RE: SSL Help
Hi, (B (BWe see that irrespective of the contents being secure or not, the browser (Balert message comes up. We feel this is because the information about the (Boption chosen in the alert message in the first window is not being passed (Bto this new window. (BIs there any way we can pass this information to this new window so that the (Btwo alert messages don$B!G(Bt popup? (B (BThanks (BAnju (B (B-Original Message- (BFrom: Ariel Valentin [mailto:[EMAIL PROTECTED] (BSent: Monday, July 05, 2004 10:30 AM (BTo: [EMAIL PROTECTED] (BSubject: RE: SSL Help (B (B (BThat sounds like a browser specific issues, and they should have settings to (B (Bturn warning off. (BOn your end I think you should move the non-secure content in the pop up (Bfrom outside of servlet/* to your secure area. (B (BHope that helps (B (BMr. Ariel S. Valentin (Bmailto:[EMAIL PROTECTED] (B (B (B (B (B (B>From: "Anju Murthy" <[EMAIL PROTECTED]> (B>Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> (B>To: <[EMAIL PROTECTED]> (B>Subject: SSL Help (B>Date: Mon, 5 Jul 2004 10:22:56 +0530 (B> (B>Hi, (B> (B>I have configured my application to run over SSL. I am forcing all (B>requests to route to https using the following code in web.xml (B> (B> (B> (B> LoginServlet (B> /servlet/* (B>POST (B>GET (B> (B> (B>* (B> (B> (B> CONFIDENTIAL (B> (B> (B> (B>I have my internet browser setting "warn if change between secure and (B>non secure mode" checked. When I log into my application for the first (B>time, I get a browser alert message saying I am moving into secure (B>area. After this, any navigation within the application does not (B>display this alert message. But if a popup window is opened from this (B>page, I get two alert messages. One says I am moving out of secure area (B>and another saying I am moving into secure area. (B> (B>Is there a way to prevent these alert messages from coming up in popup (B>windows? (B> (B>Thanks (B>Anju (B> (B> (B>- (B>To unsubscribe, e-mail: [EMAIL PROTECTED] (B>For additional commands, e-mail: [EMAIL PROTECTED] (B> (B (B_ (BIs your PC infected? Get a FREE online computer virus scan from McAfee$B%g(B (BSecurity. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 (B (B (B- (BTo unsubscribe, e-mail: [EMAIL PROTECTED] (BFor additional commands, e-mail: [EMAIL PROTECTED] (B (B (B- (BTo unsubscribe, e-mail: [EMAIL PROTECTED] (BFor additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Help
That sounds like a browser specific issues, and they should have settings to turn warning off. On your end I think you should move the non-secure content in the pop up from outside of servlet/* to your secure area. Hope that helps Mr. Ariel S. Valentin mailto:[EMAIL PROTECTED] From: "Anju Murthy" <[EMAIL PROTECTED]> Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: SSL Help Date: Mon, 5 Jul 2004 10:22:56 +0530 Hi, I have configured my application to run over SSL. I am forcing all requests to route to https using the following code in web.xml LoginServlet /servlet/* POST GET * CONFIDENTIAL I have my internet browser setting "warn if change between secure and non secure mode" checked. When I log into my application for the first time, I get a browser alert message saying I am moving into secure area. After this, any navigation within the application does not display this alert message. But if a popup window is opened from this page, I get two alert messages. One says I am moving out of secure area and another saying I am moving into secure area. Is there a way to prevent these alert messages from coming up in popup windows? Thanks Anju - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Help
Hi All, After server months of development we are ready to implement security part of the system and are very confused on how to go about it and hopefully someone in this mailing list has tackled this issue successfully. ... Our systems are: Linux Red Hat 6.2 Apache 1.12.? - Compiled/Built in our environment Tomcat 3.2.1 - Compiled/Built in our environment JDK 1.2.2 Oracle 8.1.6 As far as we understand you can apply SSL at: 1) OS level with a product like OpenSSL 2) Application Level with Sun's JSSE 1.0.2 Our main concern is performance, then portability of code between different systems. Performance Do you get better system performance by applying SSL at the OS or at an application layer ? I would think at the OS level as the Security Software will be written in a language like C making it very fast as it will be native to the process used the target machine. Code IF you decided to use JSSE 1.0.2 implementation of SSL what impact will it have when you port your code to a system that implements SSL at the OS level ? If SSL Code is introduced correctly into the Framework then the impact will be minimal between system implementations as it only should involve rippling out a base class. As mentioned performance is a very important issue and having several layers of security from the firewall against the web server to the firewall against the database to security sitting at the socket level encrypting and decrypting everything that comes in its path not to mention getting Java to do its magic through the interpreted bytecode! At this stage in our development cycle we have a very superficial understanding of the impact and possible solutions when it comes to successfully implementing security and welcome any advise in this area. Regards, George - Original Message - From: "John Golubenko" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 06, 2001 3:14 AM Subject: RE: SSL Help > Hello, > > I have configured with OpenSSL (to Tomcat directly), made a key, etc. Now > I can have a secure connections to my server, but browsers complains that > my > certificate isn't good, not signed, not knows, etc. Seems that browsers > have to problems with Verisign or RSA (?) certificates, which cost > 600-1000 dollars > per each one. I'm don't have those kind of money to spend. So, how do I > get my certificate, so the browser wouldn't ask to install it, or > approval from the user. > > Thank you, > John. > > > > >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< > > On 2/5/01, 4:59:46 AM, "Coetmeur, Alain" > <[EMAIL PROTECTED]> wrote regarding RE: SSL Help: > > > > browse the archive those recent days/weeks > > > the secret are: > > > it is advised to use apache with openssl (mod_ssl or apache+ssl) > > as the SSL processor and just configure it > > to delegate servlet and JSP to tomcat... > > look at http://www.modssl.org/ > > or http://www.apache-ssl.org/ > > for explanations, install doc, binaries, advices... > > > anyway you can make tomcat able to serve SSL directly. > > install JSSE from SUN as documented > > (detail in some of my former messages here) > > this include putting the.jar in a lib or lib/ext directory > > as explaine, and twickle some security.properties > > > create private key in the java keystore, produce a > > certificate (externaly or auto-certifies) with > CN=the.dns.name.of.my.tomcat > > and add the certificate to the java keystore... > > > modify the server.xml as explained > > in come comments... (I've send here a working server.xml) > > > add some options in TOMCAT_OPTS (in tomcat.bat) so that URL Factory > > supports SSL, and JSSE can find the truststore... > > set TOMCAT_OPTS=%TOMCAT_OPTS% > > -Djavax.net.ssl.trustStore="%TOMCAT_HOME%/../openssl/maui/cacerts" > > -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol > > > may the force be with you. > > you can do it! > > this can work, I've tested ! > > > > -Message d'origine- > > > De: venkatesan [mailto:[EMAIL PROTECTED]] > > > Date: lundi 5 février 2001 12:50 > > > À: [EMAIL PROTECTED] > > > Objet: SSL Help > > > > > > > > > Hi All, > > > I am developing web applications using servlets, > > > Rmi, Sql-server and > > > Tomcat in Apache web server under Linux platform. I would > > > like to use SSL. Can > > > any body tell that where can i get SSL for tomcat. How can i > > > do it using > >
RE: SSL Help
Take a look at www.modssl.org. There is allready done RPM for Redhat On ne peut résoudre les problèmes les plus graves avec le même esprit qui les a crées. -- Albert Einstein >-Original Message- >From: John Golubenko [mailto:[EMAIL PROTECTED]] >Sent: Monday, February 05, 2001 5:17 PM >To: [EMAIL PROTECTED] >Subject: Re: SSL Help > > >Look on OpenSSL.org or Apache-SSL.org, or do search for SSL on >apache.org >web server. > >>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< > >On 2/5/01, 3:49:47 AM, venkatesan <[EMAIL PROTECTED]> >wrote regarding >SSL Help: > > >> Hi All, >> I am developing web applications using servlets, >Rmi, Sql-server >and >> Tomcat in Apache web server under Linux platform. I would >like to use >SSL. Can >> any body tell that where can i get SSL for tomcat. How can i >do it using >> Tomcat.. >> Thanks in advance... > >> cheers >> Venkateh > > > >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, email: [EMAIL PROTECTED] > >NOTICE: This communication may contain confidential or other >privileged information. If you are not the intended >recipient, or believe that you have received this >communication in error, please do not print, copy, retransmit, >disseminate, or otherwise use the information. Also, please >indicate to the sender that you have received this email in >error, and delete the copy you received. Any communication >that does not relate to official Columbia business is that of >the sender and is neither given nor endorsed by Columbia. Thank you. > > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, email: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: SSL Help
Look on OpenSSL.org or Apache-SSL.org, or do search for SSL on apache.org web server. >> Original Message << On 2/5/01, 3:49:47 AM, venkatesan <[EMAIL PROTECTED]> wrote regarding SSL Help: > Hi All, > I am developing web applications using servlets, Rmi, Sql-server and > Tomcat in Apache web server under Linux platform. I would like to use SSL. Can > any body tell that where can i get SSL for tomcat. How can i do it using > Tomcat.. > Thanks in advance... > cheers > Venkateh > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] NOTICE: This communication may contain confidential or other privileged information. If you are not the intended recipient, or believe that you have received this communication in error, please do not print, copy, retransmit, disseminate, or otherwise use the information. Also, please indicate to the sender that you have received this email in error, and delete the copy you received. Any communication that does not relate to official Columbia business is that of the sender and is neither given nor endorsed by Columbia. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: SSL Help
Hello, I have configured with OpenSSL (to Tomcat directly), made a key, etc. Now I can have a secure connections to my server, but browsers complains that my certificate isn't good, not signed, not knows, etc. Seems that browsers have to problems with Verisign or RSA (?) certificates, which cost 600-1000 dollars per each one. I'm don't have those kind of money to spend. So, how do I get my certificate, so the browser wouldn't ask to install it, or approval from the user. Thank you, John. >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 2/5/01, 4:59:46 AM, "Coetmeur, Alain" <[EMAIL PROTECTED]> wrote regarding RE: SSL Help: > browse the archive those recent days/weeks > the secret are: > it is advised to use apache with openssl (mod_ssl or apache+ssl) > as the SSL processor and just configure it > to delegate servlet and JSP to tomcat... > look at http://www.modssl.org/ > or http://www.apache-ssl.org/ > for explanations, install doc, binaries, advices... > anyway you can make tomcat able to serve SSL directly. > install JSSE from SUN as documented > (detail in some of my former messages here) > this include putting the.jar in a lib or lib/ext directory > as explaine, and twickle some security.properties > create private key in the java keystore, produce a > certificate (externaly or auto-certifies) with CN=the.dns.name.of.my.tomcat > and add the certificate to the java keystore... > modify the server.xml as explained > in come comments... (I've send here a working server.xml) > add some options in TOMCAT_OPTS (in tomcat.bat) so that URL Factory > supports SSL, and JSSE can find the truststore... > set TOMCAT_OPTS=%TOMCAT_OPTS% > -Djavax.net.ssl.trustStore="%TOMCAT_HOME%/../openssl/maui/cacerts" > -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol > may the force be with you. > you can do it! > this can work, I've tested ! > > -Message d'origine- > > De: venkatesan [mailto:[EMAIL PROTECTED]] > > Date: lundi 5 février 2001 12:50 > > À: [EMAIL PROTECTED] > > Objet: SSL Help > > > > > > Hi All, > > I am developing web applications using servlets, > > Rmi, Sql-server and > > Tomcat in Apache web server under Linux platform. I would > > like to use SSL. Can > > any body tell that where can i get SSL for tomcat. How can i > > do it using > > Tomcat.. > > Thanks in advance... > > > > cheers > > Venkateh > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, email: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] NOTICE: This communication may contain confidential or other privileged information. If you are not the intended recipient, or believe that you have received this communication in error, please do not print, copy, retransmit, disseminate, or otherwise use the information. Also, please indicate to the sender that you have received this email in error, and delete the copy you received. Any communication that does not relate to official Columbia business is that of the sender and is neither given nor endorsed by Columbia. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: SSL Help
browse the archive those recent days/weeks the secret are: it is advised to use apache with openssl (mod_ssl or apache+ssl) as the SSL processor and just configure it to delegate servlet and JSP to tomcat... look at http://www.modssl.org/ or http://www.apache-ssl.org/ for explanations, install doc, binaries, advices... anyway you can make tomcat able to serve SSL directly. install JSSE from SUN as documented (detail in some of my former messages here) this include putting the.jar in a lib or lib/ext directory as explaine, and twickle some security.properties create private key in the java keystore, produce a certificate (externaly or auto-certifies) with CN=the.dns.name.of.my.tomcat and add the certificate to the java keystore... modify the server.xml as explained in come comments... (I've send here a working server.xml) add some options in TOMCAT_OPTS (in tomcat.bat) so that URL Factory supports SSL, and JSSE can find the truststore... set TOMCAT_OPTS=%TOMCAT_OPTS% -Djavax.net.ssl.trustStore="%TOMCAT_HOME%/../openssl/maui/cacerts" -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol may the force be with you. you can do it! this can work, I've tested ! > -Message d'origine- > De: venkatesan [mailto:[EMAIL PROTECTED]] > Date: lundi 5 février 2001 12:50 > À: [EMAIL PROTECTED] > Objet: SSL Help > > > Hi All, > I am developing web applications using servlets, > Rmi, Sql-server and > Tomcat in Apache web server under Linux platform. I would > like to use SSL. Can > any body tell that where can i get SSL for tomcat. How can i > do it using > Tomcat.. > Thanks in advance... > > cheers > Venkateh > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: SSL help..
On this question: Am I right in thinking that you only need to do special SSL config in tomcat when not connected to a webserver (i.e. port 8080). -Original Message- From: Trevor Little [mailto:[EMAIL PROTECTED]] Sent: 24 October 2000 14:11 To: [EMAIL PROTECTED] Subject: Re: SSL help.. Read server.xml in the conf/ directory. It explains how to do it. [EMAIL PROTECTED] wrote: > > Hi all, >Just I downloaded Tomcat3.2. Could any one help me, how to configure SSL and where can I get jsse.jar. Is any other jar files are required to add in classpath. > Any help would be gratly appreciated. > > Thanks, > nell > > ___ > CoolEmail -- Now you're talking. > Get Free Email-By-Phone Today. > http://www.CoolEmail.com
Re: SSL help..
Read server.xml in the conf/ directory. It explains how to do it. [EMAIL PROTECTED] wrote: > > Hi all, >Just I downloaded Tomcat3.2. Could any one help me, how to configure SSL and >where can I get jsse.jar. Is any other jar files are required to add in classpath. > Any help would be gratly appreciated. > > Thanks, > nell > > ___ > CoolEmail -- Now you're talking. > Get Free Email-By-Phone Today. > http://www.CoolEmail.com