Re: SSL: same port used in both directions?
The default is 8443 Christopher W. Hosler Network Administrator Ingham County MIS Department Email [EMAIL PROTECTED] As water reflects the face So a mans heart reflects the man [EMAIL PROTECTED] 3/7/2005 11:46:23 PM I have Tomcat 5.5.7 behind a router/firewall, with port 443 and 8080 forwarded through the firewall. I can make connections from outside the firewall to port 8080, but not port 443 (it times out). I can access port 443 on my server if I browse to my server's LAN address or if I browse to my router's WAN address (i.e. loopback mode). My ISP blocks some ports, but not 443. What port is used for the server response to a request made on port 443? Is it also 443 or something else. I'm wondering if my ISP is blocking it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Question
Is this for a new web site or one that has been up and running for some time ? Christopher W. Hosler Network Administrator Ingham County MIS Department Email [EMAIL PROTECTED] As water reflects the face So a mans heart reflects the man [EMAIL PROTECTED] 3/1/2005 10:44:36 AM I have a quick question about SSL. If I am already running SSL on a server with a certificate imported into a .keystore file and I create a new certificate will it automatically overwrite the .keystore file by creating a new one or does it just add the info into the existing .keystore file. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.0.28 and ssl
I am not sure, this may have nothing to do with it but On the documentation I read it said you should use your domain name for the first and last name of the process when you created the csr to send to verisign. What name did you use when you ran the keytool to create the csr to send to verisign ? Did you use your domain name first name =mydomain.com o=xxx ou=xxx state=xxx city= xxx country=us I hope this helps. Christopher W. Hosler Network Administrator Ingham County MIS Department Email [EMAIL PROTECTED] As water reflects the face So a mans heart reflects the man [EMAIL PROTECTED] 2/22/2005 3:44:23 PM I have set a Tomcat 5.0.28 server with jsdk 1.4.2_04. I had setup the keystore and imported the received certificate from verisign. I have configured the Tomcat server to use SSL and it shows the certificate is valid but it says the name on certificate does not match the site. I look at the name on the certificate and it is the dsn name of the server. Is there something I am missing? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: What does each part of a className mean?
Thanks Peter I Just wanted you to know that I sure do appreciate the help . I know how important time is. The SSL was not working and there was no classname under the SSL section of the server.xml file so I was trying a few different names. I was trying some different classnames to see if I could get the SSL to work and yes you are right if you change the class name and take a guess the server will not even start. Using the default name from the how to docs will get the server started but the SSL still did not work .So now I can scratch that off the list and look at the keytool .exe file. Are there certain directories that should hold the keystore file and other related SSL files.? Does Tomcat expect to see the keystore file and certs in a certain default location under tomcat ? In the past I have been told no from Verisign but from the docs that I have read it sure looks that way. Thanks again for the help on the class name that makes sense. I just wasn't sure if that name was right or just an example that was suposed to be replaced by our domain name. Christopher W. Hosler Network Administrator Ingham County MIS Department Email [EMAIL PROTECTED] As water reflects the face So a mans heart reflects the man [EMAIL PROTECTED] 2/11/2005 4:00:08 AM From: Chris Hosler [mailto:[EMAIL PROTECTED] I am having a problem getting SSL to work on my tomcat 5 sever so I would like to know what each segment of the class name means from the server.xml file (className=org.apache.coyote.tomcat5.CoyoteConnector) and how it affect the SSL on my server. When I looked at my server.xml file the classname was not there I have removed the rem statements but SSL does not work I think I have it wrong. Do I even need to add the classname can I run without it Just use the port 8443? Do I need to change the org.apache.coyote.tomcat5.CoyoteConnector and change it to my domain name/server name ? Any help would be great It's the Java package and class name of the connector to use - think of it as the full postal address of the code. That package name is internal to Tomcat, and is set by the developers. If you change it in your config file, unless you have another appropriate connector in a library somewhere, you'll *definitely* screw up your configuration. If you're interested in the gory details of where the name comes from, open up server/lib/catalina.jar in your tomcat installation with something like Winzip and follow the package names down - you'll find the .class file in there. - Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: What does each part of a className mean?
I tried to buy as tomcat5 book this weekend but could not find one the only book they had was a tomcat 4. In the ssl section they did talk about moving the keystore file or adding a path statement during the creation of the keystore. They also talked a little about the importance of the default locations. When I talked to a guy from verisign during the creation he said that was one of the differences of 5 over 4. That it did not matter where the keystore or the cert was placed as long as there were no errors during the install. Right now the keystore and certs are placed off the root something like the c:\j2sdk1.4.2_06\bin\. This location is the same directory that holds the keytool.exe file that I used to create the keystore. The keytool.exe just dumped everything into its home location. The server is under c:\apache\tomcat not sure if this is the root problem or if I am just barking at the moon. Christopher W. Hosler Network Administrator Ingham County MIS Department Email [EMAIL PROTECTED] As water reflects the face So a mans heart reflects the man [EMAIL PROTECTED] 2/14/2005 9:27:37 AM From: Chris Hosler [mailto:[EMAIL PROTECTED] Are there certain directories that should hold the keystore file and other related SSL files.? Does Tomcat expect to see the keystore file and certs in a certain default location under tomcat ? In the past I have been told no from Verisign but from the docs that I have read it sure looks that way. Not as far as I can see. I'm on Windows, and Tomcat 4.0 (not yet done this on 5.x), and followed http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html specifying '-keystore c:\keys\keystore'. I then added the following to my server.xml: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=c:\keys\keystore keystorePass=.../ /Connector Works for me, but your setup may well vary. - Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
What does each part of a className mean?
I am having a problem getting SSL to work on my tomcat 5 sever so I would like to know what each segment of the class name means from the server.xml file (className=org.apache.coyote.tomcat5.CoyoteConnector) and how it affect the SSL on my server. When I looked at my server.xml file the classname was not there I have removed the rem statements but SSL does not work I think I have it wrong. Do I even need to add the classname can I run without it Just use the port 8443? Do I need to change the org.apache.coyote.tomcat5.CoyoteConnector and change it to my domain name/server name ? Any help would be great Thanks again -- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- !-- Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true; clientAuth=false sslProtocol=TLS/ Christopher W. Hosler Network Administrator Ingham County MIS Department Email [EMAIL PROTECTED] As water reflects the face So a mans heart reflects the man - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
configuring SSL on tomcat 5
I have a brand new tomcat 5 server that is up and running. I am also brand new when it comes to Tomcat. I need to configure SSL on it . I pulled the how to documents off the local server and I also pulled a document off verisign website ID# VS26254 Which is for configuring a tomcat ver4 server. I installed the SSL following the tomcat 5 how to docs off the local server found under the documentation section. When I try to verify that its running using the https://localhost:8443 I get page cannot be displayed. I have followed all the steps in the documentation but I think I see a couple of problems. When I ran the Keytool -genkey -alias tomcat -keyalg RSA -keystore my_keystore_filename it put the keystore file in the directory that I was running the keytool.exe from which is the c:\j2sdk1.4.2_06\bin directory. Also when I went to verisign to get the chain certificate the default location that it wanted to save to was under the tomcat\config directory but when I tried to run the keytool -import -alias root -keystore my_keystore_filename -trustcacerts -file filename_of chain_cert it could not find the chain cert but when I copied it to the same directory c:\j2sdk1.4.2_06\bin as the keytool.exe it worked. Now The document from versign talked of the importance of getting everything into the directory that tomcat expects it to be in . I believe that is the root problem. I have tried to just copy the files to the tomcat\config and catalina and localhost dirs but no luck . Also the third and last problem that I could see is when I edited the server.mxl file there was no classname section (Connector className=org.apache.coyote.tomcat5.CoyoteConnector) Just the port =8443 and all the rest . -- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true; clientAuth=false sslProtocol=TLS/ I removed the rem statement and tried it as was and also tried it by adding the the classname statement Connector className=org.apache.coyote.tomcat5.CoyoteConnector which also failed .So as you can see I have a lot of questions . Any help would be great. Right now I get no errors at all. I have turned off the friendly errors in internet explorer but most of the time get the page can not be displayed some of the time it looks like its trying to work I see the yellow padlock in the lower right of the browser but it just sits there trying to pull up something and it just sit there on a empty page, trying to pull up something but nothing ever comes of it. Thanks again for any help Christopher W. Hosler Network Administrator Ingham County MIS Department Email [EMAIL PROTECTED] As water reflects the face - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]