RE: Windows service and multiple instances
You need to install the second service manually. How you do this depends on which version of Tomcat you're running. Chris -Original Message- From: Wouter De Vaal [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 01, 2004 10:38 AM To: [EMAIL PROTECTED] Subject: Windows service and multiple instances Hi, I've read enough about having multiple tomcat instances. However when using windows, the installer won't create a second windows service for starting and stopping the second tomcat installation. Has anyone have a solution/suggestion for this? Regards, Wouter de Vaal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problem With Tomcat and NT service
That's because when Tomcat is run as a service, it's base directory becomes System32 instead of whatever dir you run the startup bat file in. Chris -Original Message- From: Raphael THIOLIERE [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 4:40 AM To: Tomcat Users List Subject: Problem With Tomcat and NT service Hello, I use Tomcat like a server of webservices. When I run Tomcat with the script startup.bat, my application works fine. But when I want to launch Tomcat with the NT service (created by the install) it doesn't work : I have to copy a fichier in the directory system32. This fichier is use by my application, it contains the informations for the connection at the SGBD. My version of tomcat is 4.1. Idea ? If I use tomcat 3.3 ,I modify the fichier wrapper.properties and It works. Raphaël. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problem With Tomcat and NT service
Not AFAIK. Chris -Original Message- From: hui [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 9:15 AM To: 'Tomcat Users List' Subject: RE: Problem With Tomcat and NT service Hi In this case, can we change the base directory? Regards, hui -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 8:28 AM To: 'Tomcat Users List' Subject: RE: Problem With Tomcat and NT service That's because when Tomcat is run as a service, it's base directory becomes System32 instead of whatever dir you run the startup bat file in. Chris -Original Message- From: Raphael THIOLIERE [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 4:40 AM To: Tomcat Users List Subject: Problem With Tomcat and NT service Hello, I use Tomcat like a server of webservices. When I run Tomcat with the script startup.bat, my application works fine. But when I want to launch Tomcat with the NT service (created by the install) it doesn't work : I have to copy a fichier in the directory system32. This fichier is use by my application, it contains the informations for the connection at the SGBD. My version of tomcat is 4.1. Idea ? If I use tomcat 3.3 ,I modify the fichier wrapper.properties and It works. Raphaël. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL mutual authentication problem with Tomcat5
You need to pass the truststore into Tomcat as a JVM option. Look in the archives of the list for SSL. I posted all of my steps a month or so ago. Chris -Original Message- From: Ryan LeCompte [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 2:07 PM To: [EMAIL PROTECTED] Subject: SSL mutual authentication problem with Tomcat5 Hello, I'm trying to have a standalone Java client communicate via SSL with a remote Tomcat5 server. I'm setting the two system properties for specifying the SSL trust store path and trust store password. The client is able to successfully communicate via SSL when Tomcat is configured to not require client-side authentication (for example in tomcat the configuration attribute 'clientAuth=false' would be used). However, when I turn on this attribute and require client-side authentication, the client fails to communicate successfully with the Tomcat5 server. The following exception is generated: java.rmi.RemoteException: HTTP transport error: java.net.SocketException: Software caused connection abort: recv failed; nested exception is: HTTP transport error: java.net.SocketException: Software caused connection abort: recv failed at . Is there anything else that must occur on the client side when the remote web server requires a client-side certification authentication? I'm still new to SSL, so perhaps I have the basic concept confused. Do I have to import another certification in the client-side keystore for this to work? I looked in the SSL HOW-TO but didn't find an answer to my question. I also tried importing all of the certificates in the client keystore into the cacerts file in JAVA_HOME/jre/lib/security/cacerts. Here is the connector configuration for SSL in server.xml: !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=true sslProtocol=TLS keystoreFile=C:\ssl\sslWSCerts.keystore keystorePass=changeit/ Thank you for any help that you may be able to provide. -- Ryan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat JRE vs JDK Issue
I simply commented out the lines checking for javac and jdb. This seems to work. Chris -Original Message- From: George Sexton [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 17, 2004 2:19 PM To: 'Tomcat Users List'; 'Remy Maucherat' Subject: RE: Tomcat JRE vs JDK Issue One aside, the script (batch file) has an exit statement on the case where the JDK is not detected. This results in a mysterious window closing which causes a lot of hair pulling. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- From: Remy Maucherat [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 9:04 AM To: Tomcat Users List Subject: Re: Tomcat JRE vs JDK Issue On Tue, 16 Nov 2004 10:46:38 -0500, Hubble, Christopher [EMAIL PROTECTED] wrote: How does one precompile the JSPs? Then I should be able to use TC with just a JRE, correct? Once TC is deployed, there should not be any need for changes to it, so it's fine to precompile the JSPs. Some JSP 2.0 features prevent precompilation, so, with Jasper, you cannot claim compliance without a Java compiler. So I can only recommend using TC 5.5 if you want to use a JRE. Note that the shell scripts will still complain about not having a JDK, as they have options which use JDK features. We have not decided what to do about that at the moment, but you can easily edit the script to bypass the check. -- x Rémy Maucherat Developer Consultant JBoss Group (Europe) SàRL x - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat JRE vs JDK Issue
I'm trying to run Tomcat 5.0.28 on W2k client machine. On my machine, it runs fine, with no problems. But when I copy it over to the client machine, which has the 1.4.2_05 JRE on it, Tomcat won't run, and says that it requires the JDK. Why is this, and is there a workaround, or do I have to install the JDK? I don't remember having this issue with 4.x. Is it 5.x specific? TIA. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat JRE vs JDK Issue
Why is that? Chris -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:19 AM To: Tomcat Users List Subject: RE: Tomcat JRE vs JDK Issue Hi, Both Tomcat 4.x and 5.0 require the JDK. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:09 AM To: [EMAIL PROTECTED] Subject: Tomcat JRE vs JDK Issue I'm trying to run Tomcat 5.0.28 on W2k client machine. On my machine, it runs fine, with no problems. But when I copy it over to the client machine, which has the 1.4.2_05 JRE on it, Tomcat won't run, and says that it requires the JDK. Why is this, and is there a workaround, or do I have to install the JDK? I don't remember having this issue with 4.x. Is it 5.x specific? TIA. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat JRE vs JDK Issue
Feel free to explain. :) Chris -Original Message- From: Anthony E. Carlos [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:23 AM To: Tomcat Users List Subject: Re: Tomcat JRE vs JDK Issue Chris: I think TC requires the JDK (not just the JRE) so that it can compile JSPs. If this doesn't make sense, I can explain further. -Anthony Carlos On Nov 16, 2004, at 10:17 AM, Allistair Crossley wrote: does the client machine have JAVA_HOME as an environment variable? -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: 16 November 2004 15:09 To: [EMAIL PROTECTED] Subject: Tomcat JRE vs JDK Issue I'm trying to run Tomcat 5.0.28 on W2k client machine. On my machine, it runs fine, with no problems. But when I copy it over to the client machine, which has the 1.4.2_05 JRE on it, Tomcat won't run, and says that it requires the JDK. Why is this, and is there a workaround, or do I have to install the JDK? I don't remember having this issue with 4.x. Is it 5.x specific? TIA. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat JRE vs JDK Issue
Due to other programs that we install on the client machine, the JRE is installed. I was hoping to just use that in order to minimize the changes to our other programs and setups. Do you know where I could find more information about using tools.jar? Chris -Original Message- From: David Boyer [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:42 AM To: [EMAIL PROTECTED] Subject: RE: Tomcat JRE vs JDK Issue Correct me if I'm wrong. One of the things the JDK brings that the JRE does not is tools.jar which contains com.sun.tools.javac, which is needed to compile JSPs. It might be possible to use the JRE as long as you have tools.jar from the JDK somewhere in your classpath. It seems like I saw a thread related to this a while ago, although I don't know if it works. Is there a compelling reason to want to use the JRE rather than the full JDK? [EMAIL PROTECTED] 11/16/2004 7:35:02 AM Chris, JSP pages get compiled into bytecode (as Yoav just said) as they are requested. So, the server requires the SDK, including javac to do the compiling. --Dan -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 9:20 AM To: 'Tomcat Users List' Subject: RE: Tomcat JRE vs JDK Issue Feel free to explain. :) Chris -Original Message- From: Anthony E. Carlos [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:23 AM To: Tomcat Users List Subject: Re: Tomcat JRE vs JDK Issue Chris: I think TC requires the JDK (not just the JRE) so that it can compile JSPs. If this doesn't make sense, I can explain further. -Anthony Carlos On Nov 16, 2004, at 10:17 AM, Allistair Crossley wrote: does the client machine have JAVA_HOME as an environment variable? -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: 16 November 2004 15:09 To: [EMAIL PROTECTED] Subject: Tomcat JRE vs JDK Issue I'm trying to run Tomcat 5.0.28 on W2k client machine. On my machine, it runs fine, with no problems. But when I copy it over to the client machine, which has the 1.4.2_05 JRE on it, Tomcat won't run, and says that it requires the JDK. Why is this, and is there a workaround, or do I have to install the JDK? I don't remember having this issue with 4.x. Is it 5.x specific? TIA. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;A href=http://www.qas.comwww.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat JRE vs JDK Issue
tools.jar is already in common/lib. How do I get Tomcat to start w/o loading the JRE? Can I just modify the catalina.bat file? Chris -Original Message- From: Allistair Crossley [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:45 AM To: Tomcat Users List Subject: RE: Tomcat JRE vs JDK Issue I have experienced the need in the past to drop tools.jar into tomcat's common/lib folder but not in 5.0.28 or 5.5. Perhaps you're right. -Original Message- From: David Boyer [mailto:[EMAIL PROTECTED] Sent: 16 November 2004 15:42 To: [EMAIL PROTECTED] Subject: RE: Tomcat JRE vs JDK Issue Correct me if I'm wrong. One of the things the JDK brings that the JRE does not is tools.jar which contains com.sun.tools.javac, which is needed to compile JSPs. It might be possible to use the JRE as long as you have tools.jar from the JDK somewhere in your classpath. It seems like I saw a thread related to this a while ago, although I don't know if it works. Is there a compelling reason to want to use the JRE rather than the full JDK? [EMAIL PROTECTED] 11/16/2004 7:35:02 AM Chris, JSP pages get compiled into bytecode (as Yoav just said) as they are requested. So, the server requires the SDK, including javac to do the compiling. --Dan -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 9:20 AM To: 'Tomcat Users List' Subject: RE: Tomcat JRE vs JDK Issue Feel free to explain. :) Chris -Original Message- From: Anthony E. Carlos [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:23 AM To: Tomcat Users List Subject: Re: Tomcat JRE vs JDK Issue Chris: I think TC requires the JDK (not just the JRE) so that it can compile JSPs. If this doesn't make sense, I can explain further. -Anthony Carlos On Nov 16, 2004, at 10:17 AM, Allistair Crossley wrote: does the client machine have JAVA_HOME as an environment variable? -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: 16 November 2004 15:09 To: [EMAIL PROTECTED] Subject: Tomcat JRE vs JDK Issue I'm trying to run Tomcat 5.0.28 on W2k client machine. On my machine, it runs fine, with no problems. But when I copy it over to the client machine, which has the 1.4.2_05 JRE on it, Tomcat won't run, and says that it requires the JDK. Why is this, and is there a workaround, or do I have to install the JDK? I don't remember having this issue with 4.x. Is it 5.x specific? TIA. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;A href=http://www.qas.comwww.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat JRE vs JDK Issue
How does one precompile the JSPs? Then I should be able to use TC with just a JRE, correct? Once TC is deployed, there should not be any need for changes to it, so it's fine to precompile the JSPs. Chris -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:50 AM To: Tomcat Users List Subject: RE: Tomcat JRE vs JDK Issue Hi, One of the things the JDK brings that the JRE does not is tools.jar which contains com.sun.tools.javac, which is needed to compile JSPs. Correct. It might be possible to use the JRE as long as you have tools.jar from the JDK somewhere in your classpath. It seems like I saw a thread related to this a while ago, although I don't know if it works. It does for many cases, but not all (there are tricky classloader-related cases if using a JRE/lib/ext or sealed jar), and that's why it's not recommended now and was never officially supported. Is there a compelling reason to want to use the JRE rather than the full JDK? There are two that come to mind. One is that the JRE is smaller, lighter in footprint, and easier to install. The second is probably more significant, and it is that anyone can redistribute a JRE for commercial use, but not a JDK. The latter is a license violation. So if you're creating a shrink-wrapped product, you can't bundle the JDK with it (unless you get a special license and pay royalties to Sun), but you can the JRE. This is a good reason for JSP pre-compilation in and of itself. All of the above applies only to the Sun JDK and JRE. There are alternatives, such as the IBM, JRockit, Blackdown JDKs, and the Jikes compiler. Tomcat works with all of these, and they have different license restrictions for redistributions. Of course, Tomcat 5.5 largely avoids this issue altogether. Tomcat 5.5 requires only a JRE, and bundles Eclipse's JDT compiler, which is free for redistribution. So you can bundle Tomcat 5.5 with a JRE, not pre-compile JSPs, and still be able to sell your package without violating any license or paying any royalties. Yoav Shapira http://www.yoavshapira.com This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat JRE vs JDK Issue
Thanks for the info. It looks like I won't need the JDK after all. One last question. How do I get TC to not blow up about using a JRE? Can I just comment out the lines checking for javac.exe, or will that break other things? Chris -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:59 AM To: Tomcat Users List Subject: RE: Tomcat JRE vs JDK Issue Hi, How does one precompile the JSPs? Then I should be able to use TC with RTFM at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/jasper-howto.html. a JRE, correct? Once TC is deployed, there should not be any need for changes to it, so it's fine to precompile the JSPs. That depends on your scenario. If only deploy once and ship, then yeah. But if you (or your users, or your server admin) can change JSPs after shipping the app, you still need the JDK. Tomcat supports a very wide variety of use-cases. Now that you know more than enough about JDK vs JRE you should be able to make the call given your user requirements ;) Yoav This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat JRE vs JDK Issue
Well, I just finished changing the scripts to not worry about the JDK, and everything seems to be working okay. I'm off to do some testing. Thanks to everyone for the help. Chris -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:56 AM To: 'Tomcat Users List' Subject: RE: Tomcat JRE vs JDK Issue Thanks for the info. It looks like I won't need the JDK after all. One last question. How do I get TC to not blow up about using a JRE? Can I just comment out the lines checking for javac.exe, or will that break other things? Chris -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 10:59 AM To: Tomcat Users List Subject: RE: Tomcat JRE vs JDK Issue Hi, How does one precompile the JSPs? Then I should be able to use TC with RTFM at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/jasper-howto.html. a JRE, correct? Once TC is deployed, there should not be any need for changes to it, so it's fine to precompile the JSPs. That depends on your scenario. If only deploy once and ship, then yeah. But if you (or your users, or your server admin) can change JSPs after shipping the app, you still need the JDK. Tomcat supports a very wide variety of use-cases. Now that you know more than enough about JDK vs JRE you should be able to make the call given your user requirements ;) Yoav This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Not working properly
You have your keystorepass parameter misspelled. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, November 11, 2004 2:42 AM To: Tomcat Users List Subject: SSL Not working properly Hi, I have done everything to implement SSL on tomcat as described in SSL HOW -TO .. i have placed my kestore file in the Tomcat home directory and as metioned in the path in server.xml but i am still getting error please help??? [ERROR] Http11Protocol - -Error initializing endpoint java.io.IOException: Keys tore was tampered with, or password was incorrectjava.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:737) at java.security.KeyStore.load(KeyStore.java:608) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:313) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:261) at org.apache.tomcat.util.net.jsse.JSSE13SocketFactory.init(JSSE13Socket Factory.java:129) Catalina.start: LifecycleException: Protocol handler initialization failed: jav a.io.IOException: Keystore was tampered with, or password was incorrect LifecycleException: Protocol handler initialization failed: java.io.IOException : Keystore was tampered with, or password was incorrect at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector. java:1231) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) Catalina.start: LifecycleException: Protocol handler initialization failed: jav a.io.IOException: Keystore was tampered with, or password was incorrect LifecycleException: Protocol handler initialization failed: java.io.IOException : Keystore was tampered with, or password was incorrect at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector. java:1231) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) my server.xml is as follow : . !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=true keystroreFile=c:\birendar\mykey.keystore keystrorePass=changeit protocol=TLS / /Connector . Birendar Singh Waldiya Tata Consultancy Services Limited Mailto: [EMAIL PROTECTED] Website: http://www.tcs.com Koon Yue Lam [EMAIL PROTECTED] 11/11/2004 12:38 PM Please respond to Tomcat Users List [EMAIL PROTECTED] To Tomcat Users List [EMAIL PROTECTED] cc Subject How to secure my webapp under Tomcat? Hi, I have developed a webapp using Tomcat and MySQL Now I DON'T want my client browse my JSPs, servlets and database structure etc .. I want the entire webapp (and database) deployed only by me and not by others. Is there any methods that I can secure my webapp to ensure my client won't deploy it to somewhere else by someone else?? Regards - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ForwardSourceID:NT327A DISCLAIMER: The information contained in this message is intended only and solely for the addressed individual or entity indicated in this message and for the exclusive use of the said addressed individual or entity indicated in this message (or responsible for delivery of the message to such person) and may contain legally privileged and confidential
RE: SSL Not working properly
Oh, and your keystoreFile parameter is misspelled as well. You have keystrore. It should be keystore. :) Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, November 11, 2004 2:42 AM To: Tomcat Users List Subject: SSL Not working properly Hi, I have done everything to implement SSL on tomcat as described in SSL HOW -TO .. i have placed my kestore file in the Tomcat home directory and as metioned in the path in server.xml but i am still getting error please help??? [ERROR] Http11Protocol - -Error initializing endpoint java.io.IOException: Keys tore was tampered with, or password was incorrectjava.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:737) at java.security.KeyStore.load(KeyStore.java:608) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:313) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:261) at org.apache.tomcat.util.net.jsse.JSSE13SocketFactory.init(JSSE13Socket Factory.java:129) Catalina.start: LifecycleException: Protocol handler initialization failed: jav a.io.IOException: Keystore was tampered with, or password was incorrect LifecycleException: Protocol handler initialization failed: java.io.IOException : Keystore was tampered with, or password was incorrect at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector. java:1231) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) Catalina.start: LifecycleException: Protocol handler initialization failed: jav a.io.IOException: Keystore was tampered with, or password was incorrect LifecycleException: Protocol handler initialization failed: java.io.IOException : Keystore was tampered with, or password was incorrect at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector. java:1231) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) my server.xml is as follow : . !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=true keystroreFile=c:\birendar\mykey.keystore keystrorePass=changeit protocol=TLS / /Connector . Birendar Singh Waldiya Tata Consultancy Services Limited Mailto: [EMAIL PROTECTED] Website: http://www.tcs.com Koon Yue Lam [EMAIL PROTECTED] 11/11/2004 12:38 PM Please respond to Tomcat Users List [EMAIL PROTECTED] To Tomcat Users List [EMAIL PROTECTED] cc Subject How to secure my webapp under Tomcat? Hi, I have developed a webapp using Tomcat and MySQL Now I DON'T want my client browse my JSPs, servlets and database structure etc .. I want the entire webapp (and database) deployed only by me and not by others. Is there any methods that I can secure my webapp to ensure my client won't deploy it to somewhere else by someone else?? Regards - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ForwardSourceID:NT327A DISCLAIMER: The information contained in this message is intended only and solely for the addressed individual or entity indicated in this message and for the exclusive use of the said addressed individual or entity indicated in this message (or responsible for delivery of the message to such
RE: SSL Not working properly
I had no problems running SSL on the default ports. I believe your problem is that your specifying https and 8080. Try https://localhost:8443 Chris -Original Message- From: David Austin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 11, 2004 9:28 AM To: Tomcat Users List Subject: RE: SSL Not working properly Chris, or Birendar Were you able to get the redirect working on those ports: 8080 and 8443? I have the same setup for tomcat 4.1.31, but i can only get it to work using port 80 and 443... -dave -- Original Message -- From: Hubble, Christopher [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] Date: Thu, 11 Nov 2004 08:28:38 -0500 Oh, and your keystoreFile parameter is misspelled as well. You have keystrore. It should be keystore. :) Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, November 11, 2004 2:42 AM To: Tomcat Users List Subject: SSL Not working properly Hi, I have done everything to implement SSL on tomcat as described in SSL HOW -TO .. i have placed my kestore file in the Tomcat home directory and as metioned in the path in server.xml but i am still getting error please help??? [ERROR] Http11Protocol - -Error initializing endpoint java.io.IOException: Keys tore was tampered with, or password was incorrectjava.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:737) at java.security.KeyStore.load(KeyStore.java:608) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:313) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:261) at org.apache.tomcat.util.net.jsse.JSSE13SocketFactory.init(JSSE13Socket Factory.java:129) Catalina.start: LifecycleException: Protocol handler initialization failed: jav a.io.IOException: Keystore was tampered with, or password was incorrect LifecycleException: Protocol handler initialization failed: java.io.IOException : Keystore was tampered with, or password was incorrect at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector. java:1231) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) Catalina.start: LifecycleException: Protocol handler initialization failed: jav a.io.IOException: Keystore was tampered with, or password was incorrect LifecycleException: Protocol handler initialization failed: java.io.IOException : Keystore was tampered with, or password was incorrect at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector. java:1231) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) my server.xml is as follow : . !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=true keystroreFile=c:\birendar\mykey.keystore keystrorePass=changeit protocol=TLS / /Connector . Birendar Singh Waldiya Tata Consultancy Services Limited Mailto: [EMAIL PROTECTED] Website: http://www.tcs.com Koon Yue Lam [EMAIL PROTECTED] 11/11/2004 12:38 PM Please respond to Tomcat Users List [EMAIL PROTECTED] To Tomcat Users List [EMAIL PROTECTED] cc Subject How to secure my webapp under Tomcat? Hi, I have developed a webapp using Tomcat and MySQL Now I DON'T want my client browse my JSPs, servlets and database
RE: SSL Not working properly
AFAIK, that's because https defaults to 443. -Original Message- From: David Austin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 11, 2004 9:36 AM To: Tomcat Users List Subject: RE: SSL Not working properly But I thought that was the whole point of the redirect... So a user could be browsing the site using the familiar http://localhost:8080, and he comes across a secure link to https, he could just type https://localhost:8080 and it would redirect automatically. If i set it up for ports 80 and 443, i can type https://localhost it will redirect without displaying the :443. -- Original Message -- From: Hubble, Christopher [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] Date: Thu, 11 Nov 2004 09:20:24 -0500 I had no problems running SSL on the default ports. I believe your problem is that your specifying https and 8080. Try https://localhost:8443 Chris -Original Message- From: David Austin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 11, 2004 9:28 AM To: Tomcat Users List Subject: RE: SSL Not working properly Chris, or Birendar Were you able to get the redirect working on those ports: 8080 and 8443? I have the same setup for tomcat 4.1.31, but i can only get it to work using port 80 and 443... -dave -- Original Message -- From: Hubble, Christopher [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] Date: Thu, 11 Nov 2004 08:28:38 -0500 Oh, and your keystoreFile parameter is misspelled as well. You have keystrore. It should be keystore. :) Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, November 11, 2004 2:42 AM To: Tomcat Users List Subject: SSL Not working properly Hi, I have done everything to implement SSL on tomcat as described in SSL HOW -TO .. i have placed my kestore file in the Tomcat home directory and as metioned in the path in server.xml but i am still getting error please help??? [ERROR] Http11Protocol - -Error initializing endpoint java.io.IOException: Keys tore was tampered with, or password was incorrectjava.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:737) at java.security.KeyStore.load(KeyStore.java:608) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:313) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:261) at org.apache.tomcat.util.net.jsse.JSSE13SocketFactory.init(JSSE13Socket Factory.java:129) Catalina.start: LifecycleException: Protocol handler initialization failed: jav a.io.IOException: Keystore was tampered with, or password was incorrect LifecycleException: Protocol handler initialization failed: java.io.IOException : Keystore was tampered with, or password was incorrect at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector. java:1231) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) Catalina.start: LifecycleException: Protocol handler initialization failed: jav a.io.IOException: Keystore was tampered with, or password was incorrect LifecycleException: Protocol handler initialization failed: java.io.IOException : Keystore was tampered with, or password was incorrect at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector. java:1231) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:2246) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) my server.xml is as follow : . !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups
RE: SSL Certificate configuration
It doesn't matter what your keystore is named(at least in windows). I usually use a keystore convention of appname.ks Haven't had a problem with it. Robert, are you using a password for your keystore? I've never tried it without a password. Chris -Original Message- From: David Goodenough [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 7:23 AM To: [EMAIL PROTECTED] Subject: Re: SSL Certificate configuration Maybe its different on Windows, I only use Linux. Certainly on Linux the file is called .keystore, and of course as that is a hidden file one could create keystore files till the sky turned yellow before Tomcat would take any notice of them, i.e. it would use whatever was in the .keystore file. David On Thursday 11 November 2004 11:47, Robert Cole wrote: Hi David, I'm unfortunately on a Wintel server and the OS has problems with files named with a preceding. My connector references the 'keystore' and accessing the keystore via keytool. I've tried it with the .keystore name as an early solution but it didn't make any difference. If the .keystore name is mandatory I can try it again, but it still doesn't explain where the self-signed certificate is coming from. Thanks, Rob Cole +44 (0)20 754 51117 David Goodenough [EMAIL PROTECTED]To: [EMAIL PROTECTED] onnect.com cc: Subject: Re: SSL Certificate configuration 09/11/2004 11:33 Please respond to Tomcat Users List On Thursday 11 November 2004 11:04, Robert Cole wrote: Hi, I'm having some fun and games getting Tomcat 5.0.19 to use a non-self signed certificate. I've done the following: 1) Using Keytool, generated a new key pair using the genkey switch, into a new keystore 2) Generated a CSR using the new keystore created above 3) Using OpenSSL, where I've created a certificate authority to sign my CSRs, I've then generated a signed certificate valid for 365 days, signed by my root authority 4) I've then imported the Root CA into the keystore created in 1 5) Then I've imported the new, signed certificate into the keystore from 1 6) I've then enabled by HTTPS connector in server.xml, with the keystore entry pointing to the keystore from 1. I bounced Tomcat afterwards I can then connect to Tomcat on port 8443 but when I examine the certificate it is a self signed certificate that expired after 3 months. There is no evidence of the signed certificate. So far I have: 1) Removed the keystore file to check that Tomcat is picking up the correct file. It is as I get loads of errors in the std.out file 2) Listed the contents of the keystore. I can see in the following order, the root CA certificate, the generated keypair and then the signed certificate. 3) I made a copy of the keystore, changed the configuration to use the copy and then fired Tomcat up again. I finally managed to shut Tomcat down again after a large number of errors flooded the log file. 4) I've used the Keytool export and printcert switches to check that the signed certificate in the keystore is the right one, and it is. So, my question is, how is tomcat using a self signed SSL certificate, and where could it be getting it from? Is there a way to force Tomcat to use a certain certificate from a keystore? I'm now very, very stuck and would appreciate some help. Are there any switches I can use to get more information from Tomcat on what it is using, certificate wise? For reference, the connector config looks like this: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\db\certificates\keystore keystorePass= / My keystore: D:\db\certificateskeytool -keystore keystore -list should that not be .keystore, not keystore? David Enter keystore password: Keystore type: jks Keystore provider: SUN Your keystore contains 3 entries rootca, Nov 9, 2004, trustedCertEntry, Certificate fingerprint (MD5): 7B:CD:2C:5D:AE:79:8A:86:D5:70:25:56:3D:0D:D1:AC mis1_key, Nov 9, 2004, keyEntry, Certificate fingerprint (MD5): BB:6A:10:C7:1C:DC:A2:AE:BD:77:C3:6F:50:B6:50:C1 mis1_cert, Nov 9, 2004, trustedCertEntry, Certificate fingerprint (MD5): 63:A4:57:A1:3E:B9:72:67:14:21:88:F3:3A:90:C5:5A The certificate that should be used is the mis1_cert certificate. From the printcert: D:\db\certificateskeytool -keystore keystore -printcert -file test.crt -v Owner: CN=mis1, OU=gmPrice, O=Deutsche Bank, L=London, ST=England, C=UK Issuer: [EMAIL PROTECTED], CN=gmPrice, OU=Shared Technology, O=Deutsche
RE: SSL Certificate configuration
BTW, I believe that the CN of your cert needs to be your machines IP or domain, whichever is used to connect. -Original Message- From: Robert Cole [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 9:59 AM To: Tomcat Users List Cc: 'Tomcat Users List' Subject: RE: SSL Certificate configuration There is a password specified, I just didn't fancy including it in a publically available mail archive. It is specified at the keystore creation and also specified in the connector. Sorry for any confustion this may have caused. Hubble, ChristopherTo: 'Tomcat Users List' [EMAIL PROTECTED] CHRISTOPHER.L.HUBBLcc: [EMAIL PROTECTED] Subject: RE: SSL Certificate configuration 09/11/2004 13:53 Please respond to Tomcat Users List It doesn't matter what your keystore is named(at least in windows). I usually use a keystore convention of appname.ks Haven't had a problem with it. Robert, are you using a password for your keystore? I've never tried it without a password. Chris -Original Message- From: David Goodenough [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 7:23 AM To: [EMAIL PROTECTED] Subject: Re: SSL Certificate configuration Maybe its different on Windows, I only use Linux. Certainly on Linux the file is called .keystore, and of course as that is a hidden file one could create keystore files till the sky turned yellow before Tomcat would take any notice of them, i.e. it would use whatever was in the .keystore file. David On Thursday 11 November 2004 11:47, Robert Cole wrote: Hi David, I'm unfortunately on a Wintel server and the OS has problems with files named with a preceding. My connector references the 'keystore' and accessing the keystore via keytool. I've tried it with the .keystore name as an early solution but it didn't make any difference. If the .keystore name is mandatory I can try it again, but it still doesn't explain where the self-signed certificate is coming from. Thanks, Rob Cole +44 (0)20 754 51117 David Goodenough [EMAIL PROTECTED]To: [EMAIL PROTECTED] onnect.com cc: Subject: Re: SSL Certificate configuration 09/11/2004 11:33 Please respond to Tomcat Users List On Thursday 11 November 2004 11:04, Robert Cole wrote: Hi, I'm having some fun and games getting Tomcat 5.0.19 to use a non-self signed certificate. I've done the following: 1) Using Keytool, generated a new key pair using the genkey switch, into a new keystore 2) Generated a CSR using the new keystore created above 3) Using OpenSSL, where I've created a certificate authority to sign my CSRs, I've then generated a signed certificate valid for 365 days, signed by my root authority 4) I've then imported the Root CA into the keystore created in 1 5) Then I've imported the new, signed certificate into the keystore from 1 6) I've then enabled by HTTPS connector in server.xml, with the keystore entry pointing to the keystore from 1. I bounced Tomcat afterwards I can then connect to Tomcat on port 8443 but when I examine the certificate it is a self signed certificate that expired after 3 months. There is no evidence of the signed certificate. So far I have: 1) Removed the keystore file to check that Tomcat is picking up the correct file. It is as I get loads of errors in the std.out file 2) Listed the contents of the keystore. I can see in the following order, the root CA certificate, the generated keypair and then the signed certificate. 3) I made a copy of the keystore, changed the configuration to use the copy and then fired Tomcat up again. I finally managed to shut Tomcat down again after a large number of errors flooded the log file. 4) I've used the Keytool export and printcert switches to check that the signed certificate in the keystore is the right one, and it is. So, my question is, how is tomcat using a self signed SSL certificate, and where could it be getting it from? Is there a way to force Tomcat to use a certain certificate from a keystore? I'm now very, very stuck and would appreciate some help. Are there any switches I can use to get more information from Tomcat on what it is using, certificate wise? For reference, the connector config looks like this: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\db\certificates\keystore
RE: SSL Certificate configuration
The machine name should work as long as they're connecting via DNS. Is your test case using the IP or DNS? -Original Message- From: Robert Cole [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 12:42 PM To: Tomcat Users List Subject: Re: SSL Certificate configuration The CN is the name of the machine, i.e. mis1. I haven't tried the IP yet, but as people will connect via the DNS entry will that resolve to a correct certificate entry in people's browsers? Yes, I know they will have to import the root CA but that's for later. Thanks, Rob Cole +44 (0)20 754 51117 Hubble, ChristopherTo: 'Tomcat Users List' [EMAIL PROTECTED] CHRISTOPHER.L.HUBBLcc: [EMAIL PROTECTED] Subject: RE: SSL Certificate configuration 09/11/2004 15:19 Please respond to Tomcat Users List BTW, I believe that the CN of your cert needs to be your machines IP or domain, whichever is used to connect. -Original Message- From: Robert Cole [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 9:59 AM To: Tomcat Users List Cc: 'Tomcat Users List' Subject: RE: SSL Certificate configuration There is a password specified, I just didn't fancy including it in a publically available mail archive. It is specified at the keystore creation and also specified in the connector. Sorry for any confustion this may have caused. Hubble, ChristopherTo: 'Tomcat Users List' [EMAIL PROTECTED] CHRISTOPHER.L.HUBBLcc: [EMAIL PROTECTED] Subject: RE: SSL Certificate configuration 09/11/2004 13:53 Please respond to Tomcat Users List It doesn't matter what your keystore is named(at least in windows). I usually use a keystore convention of appname.ks Haven't had a problem with it. Robert, are you using a password for your keystore? I've never tried it without a password. Chris -Original Message- From: David Goodenough [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 7:23 AM To: [EMAIL PROTECTED] Subject: Re: SSL Certificate configuration Maybe its different on Windows, I only use Linux. Certainly on Linux the file is called .keystore, and of course as that is a hidden file one could create keystore files till the sky turned yellow before Tomcat would take any notice of them, i.e. it would use whatever was in the .keystore file. David On Thursday 11 November 2004 11:47, Robert Cole wrote: Hi David, I'm unfortunately on a Wintel server and the OS has problems with files named with a preceding. My connector references the 'keystore' and accessing the keystore via keytool. I've tried it with the .keystore name as an early solution but it didn't make any difference. If the .keystore name is mandatory I can try it again, but it still doesn't explain where the self-signed certificate is coming from. Thanks, Rob Cole +44 (0)20 754 51117 David Goodenough [EMAIL PROTECTED]To: [EMAIL PROTECTED] onnect.com cc: Subject: Re: SSL Certificate configuration 09/11/2004 11:33 Please respond to Tomcat Users List On Thursday 11 November 2004 11:04, Robert Cole wrote: Hi, I'm having some fun and games getting Tomcat 5.0.19 to use a non-self signed certificate. I've done the following: 1) Using Keytool, generated a new key pair using the genkey switch, into a new keystore 2) Generated a CSR using the new keystore created above 3) Using OpenSSL, where I've created a certificate authority to sign my CSRs, I've then generated a signed certificate valid for 365 days, signed by my root authority 4) I've then imported the Root CA into the keystore created in 1 5) Then I've imported the new, signed certificate into the keystore from 1 6) I've then enabled by HTTPS connector in server.xml, with the keystore entry pointing to the keystore from 1. I bounced Tomcat afterwards I can then connect to Tomcat on port 8443 but when I examine the certificate it is a self signed certificate that expired after 3 months. There is no evidence of the signed certificate. So far I have: 1) Removed the keystore file to check that Tomcat is picking up the correct file. It is as I get loads of errors in the std.out file 2) Listed the contents of the keystore. I can see in the following order, the root CA certificate, the generated keypair and then the signed certificate. 3) I made a copy of the keystore, changed the configuration to use the copy and then fired Tomcat up again. I
SSL Definitions in Server.xml
Why can you define the keystore in server.xml, but you have to set the truststore in the jvm? Has this been changed in tomcat 5? It makes setting up client side auth a lot more work than it should be. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 4 as an NT Service
I'm trying to install tomcat 4 as a service. I can't use the exe as I need to pass in jvm args for SSL. I've tried multiple different args to tomcat.exe. I've seen several posts mentioning that the jvm's are different. I tried the one in java_home\jre\bin\server and the one in client. They both install without any errors, but when I go to start the service, it tells me that it couldn't start and there was no error. I tried installing the service with the jvm.dll in program files\java\j2re1.4.2_03\bin\client, and when I first started it, there was no error, but it immediately stopped. I then started it again and it gave me the followingError 1607: The process terminated unexpectedly Any help would be appreciated. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 4 as an NT Service
I'm doing client auth and need to provide the server with a truststore. Your method only works for one initial run of tomcat. As soon as you stop the service, the parameter goes away, and upon starting again, it's back to the default. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, October 11, 2004 11:16 AM To: [EMAIL PROTECTED] Subject: RE: Tomcat 4 as an NT Service Hello Chris: If you don't mind me asking, what args do you need to pass to enable SSL? My implementation of SSL is all done through my {CATALINA_HOME}\conf\server.xml file... In either case, if you wish to pass arguments to the Apache Tomcat service, just go into computer management (right click my computer, properties) and then scroll down to services, double click the Apache Tomcat service and you can specify Start parameters towards the bottom of that dialog window. Good luck Azam Khan -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Monday, October 11, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: Tomcat 4 as an NT Service I'm trying to install tomcat 4 as a service. I can't use the exe as I need to pass in jvm args for SSL. I've tried multiple different args to tomcat.exe. I've seen several posts mentioning that the jvm's are different. I tried the one in java_home\jre\bin\server and the one in client. They both install without any errors, but when I go to start the service, it tells me that it couldn't start and there was no error. I tried installing the service with the jvm.dll in program files\java\j2re1.4.2_03\bin\client, and when I first started it, there was no error, but it immediately stopped. I then started it again and it gave me the followingError 1607: The process terminated unexpectedly Any help would be appreciated. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 4 as an NT Service
If it were just one machine, that wouldn't be a problem. However, I need to set this up so that any user can install it. I think I finally got it working, however, it doesn't seem to want to stop. Anyone have any suggestions? Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, October 11, 2004 11:29 AM To: [EMAIL PROTECTED] Subject: RE: Tomcat 4 as an NT Service I see.. Why don't you try to modify the registry key directly. Head over to HKLM\SYSTEM\CurrentControlSet\Services\[your tomcat service]\ Look for the ImagePath key.. You should be able to update that value to whatever you want. Thanks, Azam Khan Network Data Support Center Verizon Wireless 866-222-7114 http://ndsc.eng.vzwcorp.com -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Monday, October 11, 2004 11:11 AM To: 'Tomcat Users List' Subject: RE: Tomcat 4 as an NT Service I'm doing client auth and need to provide the server with a truststore. Your method only works for one initial run of tomcat. As soon as you stop the service, the parameter goes away, and upon starting again, it's back to the default. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, October 11, 2004 11:16 AM To: [EMAIL PROTECTED] Subject: RE: Tomcat 4 as an NT Service Hello Chris: If you don't mind me asking, what args do you need to pass to enable SSL? My implementation of SSL is all done through my {CATALINA_HOME}\conf\server.xml file... In either case, if you wish to pass arguments to the Apache Tomcat service, just go into computer management (right click my computer, properties) and then scroll down to services, double click the Apache Tomcat service and you can specify Start parameters towards the bottom of that dialog window. Good luck Azam Khan -Original Message- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Monday, October 11, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: Tomcat 4 as an NT Service I'm trying to install tomcat 4 as a service. I can't use the exe as I need to pass in jvm args for SSL. I've tried multiple different args to tomcat.exe. I've seen several posts mentioning that the jvm's are different. I tried the one in java_home\jre\bin\server and the one in client. They both install without any errors, but when I go to start the service, it tells me that it couldn't start and there was no error. I tried installing the service with the jvm.dll in program files\java\j2re1.4.2_03\bin\client, and when I first started it, there was no error, but it immediately stopped. I then started it again and it gave me the followingError 1607: The process terminated unexpectedly Any help would be appreciated. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Custom configuration tags
Is there a way to define custom configurations in tomcat? I have a servlet that I want to save in a user definable directory. Right now I have a simple config file that I read in from the servlet and get the path from. Is there some way to define this in server.xml or web.xml instead? Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
2 way SSL with Axis and Tomcat as a Service
Welp, after much trial and tribulation, I finally got axis using 2 way ssl. This required me to custom set up tomcat as a service, and I finally got that working. Once I get my code all cleaned up, I'll post the relavent details. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 4 as a service
I've looked around and found a lot of scripts for installing Tomcat 5 as a service. However, I need to install Tomcat 4. I need to add some jvm options for SSL. I've run tomcat.exe but the service won't start, and doesn't give any errors. I'm running it as follows. tomcat -install tomcattest %JAVA_HOME%\bin\server\jvm.dll -Dsun.io.useCanonCaches=false -jvm_option -Djava.endorsed.dirs=%CATALINA_HOME%\common\endorsed -jvm_option -Djava.class.path=%CATALINA_HOME%\bin\bootstrap.jar -jvm_option -Dcatalina.home=%CATALINA_HOME% -jvm_option -Djavax.net.ssl.trustStore=server.ts -start org.apache.catalina.startup.BootstrapService -params start -stop org.apache.catalina.startup.BootstrapService -params stop -out %CATALINA_HOME%\logs\stdout.log -err %CATALINA_HOME%\logs\stderr.log TIA. Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]