing is, in our production environment, there is absolutely no issue. Things, I've tried: 1. Matched conf directory to production 2. Deleted tomcat work directory 3. Restarted tomcat Stderr below: 2016-02-29 18:00:56 Commons Daemon procrun stderr initialized Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server version:Apache Tomcat/7.0.57 Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server built: Nov 3 2014 08:39:16 UTC Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server number: 7.0.57.0 Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Name: Windows Server 2008 R2 Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Version:6.1 Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Architecture: amd64 Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: JAVA_HOME: d:\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Version: 6.1.044 Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Vendor:SAP AG Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_BASE: d:\SAP BusinessObjects\tomcat\ Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_HOME: d:\SAP BusinessObjects\tomcat\ Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.library.path=C:\Windows\SysWOW64\;d:\SAP Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\SAP Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: Enterprise Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: XI Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: 4.0\win64_x64\ Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.base=d:\SAP Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\tomcat\ Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.home=d:\SAP Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\tomcat\ Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.endorsed.dirs=d:\SAP Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\tomcat\common\endorsed\ Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dbobj.enterprise.home=d:\SAP Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\SAP Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: Enterprise Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: XI Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: 4.0\ Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Xrs Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -XX:MaxPermSize=384M Feb 29, 2016 6:01:03 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.awt.headless=true Feb 29, 2016 6:01:03 PM
Tomcat 5.0.xx migration
Hello Experts: Most of our business is running Tomcat 7.x.xx or later. But, we have a business function of ours that is using Tomcat 5.0.xx. Unfortunately, this is causing a lot of issues in terms of vulnerability remediation. Apache Tomcat Servlet Host Manager Servlet Cross-Site Scripting Vulnerability Apache Tomcat Information Disclosure Vulnerability Apache Tomcat Accept-Language Cross-Site Scripting Vulnerability Apache Tomcat JavaDoc Spoofing Vulnerability Apache Tomcat 4, 5 and 6 Examples Web Application Multiple Cross-Site Scripting Vulnerabilities Apache Tomcat 4 and 5 Cross-Site Scripting Vulnerability in Calender Application in JSP Examples Apache Tomcat 5 Cross-Site Scripting in implicit-objects.jsp of "Examples" Application Apache Tomcat Multiple Content Length Headers Information Disclosure Vulnerability Apache Tomcat Multiple Cross-Site Scripting Vulnerabilities in Manager and Host Manager Web Applications Apache Tomcat 4 and 5 Multiple Cross-Site Scripting Vulnerabilities The above is what were are experiencing and we are running Crystal Report as well. Could someone please guide me in the most efficient way to upgrade? My thought process is 5.0.xx to 5.5 then migration to 6 or 7? We are running windows 2003. I’m not even sure if it will support it? I am unable to find any process documents or guidance on how to go about the upgrade process and which version could help us in vulnerability remediation. Could someone please help me? This is extremely time sensitive to our business needs. Cheers!
SSL FREAK vulnerability issue
I am having an issue with tomcat version: Apache Tomcat 7.0.57 . Windows Server 2008 R2 Enterprise. I am using mssql and BOBJ as well. The issue is our servers are noticing a FREAK vulnerability issue during scan.. Could someone please help me address how to fix FREAK vulnerability in Tomcat. I am copying server.xml and web.xml Here is our server.xml: ?xml version=1.0 encoding=UTF-8?!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --!-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html --Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.startup.VersionLoggerListener/ !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener/ !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener/ !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml/ /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 compression=on URIEncoding=UTF-8 compressionMinSize=2048 noCompressionUserAgents=gozilla, traviata compressableMimeType=text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/json/ !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 SSLEnabled=true minSpareThreads=25 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true sslProtocol=TLS clientAuth=false ciphers=SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA keystorePass=PRIVATE keystoreFile=*/ !-- Define a HTTP/1.1 Connector on port 8443, JSSE BIO implementation -- Connector/Connectorprotocol=org.apache.coyote.http11.Http11Protocol port=8443 .../ !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !-- You should set jvmRoute to support load-balancing via AJP ie : Engine name=Catalina defaultHost=localhost jvmRoute=jvm1 -- Engine name=Catalina defaultHost=localhost !--For clustering, please take a
Re: Parse and SSL issue
(SAXParserImpl.java:522) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1580) at org.apache.catalina.users.MemoryUserDatabase.open(MemoryUserDatabase.java:432) at org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:102) at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:141) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304) On Sat, Jul 18, 2015 at 1:34 AM, Konstantin Kolinko knst.koli...@gmail.com wrote: .2015-07-17 21:19 GMT+03:00 uzair rashid uzairrashi...@gmail.com: Hello: I am having an issue with tomcat version: Apache Tomcat 7.0.57 . Windows Server 2008 R2 Enterprise. I am using mssql and bobj as well. I am having a few issues one seems to be related to ssl/apr... maybe my sslcipher should just be ciphers? and second issue i'm having is a saxparse issue. Here is my stderr.log: 2015-07-17 09:56:43 Commons Daemon procrun stderr initialized Jul 17, 2015 9:56:48 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxSpareThreads' to '75' did not find a matching property. Jul 17, 2015 9:56:48 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'debug' to '0' did not find a matching property. Note the above warnings. There are no such configuration options in your version of Tomcat. If you used some obsolete documentation, throw it away. Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Server version:Apache Tomcat/7.0.57 Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Server built: Nov 3 2014 08:39:16 UTC Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Server number: 7.0.57.0 Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Name: Windows Server 2008 R2 Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Version:6.1 Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Architecture: amd64 Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: JAVA_HOME: d:\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Version: 6.1.044 Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Vendor:SAP AG Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_BASE: d:\SAP BusinessObjects\tomcat\ Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_HOME: d:\SAP BusinessObjects\tomcat\ Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.library.path=C:\Windows\SysWOW64\;d:\SAP Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\SAP Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: Enterprise Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: XI Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: 4.0\win64_x64\ Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.base=d:\SAP Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\tomcat\ Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.home=d:\SAP Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\tomcat\ Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.endorsed.dirs=d:\SAP Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\tomcat\common\endorsed\ Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dbobj.enterprise.home=d:\SAP Jul 17, 2015 9:56:49 AM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: BusinessObjects\SAP
Re: Please help
Hello Chuck: Thank you! INFO: Command line argument: -Xss1024k Jul 16, 2015 5:09:49 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Loaded APR based Apache Tomcat Native library 1.1.32 using APR version 1.5.1. Jul 16, 2015 5:09:49 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jul 16, 2015 5:09:51 PM org.apache.catalina.core.AprLifecycleListener initializeSSL INFO: OpenSSL successfully initialized (OpenSSL 1.0.1j 15 Oct 2014) Jul 16, 2015 5:09:51 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-apr-8080] Jul 16, 2015 5:09:52 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-apr-8443] Jul 16, 2015 5:09:52 PM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:490) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at org.apache.catalina.startup.Catalina.load(Catalina.java:663) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) I missed that point of the error as well! Could you please give your input On Thu, Jul 16, 2015 at 8:25 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: uzair rashid [mailto:uzairrashi...@gmail.com] Subject: Please help Please help as a subject line is not terribly useful, is it? I am using Apache Tomcat 7.0.57.. Good to know; many people forget to mention the version they're using. I have configured my server.xml as follows: Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Realm SEVERE: Parse Fatal Error at line 36 column 4: XML document structures must start and end within the same entity. You have both an end tag and an empty element - pick one or the other. Any decent XML editor will highlight the syntax error. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -Original Message- From: uzair rashid [mailto:uzairrashi...@gmail.com] Sent: 2015 July 16, Thursday 19:33 To: users@tomcat.apache.org Subject: Please help Hello: I am using Apache Tomcat 7.0.57.. I have configured my server.xml as follows: ?xml version=1.0 encoding=UTF-8?!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --!-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html --Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.startup.VersionLoggerListener/ !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on/ !--Initialize Jasper prior to webapps are loaded. Documentation
Please help
) at org.apache.catalina.users.MemoryUserDatabase.open(MemoryUserDatabase.java:432) at org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:102) at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:141) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304) at org.apache.naming.NamingContext.lookup(NamingContext.java:842) at org.apache.naming.NamingContext.lookup(NamingContext.java:167) at org.apache.catalina.realm.UserDatabaseRealm.startInternal(UserDatabaseRealm.java:253) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.realm.CombinedRealm.startInternal(CombinedRealm.java:201) at org.apache.catalina.realm.LockOutRealm.startInternal(LockOutRealm.java:120) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1109) Can you please guide me in the right direction Regards Uzair Rashid