Fwd to the list
> Anfang der weitergeleiteten Nachricht:
>
> Von: Léonard WAMBERGUE <leonard.wambergue...@gmail.com>
> Betreff: RE : Re: Install Comodo SSL in Tomcat
> Datum: 27. Januar 2020 um 21:40:58 MEZ
> An: logo <l...@kreuser.name>
>
> Peter,
>
> Thank for your help, since my email i was able to find a solution now my
> website can be reach by 8443. The next step is to make disappear the port in
> url if you have any ideas but actually it’s work !
> However, i noticed that i have this in my Catalina.out :
> 27-Jan-2020 18:36:54.764 SEVERE [main]
> org.apache.catalina.startup.HostConfig.beforeStart Unable to create directory
> for deployment: [/opt/tomcat/conf/Catalina/localhost]
>
> 27-Jan-2020 19:21:35.463 WARNING [main]
> org.apache.catalina.startup.SetAllPropertiesRule.begin
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'maxSpareThreads' to '75' did not find a matching property.
>
> The main problem is solve !
>
> Regards,
>
>
>
> Provenance : Courrier <https://go.microsoft.com/fwlink/?LinkId=550986> pour
> Windows 10
>
> De : logo <mailto:l...@kreuser.name>
> Envoyé le :lundi 27 janvier 2020 21:35
> À : Tomcat Users List <mailto:users@tomcat.apache.org>
> Cc : Léonard WAMBERGUE <mailto:leonard.wambergue...@gmail.com>
> Objet :Re: Install Comodo SSL in Tomcat
>
> Leonard,
>
>
> Am 27.01.2020 um 18:50 schrieb Léonard WAMBERGUE
> <leonard.wambergue...@gmail.com <mailto:leonard.wambergue...@gmail.com>>:
>
> Peter,
>
> I hadn’t seen that i hadn’t answered to all.
>
> Comodo didn’t send me a key file, *they* = Hostinger, and i can download a
> zip from their website with my certificates and my server key but i don’t
> have the CSR.
>
>
> Still not helpful if your hoster has the private key - that’s not what
> private means!!!! If you have access to openssl you could create the CSR
> yourself and the reissue the cert. Or think about moving to Let’s Encrypt and
> save the money. But that’s a future step. Let’s get you to https first!!!
>
>
>
>
> The JKS file was made with :
> openssl pkcs12 -export -in my.crt -inkey my.key -certfile my.ca
> <http://my.ca/>-bundle -out my.pf
> keytool -importkeystore -srckeystore my.pfx -srcstoretype pkcs12
> -destkeystore my.jks -deststoretype jks
> So i can’t add any alias with those 2 lines. And without alias i can’t change
> it with -changealias
>
>
> Could you try
>
> openssl pkcs12 -export -in my.crt -inkey my.key -name tomcat -certfile my.ca
> <http://my.ca/>-bundle -out my.jks <<— the output of pkcs12 is already a
> jks!!! and -name tomcat is the alias
>
> keytool -list -v -keystore my.jks
>
>
> A onliner!
>
> Hope this helps
>
> Peter
>
>
> The connector actually look like :
> « <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150"
> minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false"
> disableUploadTimeout="true" acceptCount="100" scheme="https"
> secure="true" SSLEnabled="true" clientAuth="false"
> sslProtocol="all"
> keystoreFile="/opt/tomcat/certs/my.jks" SSLPassword="mypass"
> keystorePass="mypass"/> »
> Thank for helping me
>
>
> Provenance : Courrier <https://go.microsoft.com/fwlink/?LinkId=550986> pour
> Windows 10
>
> De : logo <mailto:l...@kreuser.name>
> Envoyé le :lundi 27 janvier 2020 17:32
> À : Tomcat Users List <mailto:users@tomcat.apache.org>
> Cc : Léonard WAMBERGUE <mailto:leonard.wambergue...@gmail.com>
> Objet :Re: RE : Install Comodo SSL in Tomcat
>
> Leonard,
>
>
> Am 2020-01-27 16:53, schrieb Léonard WAMBERGUE:
> > Ok so i have find this error (severe) in my Catalina.out about
> > connector :
> >
> > 27-Jan-2020 10:52:23.625 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["http-nio-194.5.159.189-8080"]
> > 27-Jan-2020 10:52:23.760 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["https-openssl-nio-443"]
> > 27-Jan-2020 10:52:23.764 SEVERE [main]
> > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
> > to initialize component [Connector[HTTP/1.1-443]]
> > org.apache.catalina.LifecycleException: Protocol handler
> > initialization failed
> > at
> > org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
> > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> > at
> > org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
> > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> > at
> > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057)
> > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> > at
> > org.apache.catalina.startup.Catalina.load(Catalina.java:584)
> > at
> > org.apache.catalina.startup.Catalina.load(Catalina.java:607)
> > at
> > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> > Method)
> > at
> > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > at
> > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at
> > java.base/java.lang.reflect.Method.invoke(Method.java:566)
> > at
> > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
> > at
> > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
> > Caused by: java.net.SocketException: Permission denied
> > at java.base/sun.nio.ch.Net.bind0(Native Method)
> > at java.base/sun.nio.ch.Net.bind(Net.java:455)
> > at java.base/sun.nio.ch.Net.bind(Net.java:447)
> > at
>
>
> that looks like you're trying to start a privileged port without being
> root.
>
> try to start on port 8443, and see if you can connect.
>
> After that you may need a natting to map port 443 to 8443. (you should
> not start tomcat as root or privileged windows user)
>
> Peter.
>
> > java.base/sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:227)
> > at
> > java.base/sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:80)
> > at
> > org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:229)
> > at
> > org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:212)
> > at
> > org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
> > at
> > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154)
> > at
> > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:575)
> > at
> > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
> > at
> > org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
> > ... 13 more
> >
> > I will add an alias to my keystore and i had seen others errors in
> > context.xml but i never edit this file.
> > Provenance : Courrier pour Windows 10
> >
> > De : Christopher Schultz
> > Envoyé le :lundi 27 janvier 2020 14:24
> > À : users@tomcat.apache.org <mailto:users@tomcat.apache.org>
> > Objet :Re: Install Comodo SSL in Tomcat
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Léonard,
> >
> > On 1/27/20 4:57 AM, Léonard WAMBERGUE wrote:
> >> I’m resending this email because i wasn’t well subscribed to users.
> >> I have a VPS server which turn with Ubuntu and i had install
> >> apache/maven and tomcat.> My server version is Apache
> >> Tomcat/9.0.30.
> >>
> >> So i deploy my webapp with a ROOT.war file in tomcat. The website
> >> is running on port 8080 and 80 with a redirection. Now i am trying
> >> to install a Comodo SSL to my website and configure my 443 port in
> >> order to use Something like https://mydomain.com <https://mydomain.com/>.
> >>
> >> After purchasing my comodo certificate i received a zip which
> >> containing a key file, a bundle and .crt like mydomain.crt.
> > Are you sure Comodo send you a .key file? That would be very unusual.
> >
> > When you applied for the certificate, did you send them a Certificate
> > Signing Request (CSR)? Or did *they* generate the server-key for you?
> > You should never let anyone else generate your server key for you.
> >
> >> I had already configure mydomain.jks with a keystore and configure
> >> my connector with this code :
> > What is in the JKS file? Did you add anything from the ZIP file into
> > the JKS file?
> >
> >> <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"
> >> minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
> >> disableUploadTimeout="true" acceptCount="100" scheme="https"
> >> secure="true" SSLEnabled="true" clientAuth="false"
> >> sslProtocol="TLS" keystoreFile="/opt/tomcat/certs/my.jks"
> >> keystorePass="myPass"/>
> >
> > That looks okay to me, except that you don't have a certificate
> > "alias" listed, so Tomcat will choose the first certificate it finds
> > in the store, which may not be the one you want to use.
> >
> > The contents of the JKS file are pretty important for us to see. You
> > can dump the file like this:
> >
> > $ keytool -list -keystore /opt/tomcat/certs/my.jks -storetype JKS
> >
> >> But when i’m trying to connect to https://mydomain.com
> >> <https://mydomain.com/> i have
> >> err_connection_refused and this website don’t allow connexion.
> > What do the logs say on startup? If the <Connector> cannot start, it
> > won't bind to the socket and you'll get "connection refused" on the
> > client side.
> >
> >> I had already search many hours how to configure my ssl and i’m a
> >> beginner. I had already try to configure ufw but actually it
> >> doesn’t work.
> >
> > You came to the right place. We'll get you going.
> >
> > - -chris
> > -----BEGIN PGP SIGNATURE-----
> > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> > <https://www.enigmail.net/>
> >
> > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4u5JgACgkQHPApP6U8
> > pFjFvw//ReeWQaEbxaGq0Ae8lzedvNHTxwjE17/rD8nCD/Yr71lsUIoJt3Ej8NAz
> > DsA8Idr00XRKFFmO1FkFiZ1Vw5XCxLr6fSSv5I6R66Ttj7asjGDrI6M6hfnzth4g
> > cL1CMk2kL0Hn/fK0N+MrBpoQHDHElDgAbtiJyivzJP9cDkLxp99KDTguBesG887Q
> > hyt8JmMomsXw5OyXe/sxzkyMQToiTwLw7VBRYKtklIpEXOnBo0rDOihWTPc/Ucht
> > tl1QI4pDqwhITOIFUgGTfwrXhxfVXARgFbHc76ZNwDNuqn/OwxKn9mxAUTq1kYaU
> > Ve51835QBoRz1Y3yoJ7C+MPR5FfnWnyqS+6Slx0+zu961nj889V4bali5hx0aABq
> > Df7QOBNPsSA2qhX8y07BAoKLro4nf3oi6a9dSKZ7njw366nntvRBYXN8fUjioJ9i
> > W5kWALj3wBM2gFHFQnw+srU31WiKRjezSWPKc8c51VHVTFLe2W/EHTE+XAO2179Z
> > mo4SIa0dPVNoV7Yvxq03YAP+WvdjcFRErB4nSYm2HRLQv5t15MEmDW0fFQaCnQL/
> > uww5ENscU6RKXGtGrzooN6u9CfFt3x1SrqL+oGfVEj7plKTZKwNY+4BU4+u3XqSO
> > oWRtTgPJUHvx0CZXJREQAJukDQLXvbQ16WfpUa2vIwZYt7blkNA=
> > =EBS2
> > -----END PGP SIGNATURE-----
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > <mailto:users-unsubscr...@tomcat.apache.org>
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> > <mailto:users-h...@tomcat.apache.org>
>
>
