Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

Hi James, > Am 10.08.2017 um 20:51 schrieb James H. H. Lampert : > > On 8/9/17, 11:46 PM, André Warnier (tomcat) wrote: > >> Note: for "telnet", you will need a telnet client installed; this is not >> necessarily standard on non-Windows workstations. >> And the reason

AW: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

Todd >> Peter Kreuser wrote >>> >>> Can you provide a clean configuration that exhibits this behavior? >>> >>> What are you using to test the effective configuration? >> >> Another question: are you sure that you hit the Connector that you >> configure? Tomcat should be reasonably configured

Re: JVM Crash in tcnative due to concurrency/timing in HTTP/2

Mark, > > Am 23.06.2017 um 15:17 schrieb Mark Thomas : > > On 13/06/17 11:57, Mark Thomas wrote: >> On 13/06/17 10:13, Kreuser, Peter wrote: >>> Mark, >>> On 09/06/17 16:02, Kreuser, Peter wrote: > Hi all, > > Sorry for the long text. I hope somebody can help

Re: JVM Crash in tcnative due to concurrency/timing in HTTP/2

Mark, > Am 23.06.2017 um 17:32 schrieb Mark Thomas : > > On 23/06/17 16:02, l...@kreuser.name wrote: >> Mark, >>> >>> Am 23.06.2017 um 15:17 schrieb Mark Thomas : >>> >>> On 13/06/17 11:57, Mark Thomas wrote: On 13/06/17 10:13, Kreuser, Peter wrote:

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

Todd, > Am 23.06.2017 um 18:53 schrieb Todd >: > > I'm experiencing the exact same issue with 8.5.14 - cipher list seems to be > ignored, regardless of what I put in SSLAbs and validating via browser on my > website a set of ciphers is used that I

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

James, > On 10/6/17, 6:58 AM, Mark Thomas (Tomcat List) wrote: > >> It might help to think of it like this: >> >> There are the ciphers that a JVM supports. >> The JVM only enables sub-set of the supported ciphers are enabled by >> default. >> Tomcat with a default configuration only uses a

Re: tomcat ssl setup

John, > Am 26.09.2017 um 21:26 schrieb John Ellis : > > Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is > what Jira and/or Confluence would use so I did that and it worked fine on > http port of 8080. I then edited the server.xml file

Re: tomcat ssl setup

G, I hate formatting in Mails... Beware of “ when copying source code! > Am 26.09.2017 um 22:25 schrieb l...@kreuser.name: > > John, > > > >> Am 26.09.2017 um 21:26 schrieb John Ellis : >> >> Yesterday my boss suggested setting up Tomcat vers. 8 as he

Re: Apache Tomcat 8.5.24 SSL Configuration

Hi Thomas, > Am 21.12.2017 um 00:56 schrieb Thomas Delaney : > > Greetings, > > I am having trouble regarding google chrome's behavior to Apache Tomcat's > SSL setup. I have been successful getting an ssl website to work with > Apache HTTP web server, but not Apache

Re: Updating a working installation

Hi, Am 11.05.2018 15:47, schrieb Mark H. Wood: "Is there an easy way?" Depends on what you find easy. :-/ I usually just load old and new server.xml into a maximized Emacs with two windows, and thoughtfully copy stuff over, after reading the release notes to learn of stuff to look out for.

Re: configuring ciphers for SSL Labs server test

Hi Baron, Am 12.05.2018 05:36, schrieb Baron Fujimoto: Hmm, I'm now getting an A grade using: If I'm sufficiently motivated next week, I'll see if I can sort out exactly what the deal was. But for now, it's Friday and pau hana time... (yes, tomcat 8.5.x and Java 1.8_x) On Fri, May

Re: problems with tomcat 8.5.5

Lou, Am 2018-02-23 09:25, schrieb Lou DeGenaro: I've replaced tomcat 8.5.5 with 8.5.28. Now I see these exceptions in catalina.out: 22-Feb-2018 21:45:42.988 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows

[OT] Re: Tomcat Valve

Nice one Christopher. Didn't know that yet. Will bookmark. Am 28.08.2018 05:13, schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Lance, On 8/27/18 19:21, Christopher Schultz wrote: Lance, On 8/24/18 11:52, Campbell, Lance wrote: Tomcat 9 Use Case 1: I want to

Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

Mark, Am 05.07.2018 10:31, schrieb André Warnier: Hi. I have not looked through all of your configuration lines, but I believe that the problem is first of all this line : On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote: DocumentRoot "C:\Program Files (x86)\apache-tomcat-9.0.6\webapps"

RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

Mark, Am 05.07.2018 12:35, schrieb Sandels Mark (RTH) OUH: Hi Peter I would use tomcat to provide https if it could be configured to do this - is this fairly easy to do? The IT Department have given me a Certificate and private key for the server (OXNETMDMS04) but do I need to use "keytool"

RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

Mark, Am 06.07.2018 11:27, schrieb Sandels Mark (RTH) OUH: Hi Tomcat users I have now configured the tomcat configuration file (server.xml) to use TLS (see relevant sections of server.xml). I created a keystore (using the jdk keystore command) for my existing certificate. I am getting "This

Re: Connection closed error and certificateVerification="required"

Mark, > Am 19.04.2018 um 20:58 schrieb Mark Thomas : > > On 19/04/18 16:50, Peter@Kreuser-Online wrote: > > > >> Do you mind to share more about the root cause? I’ve followed this mail >> communication from the start and am curious. > > Sure. > > Tomcat was configured

Re: No reliable way to know if the request emerged from localhost

Hi Vasanth, Am 27.02.2018 09:29, schrieb Vasantharaju Trichy: Tomcat version 7.0.82 | Windows We have a requirement such that admins(tomcat users) need to login remotely to the machine where Tomcat is hosted and access tomcat webapp to perform certain action or see certain pages . These

Re: Number of Web Applications in one Tomcat

Tarek, Am 30.10.2018 14:39, schrieb Ahmed, Tarek: Am 30.10.18 um 13:13 schrieb logo: Mark, DEV (one webapp per tomcat) - Start-up time of "fat tomcats" multiplies, which leads to worsened availablity (e.g., our fattest tomcat contains 32 web services. It takes 4 minutes to st

Re: Number of Web Applications in one Tomcat

Mark, DEV (one webapp per tomcat) - Start-up time of "fat tomcats" multiplies, which leads to worsened availablity (e.g., our fattest tomcat contains 32 web services. It takes 4 minutes to start) You can configure Tomcat to load applications in parallel to reduce this impact. do

Re: Setting headers in tomcat 9

Hi Olayemi, Am 26.03.2019 09:36, schrieb Olayemi Olatunji: Hello, I'm deploying an application on Tomcat 9 which a client has requested we conduct vulnerability test on. The test came back with missing headers for the following: Content-Security-Policy, X-Frame-Options, X-XSS-Protection,

Re: Http insecure headers

set in the app, then possibly nothing in tomcat will be able to remove it from the response (maybe a reverse proxy like apache or nginx). Hope this helps. Peter > On Wed, Feb 27, 2019 at 2:54 PM logo wrote: > >> Hi Nitin, >> >> Am 27.02.2019 10:11, schrieb Nitin Kadam:

Re: Http insecure headers

this is an extra entry. I don't know if you should really put this in the global web.xml or rather in your applications web.xml. Maybe Mark can let us know more about possible consequences? Add the ... AND the !!! Peter On Wed, Feb 27, 2019 at 1:59 PM logo wrote: Hello Nitin, Am 27.02.2019 08

Re: Http insecure headers

Hello Nitin, Am 27.02.2019 08:52, schrieb Nitin Kadam: Hello, How can i change “Cache Control -private: to “Cache-Control: nostore” i searched and found that need to add express filters in web config but not sure on where to add in filters. can you please guide me on same? as far as I

Re: Tomcat 9_Setting property 'digest' to 'SHA-256'

Hi, Am 15.02.2019 10:08, schrieb dheeraj joshi: Hi Team, I am getting warning “Setting property 'digest' to 'SHA-256' did not find a matching property” in tomcat9-stderr.log when I use attribute "digest" in realms. Snip from server.xml that i am using when i get error -

OCSP Stapling with Tomcat 8.5

Hi all, I’m wondering why I get OCSP Must StapleSupported, OCSP response not stapled Revocation information OCSP OCSP: http://ocsp.int-x3.letsencrypt.org with the SSLlabs check on both the JSSE and the APR connector. The same cert is working on Apache or Nginx. My version info is:

Re: OCSP with openSSL

Hi Mark, having been in contact with Усманов, I can confirm your summary. May I add my question from February with additional info to this thread: https://markmail.org/message/zvziqrhm32bctm7e Thanks. Peter Am 2019-06-17 15:44, schrieb Mark Thomas: Coming back to this as it has been on my

Re: OCSP with openSSL

Mark, Am 2019-06-17 16:29, schrieb Mark Thomas: On 17/06/2019 15:15, logo wrote: Hi Mark, having been in contact with Усманов, I can confirm your summary. May I add my question from February with additional info to this thread: https://markmail.org/message/zvziqrhm32bctm7e Thanks

Re: OCSP with openSSL

Mark, > Am 17.06.2019 um 18:00 schrieb Mark Thomas : > > On 17/06/2019 15:51, logo wrote: >> Mark, >> >> >> Am 2019-06-17 16:29, schrieb Mark Thomas: >>> On 17/06/2019 15:15, logo wrote: >>>> Hi Mark, >>>> >>>> hav

Re: OCSP with openSSL

Mark, Still no luck with 8.5.42/JDK11/JSSE. > Am 17.06.2019 um 22:11 schrieb logo : > > Mark, > > >> Am 17.06.2019 um 18:00 schrieb Mark Thomas > <mailto:ma...@apache.org>>: >> >> On 17/06/2019 15:51, logo wrote: >>> Mark, >>> &

Re: Component working in Console not as Service

All, sorry for top posting. Nothing down there to relate to. Could it be that it is something similar like headless on linux? I remember something similar when using pdflib back in the days. As a service there may be something missing (login shell, DISPLAY, Terminal)? "Word to PDF" could be

Re: Tomcat manager keystore reload

Hi Chris, I am also trying to figure this out and get to the same error. > Am 25.07.2019 um 17:53 schrieb Joseph Dornisch : > > Hello, > > I have a CRL configured in my tomcat server configuration. If I update it > and want to have Tomcat refresh it, I can login into >

Re: Tomcat manager keystore reload

Chris, Now this is taking a weird direction… > Am 30.07.2019 um 16:57 schrieb Christopher Schultz > mailto:ch...@christopherschultz.net>>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > > On 7/30/19 05:19, logo wrote: >> Hi C

Re: Support Request for problem with problem running SSL certificate on tomcat 8

Munzer, Am 2019-08-07 09:19, schrieb Peter Kreuser: Hi Munzer, I guess we‘re going a slightly awkward way here, but to fix your problem with the new cert in the first place, you could use this: If your keystore is the old proprietary format, convert it to PKCS12: keytool -importkeystore

Re: Problem with OpenSSL cipher suites -what's wrong with this configuration?

Mark, Am 08.08.2019 11:45, schrieb Mark Thomas: On 08/08/2019 10:15, Alten, Jessica-Aileen wrote: Therefore, I guess Tomcat cannot interpret these cipher suites for TLS 1.3. So is this possibly a bug in Tomcat with openSSL 1.1.1c and JDK 8 (again: I am not talking about JSSE here, it can only

Re: HTTP to HTTPS redirect not happening

Richard, > Am 20.07.2019 um 04:19 schrieb Richard Huntrods : > > I tried implementing automatic redirection from HTTP to HTTPS on my > tomcat today, but it's not working. > > First, my system: > OS: Ubuntu 18.04.2 LTS (server) > Tomcat: 9.0.22 (installed from tomcat distribution, not via apt

Re: HTTP to HTTPS redirect not happening

Richard, > Am 20.07.2019 um 16:47 schrieb Richard Huntrods : > > OK. That was really weird. > > As I said in my message, following the directions on the web did NOT > work. It didn't force redirection from http to https. > > What it DID end up doing was to kill the tomcat servlet

Re: OCSP with openSSL

: now waiting for the openssl fix for tc native ;-) Am 28.06.2019 um 14:14 schrieb logo mailto:l...@kreuser.name>>: > Mark, > > Still no luck with 8.5.42/JDK11/JSSE. > >> Am 17.06.2019 um 22:11 schrieb logo > <mailto:l...@kreuser.name>>: >> >>

Re: Global Error Handling

Sumit, Am 2019-12-03 13:11, schrieb Sumit Bhardwaj: Hi Experts, We have a requirement from a customer, where in case of 404, where someone is putting an invalid url, instead of showing the default error, we should be showing a custom message. Is this possible? I have searched and found

UPDATED: JMX reloadSslHostConfigs fails with javax.management.RuntimeOperationsException

fault certificate is loaded and SSLUtilBase.java:301 fails as there is no certificate file in the Keystore. Mark can you confirm that this is a bug? Thanks and have a nice Sunday Peter > Am 14.12.2019 um 18:29 schrieb logo : > > Hi all, > > I have a problem with the reloading of my s

Re: remote jmx monitoring through ssh tunnel

Chris > Am 11.12.2019 um 21:46 schrieb Chris Cheshire >: > > Peter, > > On Wed, Dec 11, 2019 at 2:38 AM Peter Kreuser > wrote: >> >> Chris‘, >> >>> Am 10.12.2019 um 18:59 schrieb Chris Cheshire >> >: >>>

JMX reloadSslHostConfigs fails with javax.management.RuntimeOperationsException

Hi all, I have a problem with the reloading of my ssl configs after an update of certs from LetsEncrypt or my internal CA. Tomcat is 8.5.50, JDK is 11.0.5+10-post-Debian-2 I have used basically Christopher Schultz’s tool from

Re: Security issue involving HTTP response headers

Hi James, see below: Am 2019-10-21 23:34, schrieb James H. H. Lampert: httpHeaderSecurity org.apache.catalina.filters.HttpHeaderSecurityFilter antiClickJackingOption SAMEORIGIN Mark mentioned it before, that can also go into your apps web.xml and

Re: postgresql jndi datasource with certificate authentication?

Arpad, have you tried sth like this: StringBuffer sb = new StringBuffer("jdbc:postgresql://infra.kodekonveyor.com:5432/users?useSSL=true=true=UTF-8&"); sb.append("user=market=&");

Re: postgresql jndi datasource with certificate authentication?

connection URL and the format of your keystore. +1 PKCS#8 is not a recognized format for Java keystores; you'll need to use JKS or PKCS#12 (recommended, as JKS is being deprecated). I was looking for the right type name. Thanks Chris. Peter -chris On 10/22/19 2:27 PM, logo wrote: Arpad

Re: [ANN] Apache Tomcat 9.0.31 available

Am 2020-02-13 10:57, schrieb Olivier Jaquemet: On 13/02/2020 10:32, Rémy Maucherat wrote: On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote: On 13/02/2020 01:02, Stefan Mayr wrote: - AJP defaults changed to listen the loopback address, require a secret and to be disabled in the

Re: Install Comodo SSL in Tomcat

Ok, I’m at loss here. Maybe your web app did not get that far to load before you changed the port??? Could you please put the (redacted) content here? Peter > Thank for helping me ! > > Provenance : Courrier <https://go.microsoft.com/fwlink/?LinkId=550986> p

Re: Install Comodo SSL in Tomcat

disableUploadTimeout="true" acceptCount="100" scheme="https" > secure="true" SSLEnabled="true" clientAuth="false" > sslProtocol="all" > keystoreFile="/opt/tomcat/certs/my.jks" SSLP

Fwd: Install Comodo SSL in Tomcat

Fwd to the list > Anfang der weitergeleiteten Nachricht: > > Von: Léonard WAMBERGUE > Betreff: RE : Re: Install Comodo SSL in Tomcat > Datum: 27. Januar 2020 um 21:40:58 MEZ > An: logo > > Peter, > > Thank for your help, since my email i was able to find a

Re: [OT] Install Comodo SSL in Tomcat

Chris, > Am 29.01.2020 um 16:59 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > > On 1/28/20 6:02 PM, logo wrote: >>> >> protocols="TLSv1.2+TLSv1.3" >>> ciphers="HIGH:ECDHE-

Re: [OT] Install Comodo SSL in Tomcat

Chris, > Am 28.01.2020 um 19:35 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > > On 1/28/20 12:24 PM, Peter Kreuser wrote: >>> Am 28.01.2020 um 18:02 schrieb Christopher Schultz >>> : >>> >>> You have to say

Re: RE : Install Comodo SSL in Tomcat

Leonard, Am 2020-01-27 16:53, schrieb Léonard WAMBERGUE: Ok so i have find this error (severe) in my Catalina.out about connector : 27-Jan-2020 10:52:23.625 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-194.5.159.189-8080"] 27-Jan-2020

Re: ECDSA Private Keys

Chris and Mark, > Am 09.01.2020 um 21:49 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > All, > > On 1/9/20 3:45 PM, Christopher Schultz wrote: >> Mark and Peter, >> >> On 1/9/20 3:36 PM, Mark Thom

Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?

James, Am 2020-01-09 00:58, schrieb James H. H. Lampert: I wrote: Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" and ".key" files directly, instead of the Java Keystore file? On 12/30/19 1:41 PM, Peter Kreuser wrote: Correct! I tried an experiment this afternoon: I

Re: Tomcat app within docker container

Hi Alex, > Am 09.01.2020 um 17:51 schrieb Alex K : > > Hi all, > > I have two .war files that when deployed at a plain Debian 9 VM are working > fine. > I have prepared a docker file so as to deploy the same apps within a docker > container and for some reason one of the apps is not loading

Re: ECDSA Private Keys

Mark, > Am 09.01.2020 um 20:36 schrieb Mark Thomas : > > On 02/01/2020 09:24, logo wrote: > > > >> The connector comes up correctly, is accessible through the browser but if I >> test the ssl setup, I get an error message that the key/cert may not be used >

Re: [OT] Tomcat app within docker container

init actions within Dockerfile and/or entrypoint. Mount > the rest from host as volumes, under Tomcat's webapps/ROOT (assuming > you're Dockerizing one webapp). > > Martynas > atomgraph.com > > On Thu, Jan 9, 2020 at 8:32 PM Christopher Schultz > wrote: >> >> --

Re: Tomcat app within docker container

Alex, Am 2020-01-10 12:47, schrieb Alex K: Just to follow-up on this in case it will be useful to anyone, I managed to use also the official tomcat image. I had to amend my .war files and use the openjdk:8-jdk version instead of openjdk:11-jdk. I have used the following Docker files to

Re: ECDSA Private Keys

Hi Mark, > Am 08.01.2020 um 19:04 schrieb Mark Thomas : > > On 26/12/2019 23:55, logo wrote: > > > >> as an EC certificate will start with EC PRIVATE KEY. >> >> Is this something that is expected? ECDSA unsupported? Or just an incomplete >> i

Re: ECDSA Private Keys

> Am 02.01.2020 um 17:13 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > > On 1/2/20 04:24, logo wrote: > >> There may be an issue with the provided/available ciphers! >> >> The con

Re: ECDSA Private Keys

Felix, > Am 01.01.2020 um 11:49 schrieb Felix Schumacher > : > > > Am 27.12.19 um 17:36 schrieb logo: >> Chris >> >> Am 2019-12-27 16:33, schrieb Christopher Schultz: >> Peter, >> >> On 12/26/19 18:55, logo wrote

Re: ECDSA Private Keys

Felix, > Am 01.01.2020 um 20:27 schrieb Felix Schumacher > : > >  >> Am 01.01.20 um 18:19 schrieb logo: >> Felix, >> >>>> Am 01.01.2020 um 11:49 schrieb Felix Schumacher >>>> : >>> >>> >>> Am 27.12.19 um 1

ECDSA Private Keys

Hi Mark, I just recently tested Step CA (smallstep.com) as an internal CA that provides an internal ACME service. After I deployed the created cert to my Tomcat (8.5.50 with adoptopenjdk 11) I noticed that while the openssl connector immediately started, the JSSE connector with the same cert

Re: Let's Encrypt with Tomcat?

Chris, Am 2019-12-27 16:40, schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 12/27/19 07:24, logo wrote: Hi James, Am 2019-12-27 05:31, schrieb Igal Sapir: James, On Thu, Dec 26, 2019 at 4:49 PM James H. H. Lampert < jam...@touchtonecorp.com>

Re: ECDSA Private Keys

Chris Am 2019-12-27 16:33, schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 12/26/19 18:55, logo wrote: Hi Mark, I hope it's okay if I reply. :) :-) I just recently tested Step CA (smallstep.com) as an internal CA that provides an internal ACME

Re: Tomcat 9 does not allow to read file in /tmp folder with 777 permission?

Well - why do you think someone is calling you names? Mark did not, right? > Am 06.01.2020 um 22:11 schrieb Zahid Rahman : > > Are you calling me names ? > > On Mon, 6 Jan 2020, 20:35 Mark Thomas, wrote: > >> On 06/01/2020 16:29, Christopher Schultz wrote: >>> You have a right to a view, and

Re: Ignore duplicate HTTP headers in Tomcat 8.5.50-0+deb9u1

Dennis, Am 07.01.2020 um 08:10 schrieb Dennis Rech : Hi Christopher, Am 06.01.20 um 17:39 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dennia, On 1/6/20 07:09, Dennis Rech wrote: we have an application where HTTP clients have a kind of unclean way of

Re: Let's Encrypt with Tomcat?

Hi James, Am 2019-12-27 05:31, schrieb Igal Sapir: James, On Thu, Dec 26, 2019 at 4:49 PM James H. H. Lampert < jam...@touchtonecorp.com> wrote: We have a Tomcat (8.5.40) server running on an Amazon EC2 instance, currently using a Java Keystore for the SSL support. We would like to be able

Re: JNDI match of LDAP hashed passwords fail against cleartext

Brian, see down below Am 2020-04-14 08:34, schrieb Brian Burch: I thought it would be helpful to start this issue on the users list because it will contain a lot of helpful search terms. I am upgrading a stable production tomcat 7.0.52 system to tomcat 8.5.54. Both were built from source

Re: Losing session between calls from mobile phone

AJ > Am 30.04.2020 um 22:22 schrieb AJ Chen : > > The session problem happens when testing without SSL. > Just a thought: If the session cookie has the secure flag it will not be sent on http requests. (That would fail your test above in any case!) Now if that happens during regular https

[OT] Re: CentOS Tomcat install seems to ignore setenv.sh

Hi calder, > Am 13.05.2020 um 04:59 schrieb calder : > > On Tue, May 12, 2020, 21:48 kohmoto wrote: > >> Hi, Calder, >> >> Thank you for your prompt reply. >> I think Tomcat binary files all have root priviledges. >> Should these priviledges should be changed to user priviledges? >> > > >

Re: [OT] Re: CentOS Tomcat install seems to ignore setenv.sh

Chris, > Am 13.05.2020 um 16:42 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > > On 5/13/20 02:48, logo wrote: >> Hi calder, >> >> >>> Am 13.05.2020 um 04:59 schrieb calder : &

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

Pratik, > Am 26.08.2020 um 06:52 schrieb Pratik Shrestha : > > Thanks for reply, > > Hi Peter - it complains on port 8443 which belongs to Tomcat. > > Hi Mark - Yes. making HTTP request on HTTPS is wrong. But this security > vulnerability is given to us by Qualys scan. It tries to post plain

Re: Something I still don't quite understand, Re: Let's Encrypt with Tomcat behind httpd

Chris > Am 21.08.2020 um 18:30 schrieb Christopher Schultz > : > > Signierter PGP-Teil > James, > > On 8/18/20 19:47, James H. H. Lampert wrote: > > Something just worked, that I wasn't expecting to work. Or rather, > > I was expecting it to work, but kill cert renewal. > > > > The port 80

Re: tomcat 9.0 doesn't load the ECDSA keystore. (ver # 9.0.24)

Madhan, > Am 04.06.2020 um 18:41 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Madhan, > > On 6/3/20 21:08, Madhan Raj wrote: >> OS - CentOS 7.6.1810( Core) >> >> Below connector doesn't load my EC keystore whereas it works with >> RSA . Any

Re: Let's encrypt SSL config

Hi Ivan, > Am 07.01.2021 um 20:42 schrieb i...@wordme.app: > > Hi, > > It drives me nuts now. > > I have created sym links to the PEM files. I made the PEM files readable for > the tomcat user. I set the server.xml to use SSL. And the connector fails to > start. > > >

Re: Recognizing Certificate Updates

Jerry, Try this after regenerating the LE certs curl -u "https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443=reloadSslHostConfigs“ for all domains or curl -u

Re: Recognizing Certificate Updates

Jerry, the quotes were messed up. See the correct command below inline. > Am 28.12.2020 um 11:10 schrieb logo : > > Jerry, > > Try this after regenerating the LE certs > > curl -u > "https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,p

Re: How to completely deactivate JSESSIONID cookie entry (in Chrome's Cookie list)

Hi Tillmann, Am 2021-01-29 11:00, schrieb Tillmann Schulz: Hi there, I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie. It should be possible to completly deactivate the jsessionid cookie with the following code: <%@ page session="false" %> If you do that and call the JSP,

Re: Trouble with HTTP/2 during concurrent bulk data transfer (server -> client)

Magic Mark, > Am 17.06.2021 um 23:20 schrieb Mark Thomas : > > On 17/06/2021 09:26, Mark Thomas wrote: > >> I think I might have found one contributing factor to this bug. I need to >> run a series of tests to determine whether I am seeing random variation in >> test results or a genuine

Re: [OT] programming style or mental process ?

Guten Morgen Carsten and All > Am 08.04.2021 um 07:20 schrieb Carsten Klein : > > >> (And dutch people. Where are they in this discussion by the way ? (but they >> have only one type of coffee I think)). > > Dutch people may only have one type of coffee (actually I don't know). But >

Re: Connector Port Issue

Chris, > Am 11.08.2021 um 16:40 schrieb Chris Strickland > : > >  > Anyone happen to know where in the server.xml file the attributes go for > clientAuth and sslEnabledProtocols? They goes in "protocols" and "certificateVerification" attributes of SSLHostConfig. Like this:

Re: Issue running Tomcat-8.5.72 with JDK15 under windows as a service

Hi Jean Pierre, Am 2021-10-19 14:57, schrieb Jean-Pierre Urkens: I am verifying a migration from JDK8 to JDK15 and wanted to setup a Tomcat 8.5 server environment for this test (similar to the Tomcat8.5 with JDK8 we have running for the moment). certainly not related to your problem, but

Re: handling invalid URL

Joe, > Am 02.04.2022 um 00:53 schrieb Joseph Michaud : > > As I understand it, an ErrorReportValve is an application-level filter. An > HTTP request error (like an unknown URL) that reaches it will be processed. > With the ErrorReportValve I can modify the information presented in the >

Re: handling invalid URL

> Am 02.04.2022 um 10:04 schrieb l...@kreuser.name: > > Joe, > >> Am 02.04.2022 um 00:53 schrieb Joseph Michaud : >> >> As I understand it, an ErrorReportValve is an application-level filter. An >> HTTP request error (like an unknown URL) that reaches it will be processed. >> With the

Re: HSTS on 401 / error pages

Chris, this is what's happening with the globally configured HttpHeaderSecurityFilter: curl -ik "https://localhost:8443/manager/; HTTP/2 302 x-frame-options: DENY x-content-type-options: nosniff strict-transport-security: max-age=31536000 x-xss-protection: 1; mode=block location: /manager/html

Re: Sharing catalina home among tomcat machines in a load balanced environment gives problems with log files

Guiseppe, did you consider the separation of CATALINA_HOME and CATALINA_BASE. Look at the RUNNING.txt file that describes the purpose... Plus some symbolic links that have the really common files linked to the BASE directory? HTH Peter Am 10.10.2023 um 09:53 schrieb Giuseppe Sacco :

Re: Enable two way SSL in Apache Tomcat 10 Version 10.0.27

Kaushal, please check the new configuration method with SSLHostConfig - your's is probably from an older version, right? In the working version you already use it. see my (redacted) config: truststoreFile="${catalina.base}/conf/ssl/cacerts.jks"

Re: enabling ssl debug on tomcat

Shawn, > Am 06.06.2022 um 22:49 schrieb Beard, Shawn : > > Im adding this -Djavax.net.debug=ssl:handshake:verbose > SSLSocketClientWithClientAuth > I assume that you copied this from the SSL-Samples App (where the class file is SSLSocketClientWithClientAuth). You have to add only

Re: Need remedy for the Vulnabilities

Koustav, Am 2022-07-19 11:49, schrieb Naha, Koustav: Hi, We have the below vulnerability in recent scan, mentioned below. Environment details: Apache - 2.4.25 version Tomcat - 8.5.5 version given the age of the versions I guess you only have the option to update to the latest

Re: Catalina.policy for SAP BO

Oscar, > Am 11.05.2022 um 10:14 schrieb Chavez Ortiz, Oscar (Externo) > : > > Hello group. > > Our system is a SAP Business Object 4.2 server wich uses Tomcat 9.0.58 as web > container. > > We’re implementing Security Hardening for Tomcat in our BO Server server, > thus, i’ve configured

Re: certificate re-loading for apache tomcat without the apache restart

Raghavendran, > Am 26.09.2022 um 08:54 schrieb Ragavendhiran Bhiman (rabhiman) > : > > Hi All, > > I have a scenario where I need to reload the certificates which are newly > updated in the NSS DB without restarting the apache – tomcat. > Is there any way to do it? > > Kindly share some

Re: AW: SSLLabs scan shows TLSv1.0 and TLSv1.1 even though I have sslProtocol="TLSv1.2"

Thomas, Am 2022-08-10 08:59, schrieb Thomas Hoffmann (Speed4Trade GmbH): Hello, -Ursprüngliche Nachricht- Von: Peter Kreuser Gesendet: Mittwoch, 10. August 2022 08:44 An: Tomcat Users List Betreff: Re: SSLLabs scan shows TLSv1.0 and TLSv1.1 even though I have sslProtocol="TLSv1.2"

Re: Simple SSL question

Jon, I extracted a part of my test-server.xml. This for the JSSE Implementation. If you have separate crt and key files in pem-format the Certificate-section looks like this: We could start from there - I have no "old style" config to match

Re: Prometheus on Apache Tomcat multiple tomcat Instances

Melvin, > Am 16.01.2023 um 14:52 schrieb Melvin Oosterveen > : > > > Hi all, > > I'm currently working on Apache Tomcat stacks within my company and I would > like to integrate Prometheus into our deployments. We have decided to go for > the Advanced Configuration - Multiple Tomcat

Re: [EXTERNAL EMAIL] Please help me install Tomcat

Amn, Am 2023-01-20 02:45, schrieb Niranjan Rao: Do you absolutely need to have it as a service? If not, just expand the tarball and run catalina.sh start from bin directory. Works perfectly Any information in catalina.out? We need to figure out at what point it's failing and that will send

Re: sslHostConfig and ciphers

Beware Jon, > Am 08.03.2023 um 07:56 schrieb jonmcalexan...@wellsfargo.com.invalid > : > > Fwiw, this is happening in an outbound connection originated by a springboot > app hosted in Tomcat. Any known issues with this and handshake issues? > Then the tomcat sslHostConfig does not matter at

Re: OT: hsts in Tomcat 9.0.73

Jon, again, the Qualys Scanner usually does not know any other webcontexts than root, manager and examples. So if you don't have a root context, it may well end up in the woods and the result will not have a HSTS-Header. Can you verify the requested resource? Best regards Peter > Am

Re: OT: hsts in Tomcat 9.0.73

Jon, Oh, I see there is a redirect. I do see a similar behavior on redirects (302) or auth (401 eg. on the manager app). But HSTS on 200, 404 or 403. What happens if you call "/c/portal/license" ? Peter > Am 21.04.2023 um 23:05 schrieb jonmcalexan...@wellsfargo.com.invalid > : > > Here is

Re: Java Agent and Tomcat shutdown

Hi Thomas > Am 11.05.2023 um 16:05 schrieb Thomas Hoffmann (Speed4Trade GmbH) > : > > Hello, > > we are using a java agent to start a listening process (JMX proxy). > > The systemd file for tomcat looks like (snippet): > JAVA_OPTS=... -javaagent:/opt/runtime/jmxagent/jmxagent.jar >

  1   2   >