Re: May I transfer to tomcat5.0 ???
Not sure, if you are referring to a post from me, when I said that migration is difficult, but if so: It *is* difficult (more or less, depending on your configuration), because config files (server.xml) change with every version, it seems, and the setup has to be done all new with every new version by hand. So it may take a lot of time, but it can be done in most cases. Good luck! Alex javen fang schrieb: Hi all: On this list, I have seen somebody said that we cannot transfer to tomcat 5.0. I have a win2000 server served by tomcat 4.1. I want to configure iis + tomcat by jk2, can give me any suggestion ? thanks!!! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TC5 + SSL: Keystore password bound to default changeit?
Am Mittwoch, 10. Dezember 2003 06:59 schrieb Bill Barker: Ankur Shah [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Remy Maucherat wrote: Baer Peter Christoph Alexander wrote: Hi! I have a question about something, I observe, but don't want to believe... ;-) Tomcat 5 can use my keystore, but only if the password is changeit, the default password. Now, the docs say, one should use this, but with TC 4.0.6 it was possible to change it. Is the password hard coded in TC 5? I didn't test that particular feature myself, but I believe this works ok. The way connectors parameters (and in particular SSL parameters) are defined changed in TC 5.0.x. Look there: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/coyote.html There's the SSL howto also. Also, you might want to make sure that the password of your *target key* matches your keystore password. I'm not sure how that plays out in tomcat world, but I can see that to be a problem if the server assumes the key's password to be the same as that of the keystore. This is a true fact :(. At the moment, the keystore password must match the password for the target-key. It would be nice to be able to specify different passwords, and someday it may even happen :). If this feature is important to you, patches are always welcome (since this is the only way that it will move up in my development queue). Hi, thanks again for your valuable assistance. (1) Thanks, Remy, for the hint with the changed SSL attributes. I already had removed a FACTORY tag for the SSL factory class, but I had overlooked that an attribute name was changed from Protocol to sslProtocol. That was it! (2) I agree with you, Ankur. I also think that the key should be allowed to have another password than the keystore. This would be a prerequisite to store more than one key in a keystore. It's not a big problem, though... Best wishes, Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TC5 + SSL: Keystore password bound to default changeit?
Am Dienstag, 9. Dezember 2003 20:54 schrieb Ankur Shah: Remy Maucherat wrote: Baer Peter Christoph Alexander wrote: Hi! I have a question about something, I observe, but don't want to believe... ;-) Tomcat 5 can use my keystore, but only if the password is changeit, the default password. Now, the docs say, one should use this, but with TC 4.0.6 it was possible to change it. Is the password hard coded in TC 5? I didn't test that particular feature myself, but I believe this works ok. The way connectors parameters (and in particular SSL parameters) are defined changed in TC 5.0.x. Look there: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/coyote.html There's the SSL howto also. Also, you might want to make sure that the password of your *target key* matches your keystore password. I'm not sure how that plays out in tomcat world, but I can see that to be a problem if the server assumes the key's password to be the same as that of the keystore. Thoughts Just an idea server.xml is an XML file. It used to be XML in TC4, and it ist still XML in TC5. Shouldn't it be possible, then, to write an XSL-T stylesheet converting old config files into newer formats? That would considerably ease migration/upgrade pains... /Just an idea Just an idea If we had an XML schema definition (be it W3C XML schema, Relax NG or whatever), an XML editor like Pollo or XML Spy could validate the config file. This would help to avoid and reveal mistakes and thus speed up Tomcat configuration... /Just an idea /Thoughts Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
XSL-T migration stylesheet [was: RE: TC5 + SSL: Keystore password bound to default changeit?]
Hi Jeanfrancois, not that I want to deny my responsibility. If I felt being able to do one of the patches, I would not hesitate. I wouldn't post my thoughts here, but the ready-made patches instead, of course. ;-) But: I think the only persons who really have the knowledge required to create a migration stylesheet are the Tomcat developers, as they are the only persons knowing what tags there actually are, and how they were changed over the time. People like me could derive this kind of information from a DTD or schema, but there is none... Vicious circle, here! ;-) But I'll think about starting the XSL-T migration thing. Maybe we can persuade the Tomcat developers to add there wisdom. In fact, I think, it would be possible to start very simple. The migration wouldn't be completely done by the stylesheet, but some conversion would already be done automatically, that has not to be done by hand. Like removing Factory tags and changing attribute name Protocol to sslProtocol. What do you think? Do you think it could be done, and lead to a really useful result? I'm optimistic, but I'm only a Tomcat user, not a Tomcat developer, and so I might overlook the big rock right in my way... ;-) Regards Alex -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 3:21 PM To: Tomcat Users List Cc: Ankur Shah Subject: Re: TC5 + SSL: Keystore password bound to default changeit? Baer Peter Christoph Alexander wrote: Am Dienstag, 9. Dezember 2003 20:54 schrieb Ankur Shah: Remy Maucherat wrote: Baer Peter Christoph Alexander wrote: Hi! I have a question about something, I observe, but don't want to believe... ;-) Tomcat 5 can use my keystore, but only if the password is changeit, the default password. Now, the docs say, one should use this, but with TC 4.0.6 it was possible to change it. Is the password hard coded in TC 5? I didn't test that particular feature myself, but I believe this works ok. The way connectors parameters (and in particular SSL parameters) are defined changed in TC 5.0.x. Look there: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/coyote.html There's the SSL howto also. Also, you might want to make sure that the password of your *target key* matches your keystore password. I'm not sure how that plays out in tomcat world, but I can see that to be a problem if the server assumes the key's password to be the same as that of the keystore. Thoughts Just an idea server.xml is an XML file. It used to be XML in TC4, and it ist still XML in TC5. Shouldn't it be possible, then, to write an XSL-T stylesheet converting old config files into newer formats? That would considerably ease migration/upgrade pains... /Just an idea Yes, it could. You're more than Welcome to submit a patch :-) Just an idea If we had an XML schema definition (be it W3C XML schema, Relax NG or whatever), an XML editor like Pollo or XML Spy could validate the config file. This would help to avoid and reveal mistakes and thus speed up Tomcat configuration... /Just an idea Just search that list on the topic ;-) It is not possible at the moment to have a DTD or schema for the server.xml (due to its complexity). If you have time and think you can come with something, a second patch is welcome! -- Jeanfrancois /Thoughts Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with TC 5.0.16
Yes. And, what is more, apparently, Tomcat 5 can use the keystore, now. Maybe a problem with Windows 2000, cured by the reboot (yesterday it didn't work, today it does, computer was switched off overnight...) ;-). However, I've made a few more experiments, and found a snag in TC 5, possibly. Tomcat 5 can use my keystore, but only if the password is changeit, the default password. Now, the docs say, one should use this, but with TC 4.0.6 it was possible to change it. Is the password hard coded in TC 5? Maybe, that's another subject/thread... Thanks! Alex On Mon, 08 Dec 2003 20:42:41 -0500, Ankur Shah [EMAIL PROTECTED] wrote: Are you able to query your keystore (D:\ourwebapp\certificate\keystore) using the specified password from the command-line? For instance, what happens when you do this?: c:\%JAVA_HOME%/bin/keytool -list -keystore D:\ourwebapp\certificate\keystore -storepass yeahsure I just downloaded TC 5.0.16, configured SSL and ran it with no problems, FWIW. Baer Peter Christoph Alexander wrote: Yes, we set keystorePass to what we entered when creating the keystore. Below are the Connectors from our server.xml. Do you see anything wrong, here? Something, that was ok with TC 4.0.6, but is no longer valid for TC 5.0.16? Thanks in advance! Alex snip Connector acceptCount=100 connectionTimeout=3 debug=0 disableUploadTimeout=true enableLookups=true maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8080 redirectPort=8443 scheme=https secure=yes / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector acceptCount=100 debug=0 disableUploadTimeout=true enableLookups=false maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true Factory clientAuth=false keystoreFile=D:\ourwebapp\certificate\keystore keystorePass=yeahsure protocol=TLS / /Connector !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector debug=0 enableLookups=false port=8009 protocol=AJP/1.3 redirectPort=8443 / /snip -Original Message- From: Luc Foisy [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 5:53 PM To: Tomcat Users List Subject: RE: SSL problem with TC 5.0.16 Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2
TC5 + SSL: Keystore password bound to default changeit?
Hi! I have a question about something, I observe, but don't want to believe... ;-) Tomcat 5 can use my keystore, but only if the password is changeit, the default password. Now, the docs say, one should use this, but with TC 4.0.6 it was possible to change it. Is the password hard coded in TC 5? Alex -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL problem with TC 5.0.16
Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL problem with TC 5.0.16
Yes, we set keystorePass to what we entered when creating the keystore. Below are the Connectors from our server.xml. Do you see anything wrong, here? Something, that was ok with TC 4.0.6, but is no longer valid for TC 5.0.16? Thanks in advance! Alex snip Connector acceptCount=100 connectionTimeout=3 debug=0 disableUploadTimeout=true enableLookups=true maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8080 redirectPort=8443 scheme=https secure=yes / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector acceptCount=100 debug=0 disableUploadTimeout=true enableLookups=false maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true Factory clientAuth=false keystoreFile=D:\ourwebapp\certificate\keystore keystorePass=yeahsure protocol=TLS / /Connector !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector debug=0 enableLookups=false port=8009 protocol=AJP/1.3 redirectPort=8443 / /snip -Original Message- From: Luc Foisy [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 5:53 PM To: Tomcat Users List Subject: RE: SSL problem with TC 5.0.16 Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filenames of JSP generated servlets
But it's the same JVM... J2SDK 1.4.2_01 from Sun. It's odd, as you say. BTW, we found another difference between WinXP with MSIE 6 and Win2k with MSIE 5.5. The handle whitespace differently. A wrongly formatted JScript include file with all the code in one line caused the WinXP installation to generate HTML from JSP with most of the code squashed into the first line. No such problem on Win2k. Could these two things, generated servlet filenames and whitespace handling, be connected? We don't have *big* problems with these effects, but the reason, why I am still hoping for a good explanation is: 1. We are unsure, if these phenomena are caused by a *real* malfunction behind the scenes, maybe in JVM or WinXP itself. 2. Searching for files is easier when you know what the file is named like. ;-) Thanks again for any useful thought. Regards Peter -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 6:44 PM To: Tomcat Users List Subject: Re: Filenames of JSP generated servlets Odd. The same version of tomcat shouldn't do that. It could be that $ is not a valid character according to one of the JVMs. (guess) -Tim Baer Peter Christoph Alexander wrote: Hi Tim, you wrote: snip The behavior was changed (in the Jsp compiler) and is not configurable. /snip So it is normal, that when we use *the same* - Tomcat 4.0.6 LE - JSP compiler - J2SDK 1.4.2_01 - everything else, but OS the filenames on WinXP are different than on Win2k? Why? Regards Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Filenames of JSP generated servlets
Hello, forgive me if I ask something obvious, but browsing the Tomcat docs and the mailing list archive I haven't found the relevant piece of information, yet. We have three installations of Tomcat 4.06 LE (yes, it's old, and we are already planning to replace it, once version 5 is mature for production environments). Two of them are on Windows XP, one is Windows 2000. Although we thought the installations were identical we found a difference. The filenames of servlets generated out of JSP pages differ. For example, if the JSP filename is login.jsp, on the *Win2k* system we find the generated servlet as *login$jsp.java*, while the WinXP Tomcats generate something like *_0002fjsp0002flogin_jsp.java*. Is this configurable? What is this difference caused by? Thanks for your kind support in advance, regards Peter Bär - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filenames of JSP generated servlets
Hi Tim, you wrote: snip The behavior was changed (in the Jsp compiler) and is not configurable. /snip So it is normal, that when we use *the same* - Tomcat 4.0.6 LE - JSP compiler - J2SDK 1.4.2_01 - everything else, but OS the filenames on WinXP are different than on Win2k? Why? Regards Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filenames of JSP generated servlets
Hi, Christopher, you wrote: snip Are you sure you have the same version of the JDK and Tomcat on both machines? /snip Yes, I'm sure. All installations of Tomcat and the JDK were freshly done a second time, before I posted the phenomenon on this list. Your explanation, why the filenames *can* be different, sounds logical, yet I am not sure if this is really it... Thanks and regards, Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JSP generated HTML code squashed in one line
Hi, we have a problem here that looks pretty strange to us. We have extensively searched the mail archive and we googled a lot, but found no suitable information. Should we nevertheless ask something obvious, please forgive us. Here is the problem: Tomcat 4.0.6 LE generates HTML pages with a lot of the code compressed into a single line, when running on *some* machines under Windows XP. That is, the first line of the generated HTML is very long. This appears to confuse MSIE: We see lots of runtime exceptions regarding missing closing braces (}). On another machine, running Windows 2000, an apparently identical installation works just fine. No such runtime errors. We found another difference in the work directory tree. The filenames of the servlets on the Win XP machines start with _0002 and contain this string a number of times each. On the Win2k computer we have just jspname$jsp.java as the name of the generated servlet. We don't know, if the two phenomena are connected, and we are absolutely clueless what the differences are caused by. If anyone of could give us a hint of how to make the Win XP installations work as properly as the Win2k instance, your help will be greatly appreciated! Our environments are: Windows 2000 (works fine) and Windows XP (sucks), J2SDK 1.4.2_01 from Sun and Tomcat 4.0.6 LE. Many thanks in advance! Regards Peter Bär - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]