RE: SSL config
I figured it out after all. The documentation was a little misleading that's all. Warron French Sr. Network Engineer Xtria, LLC 8045 Leesburg Pike #400 Vienna, VA 22182 Desk: 703-821-6110 Main: 703-821-6000 Fax: 703-827-0374 -Original Message- From: Warron French Sent: Wednesday, February 16, 2005 6:26 PM To: User Tomcat (E-mail) Subject: SSL config Somehow I have an Apache-2.0.40 server running in conjunction with Jboss-3.2.5. I don't know anything about JBoss really, but it appears that JBoss is doing the securing of the socket layer (SSL stuff) for this website. There is not reference to 443 or SSLCertificate or the like in my httpd.conf file anywhere, but the site is secured. I do a netstat -anp find that 0.0.0.0:443 is being used with a pid value of 7399/java. That pid value comes from the /usr/local/j2sdk1.4.1_04/bin/java (with lots of arguments) in the response to my ps -ef | grep 7399. Can someone tell me where I would find the certificate for this website since it is apparently not in an apache directory? I need to renew it soon, and I am also not an SSL expert. If I can FIND the certificate I can take care of it from there because the documentation seems straightforward. Thanks, Warron French Sr. Network Engineer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL config
Somehow I have an Apache-2.0.40 server running in conjunction with Jboss-3.2.5. I don't know anything about JBoss really, but it appears that JBoss is doing the securing of the socket layer (SSL stuff) for this website. There is not reference to 443 or SSLCertificate or the like in my httpd.conf file anywhere, but the site is secured. I do a netstat -anp find that 0.0.0.0:443 is being used with a pid value of 7399/java. That pid value comes from the /usr/local/j2sdk1.4.1_04/bin/java (with lots of arguments) in the response to my ps -ef | grep 7399. Can someone tell me where I would find the certificate for this website since it is apparently not in an apache directory? I need to renew it soon, and I am also not an SSL expert. If I can FIND the certificate I can take care of it from there because the documentation seems straightforward. Thanks, Warron French Sr. Network Engineer
Re: Tomcat 5.X SSL config
You haven't specified a Trust Store, so you only get to choose a few cert issuers (e.g. Verisign, Thawte) for your client cert. POLO ARAUJO, JAVIER [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi! I have a problem when triying to configure Tomcat 5.X (under windows XP) to handle SSL and digital certificate. I have a server certificate (it's valid), so I just import it to my keystore and follow the instructions to modify the file server.xml (just change the keystoreFile, keystorePass and clientAuth). The problem is that, when I access to http://localhost:8443, the box where I can choose my client certificate pops up empty (I have a valid client certificate in my browser) so I can't choose my client browser. First, I though it was a browser's config problem but using mozilla happends the same thing. The most curious thing is that, with the same keystore and using other app-server (Oracle's OC4J) it works fine (I can choose my client certificate), so I think it's a Tomcat problem, but I don't know what! Thanks a lot, Javier Polo. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.X SSL config
Hi! I have a problem when triying to configure Tomcat 5.X (under windows XP) to handle SSL and digital certificate. I have a server certificate (it's valid), so I just import it to my keystore and follow the instructions to modify the file server.xml (just change the keystoreFile, keystorePass and clientAuth). The problem is that, when I access to http://localhost:8443, the box where I can choose my client certificate pops up empty (I have a valid client certificate in my browser) so I can't choose my client browser. First, I though it was a browser's config problem but using mozilla happends the same thing. The most curious thing is that, with the same keystore and using other app-server (Oracle's OC4J) it works fine (I can choose my client certificate), so I think it's a Tomcat problem, but I don't know what! Thanks a lot, Javier Polo.
RE: Tomcat 5.X SSL config
HI, i similar the same problem, I whant to setup server based ssl auth, but when i try to configure vew the webgui the hhtps conntector, tomcat will not start anymore. Can cou give me your server.xml file, so ican compair eit whith my one ? -Original Message- From: POLO ARAUJO, JAVIER [mailto:[EMAIL PROTECTED] Sent: Freitag, 30. Juli 2004 10:26 To: [EMAIL PROTECTED] Subject: Tomcat 5.X SSL config Hi! I have a problem when triying to configure Tomcat 5.X (under windows XP) to handle SSL and digital certificate. I have a server certificate (it's valid), so I just import it to my keystore and follow the instructions to modify the file server.xml (just change the keystoreFile, keystorePass and clientAuth). The problem is that, when I access to http://localhost:8443, the box where I can choose my client certificate pops up empty (I have a valid client certificate in my browser) so I can't choose my client browser. First, I though it was a browser's config problem but using mozilla happends the same thing. The most curious thing is that, with the same keystore and using other app-server (Oracle's OC4J) it works fine (I can choose my client certificate), so I think it's a Tomcat problem, but I don't know what! Thanks a lot, Javier Polo. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.X SSL config
Hello! Of course, here you are. If you can find the problem, please tell me. Regards, Javier Polo. - !-- Example Server Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN debug=0 !-- Comment these entries out to disable JMX MBeans support -- !-- You may also configure custom components (e.g. Valves/Realms) by including your own mbean-descriptor file(s), and setting the descriptors attribute to point to a ';' seperated list of paths (in the ClassLoader sense) of files to add to the default list. e.g. descriptors=/com/myfirm/mypackage/mbean-descriptor.xml -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. By default, a non-SSL HTTP/1.1 Connector is established on port 8080. You can also enable an SSL HTTP/1.1 Connector on port 8443 by following the instructions below and uncommenting the second Connector entry. SSL support requires the following steps (see the SSL Config HOWTO in the Tomcat 5 documentation bundle for more detailed instructions): * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or later, and put the JAR files into $JAVA_HOME/jre/lib/ext. * Execute: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) with a password value of changeit for both the certificate and the keystore itself. By default, DNS lookups are enabled when a web application calls request.getRemoteHost(). This can have an adverse impact on performance, so you can disable it by setting the enableLookups attribute to false. When DNS lookups are disabled, request.getRemoteHost() will return the String version of the IP address of the remote client. -- !-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified during installation -- Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Note : To use gzip compression you could set the following properties : compression=on compressionMinSize=2048 noCompressionUserAgents=gozilla, traviata compressableMimeType=text/html,text/xml -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 keystoreFile=d:\tmp\cert\pc244735.key keystorePass=desarrollo
SSL Config Issue
Hi, I did the SSL configuration with Tomcat Successfully. I saw the opening page when I entered the URL https://localhost:8443. But when I ran my application I ran into an exception org.apache.jasper.JasperException: Framework binding failed. 1. I counter the same problem when I run my application on 8080 with http (after I configured SSL) 2. But my application works perfectly fine (with http and 8080) if I disable the SSL configuration.(set the server.xml back to the default). Please assist me on how o get around with this problem. Thank you, Pradeep __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL Config on Tomcat (Error)
Hi Experts: I want to Configure my TOMCAT for SSL and was reading the SSL Config How-To posted at http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File; I made all the changes as was mentioned above and when excute Catalina I get following error--- - # ./catalina.sh run Using CATALINA_BASE: /tom Using CATALINA_HOME: /tom Using CATALINA_TMPDIR: /tom/temp Using JAVA_HOME: /usr/java130 Starting service Tomcat-Standalone Apache Tomcat/4.0.4 Error unable to create jar cache in /tmp directory : java.util.zip.ZipException: error in opening zip file Error unable to create jar cache in /tmp directory : java.util.zip.ZipException: error in opening zip file Starting service Tomcat-Apache Apache Tomcat/4.0.4 StandardServer.await: create[8005]: java.net.BindException: The socket name is already in use. java.net.BindException: The socket name is already in use. at java.net.PlainSocketImpl.socketBind(Native Method) at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:414) at java.net.ServerSocket.init(ServerSocket.java:182) at org.apache.catalina.core.StandardServer.await(StandardServer.java:277) at org.apache.catalina.startup.Catalina.start(Catalina.java:794) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) - Thanks! _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
RE: SSL Config on Tomcat (Error)
first, please don't send messages to the list with the list-address in bcc (this breaks filtering in most email-clients). The error message you got indicates that there is already a service listening on that port. Please send your server.xml for further investigation and try to figure out what listens on which port and if you have other software running (like apache) that might listen to a port specified in your server.xml. Peter -Original Message- From: Manoj Kithany [mailto:manojkithany108;hotmail.com] Sent: Wednesday, November 13, 2002 5:23 PM To: [EMAIL PROTECTED] Subject: SSL Config on Tomcat (Error) Hi Experts: I want to Configure my TOMCAT for SSL and was reading the SSL Config How-To posted at http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.htm l#Edit%20the%20Tomcat%20Configuration%20File I made all the changes as was mentioned above and when excute Catalina I get following error--- -- --- # ./catalina.sh run Using CATALINA_BASE: /tom Using CATALINA_HOME: /tom Using CATALINA_TMPDIR: /tom/temp Using JAVA_HOME: /usr/java130 Starting service Tomcat-Standalone Apache Tomcat/4.0.4 Error unable to create jar cache in /tmp directory : java.util.zip.ZipException: error in opening zip file Error unable to create jar cache in /tmp directory : java.util.zip.ZipException: error in opening zip file Starting service Tomcat-Apache Apache Tomcat/4.0.4 StandardServer.await: create[8005]: java.net.BindException: The socket name is already in use. java.net.BindException: The socket name is already in use. at java.net.PlainSocketImpl.socketBind(Native Method) at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:414) at java.net.ServerSocket.init(ServerSocket.java:182) at org.apache.catalina.core.StandardServer.await(StandardServer.java:277) at org.apache.catalina.startup.Catalina.start(Catalina.java:794) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) -- --- Thanks! _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
SSL Config on Tomcat (Error)
Hi: Here is the transcripts of my SERVER.XML file: --- Server port=8005 shutdown=SHUTDOWN debug=0 Service name=Tomcat-Standalone !-- Connector className=org.apache.catalina.connector.http.HttpConnector port=8080 minProcessors=5 maxProcessors=75enableLookups=true redirectPort=8443acceptCount=10 debug=0 connectionTimeout=6/ -- Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS keystorePass=kithany108/ /Connector /Service Service name=Tomcat-Apache Connector className=org.apache.catalina.connector.warp.WarpConnector port=8008 minProcessors=5 maxProcessors=75 enableLookups=true appBase=webapps acceptCount=10 debug=0/ !-- Replace localhost with what your Apache ServerName is set to -- Engine className=org.apache.catalina.connector.warp.WarpEngine name=Apache debug=0 !-- Global logger unless overridden at lower levels -- Logger className=org.apache.catalina.logger.FileLogger prefix=apache_log. suffix=.txt timestamp=true/ /Engine /Service /Server --- -Original Message- From: Peter Romianowski [mailto:megapero;gmx.de] Sent: Wednesday, November 13, 2002 11:53 AM To: 'Tomcat Users List' Subject: RE: SSL Config on Tomcat (Error) The error message you got indicates that there is already a service listening on that port. Please send your server.xml for further investigation and try to figure out what listens on which port and if you have other software running (like apache) that might listen to a port specified in your server.xml. Peter -Original Message- From: Manoj Kithany [mailto:manojkithany108;hotmail.com] Sent: Wednesday, November 13, 2002 5:23 PM To: [EMAIL PROTECTED] Subject: SSL Config on Tomcat (Error) Hi Experts: I want to Configure my TOMCAT for SSL and was reading the SSL Config How-To posted at http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.htm l#Edit%20the%20Tomcat%20Configuration%20File I made all the changes as was mentioned above and when excute Catalina I get following error--- -- --- # ./catalina.sh run Using CATALINA_BASE: /tom Using CATALINA_HOME: /tom Using CATALINA_TMPDIR: /tom/temp Using JAVA_HOME: /usr/java130 Starting service Tomcat-Standalone Apache Tomcat/4.0.4 Error unable to create jar cache in /tmp directory : java.util.zip.ZipException: error in opening zip file Error unable to create jar cache in /tmp directory : java.util.zip.ZipException: error in opening zip file Starting service Tomcat-Apache Apache Tomcat/4.0.4 StandardServer.await: create[8005]: java.net.BindException: The socket name is already in use. java.net.BindException: The socket name is already in use. at java.net.PlainSocketImpl.socketBind(Native Method) at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:414) at java.net.ServerSocket.init(ServerSocket.java:182) at org.apache.catalina.core.StandardServer.await(StandardServer.java:277) at org.apache.catalina.startup.Catalina.start(Catalina.java:794) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) -- --- Thanks! _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
ssl config question
Hi All, I'm relatively new to administering Tomcat. I'm trying to get my application to work over SSL. I've uncommented all the appropriate connectors, created a key using keytool. However, I still can't get to my application over port 443 or 8443. Am I missing something? Thanks in advance for your help. Steve -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: ssl config question
Please be more specific. Error messages? Anything in the log files? What happens, exactly, when you try to access your application? John Turner [EMAIL PROTECTED] -Original Message- From: Steven Garrett [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:31 PM To: 'Tomcat Users List' Subject: ssl config question Hi All, I'm relatively new to administering Tomcat. I'm trying to get my application to work over SSL. I've uncommented all the appropriate connectors, created a key using keytool. However, I still can't get to my application over port 443 or 8443. Am I missing something? Thanks in advance for your help. Steve -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: ssl config question
Sorry, I'm using IE version 6.0 All it's saying is my page can't be displayed. And there isn't anything significant in the log files, as far as I can tell. Is there a way to start Tomcat with more verbose logging? All it says is starting background thread. I hope this is more helpful, although I'm sure it isn't. thanks, Steve -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:33 PM To: 'Tomcat Users List' Subject: RE: ssl config question Please be more specific. Error messages? Anything in the log files? What happens, exactly, when you try to access your application? John Turner [EMAIL PROTECTED] -Original Message- From: Steven Garrett [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:31 PM To: 'Tomcat Users List' Subject: ssl config question Hi All, I'm relatively new to administering Tomcat. I'm trying to get my application to work over SSL. I've uncommented all the appropriate connectors, created a key using keytool. However, I still can't get to my application over port 443 or 8443. Am I missing something? Thanks in advance for your help. Steve -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: ssl config question
Well, you definitely won't find your application on 443, unless you are running Tomcat as root (ok for development, I guess, but not wise for development). Applications need root to bind to ports under 1024. So, that leaves 8443. Just for confirmation's sake, did you follow the SSL HOWTO? Did you install JSSE? The HOWTO is here: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html For logging, you can add debug to your Context/Engine/Host container in server.xml and give it a high number like 10. The default is 0, as described here: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html John -Original Message- From: Steven Garrett [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:38 PM To: 'Tomcat Users List' Subject: RE: ssl config question Sorry, I'm using IE version 6.0 All it's saying is my page can't be displayed. And there isn't anything significant in the log files, as far as I can tell. Is there a way to start Tomcat with more verbose logging? All it says is starting background thread. I hope this is more helpful, although I'm sure it isn't. thanks, Steve -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:33 PM To: 'Tomcat Users List' Subject: RE: ssl config question Please be more specific. Error messages? Anything in the log files? What happens, exactly, when you try to access your application? John Turner [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: ssl config question
Oops, that's a typo. It should say running Tomcat as root is unwise for production. :) That's what I get for trying to increase my Project Dolphin average! LOL John -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:46 PM To: 'Tomcat Users List' Subject: RE: ssl config question Well, you definitely won't find your application on 443, unless you are running Tomcat as root (ok for development, I guess, but not wise for development). Applications need root to bind to ports under 1024. So, that leaves 8443. Just for confirmation's sake, did you follow the SSL HOWTO? Did you install JSSE? The HOWTO is here: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html For logging, you can add debug to your Context/Engine/Host container in server.xml and give it a high number like 10. The default is 0, as described here: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html John -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: ssl config question
Yes, I did install jsse and I did follow the directions on the tomcat homepage for configuring ssl. I'll turn the logging on and see what comes of it...I'll be back :) Steve -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:49 PM To: 'Tomcat Users List' Subject: RE: ssl config question Oops, that's a typo. It should say running Tomcat as root is unwise for production. :) That's what I get for trying to increase my Project Dolphin average! LOL John -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:46 PM To: 'Tomcat Users List' Subject: RE: ssl config question Well, you definitely won't find your application on 443, unless you are running Tomcat as root (ok for development, I guess, but not wise for development). Applications need root to bind to ports under 1024. So, that leaves 8443. Just for confirmation's sake, did you follow the SSL HOWTO? Did you install JSSE? The HOWTO is here: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html For logging, you can add debug to your Context/Engine/Host container in server.xml and give it a high number like 10. The default is 0, as described here: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html John -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: ssl config question
ok, so this is what I see in the logs. It looks to me like the app gets loaded but can't accept requests. Is this a fair assessment or am I totally wrong (which is the more likely case). All suggestions/help are appreciated. To recap the problem. I can see the application using port 8080, but cannot see the appliation over port 8443. I've installed jsse, and have followed the SSL config directions on the tomcat website. Thanks, Steve Localhost log 2002-09-03 14:46:34 invoker: init 2002-09-03 14:46:34 jsp: init 2002-09-03 14:46:35 StandardHost[localhost]: Installing web application at context path /pps from URL file:/usr/local/jakarta- tomcat-4.0.3/webapps/pps 2002-09-03 14:46:35 WebappLoader[/pps]: Deploying class repositories to work directory /usr/local/jakarta-tomcat-4.0.3/work/lo calhost/pps 2002-09-03 14:46:35 StandardManager[/pps]: Seeding random number generator class java.security.SecureRandom 2002-09-03 14:46:35 StandardManager[/pps]: Seeding of random number generator has been completed 2002-09-03 14:46:35 ContextConfig[/pps]: Added certificates - request attribute Valve 2002-09-03 14:46:35 StandardWrapper[/pps:default]: Loading container servlet default 2002-09-03 14:46:35 default: init 2002-09-03 14:46:35 StandardWrapper[/pps:invoker]: Loading container servlet invoker 2002-09-03 14:46:35 invoker: init 2002-09-03 14:46:35 jsp: init From Catalina_log.2002-09-03.txt 2002-09-03 15:20:20 HttpProcessor[8443][4] An incoming request is being assigned 2002-09-03 15:20:20 HttpProcessor[8443][4] The incoming request has been awaited 2002-09-03 15:20:20 HttpProcessor[8443][4] parseConnection: address=/64.24.66.53, port=8443 2002-09-03 15:20:28 HttpProcessor[8443][4] An incoming request is being assigned 2002-09-03 15:20:28 HttpProcessor[8443][4] The incoming request has been awaited 2002-09-03 15:20:28 HttpProcessor[8443][4] parseConnection: address=/64.24.66.53, port=8443 2002-09-03 15:20:29 HttpProcessor[8443][4] An incoming request is being assigned 2002-09-03 15:20:29 HttpProcessor[8443][4] The incoming request has been awaited 2002-09-03 15:20:29 HttpProcessor[8443][4] parseConnection: address=/64.24.66.53, port=8443 2002-09-03 15:20:31 HttpProcessor[8443][4] An incoming request is being assigned 2002-09-03 15:20:31 HttpProcessor[8443][4] The incoming request has been awaited 2002-09-03 15:20:31 HttpProcessor[8443][4] parseConnection: address=/64.24.66.53, port=8443 2002-09-03 15:20:32 HttpProcessor[8443][4] An incoming request is being assigned 2002-09-03 15:20:32 HttpProcessor[8443][4] The incoming request has been awaited 2002-09-03 15:20:32 HttpProcessor[8443][4] parseConnection: address=/64.24.66.53, port=8443 2002-09-03 15:21:30 HttpProcessor[8443][4] An incoming request is being assigned 2002-09-03 15:21:30 HttpProcessor[8443][4] The incoming request has been awaited 2002-09-03 15:21:30 HttpProcessor[8443][4] parseConnection: address=/64.24.66.53, port=8443 2002-09-03 15:21:31 HttpProcessor[8443][4] An incoming request is being assigned 2002-09-03 15:21:31 HttpProcessor[8443][4] The incoming request has been awaited 2002-09-03 15:21:31 HttpProcessor[8443][4] parseConnection: address=/64.24.66.53, port=8443 -Original Message- From: Steven Garrett [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:52 PM To: 'Tomcat Users List' Subject: RE: ssl config question Yes, I did install jsse and I did follow the directions on the tomcat homepage for configuring ssl. I'll turn the logging on and see what comes of it...I'll be back :) Steve -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:49 PM To: 'Tomcat Users List' Subject: RE: ssl config question Oops, that's a typo. It should say running Tomcat as root is unwise for production. :) That's what I get for trying to increase my Project Dolphin average! LOL John -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 12:46 PM To: 'Tomcat Users List' Subject: RE: ssl config question Well, you definitely won't find your application on 443, unless you are running Tomcat as root (ok for development, I guess, but not wise for development). Applications need root to bind to ports under 1024. So, that leaves 8443. Just for confirmation's sake, did you follow the SSL HOWTO? Did you install JSSE? The HOWTO is here: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html For logging, you can add debug to your Context/Engine/Host container in server.xml and give it a high number like 10. The default is 0, as described here: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html John -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED
tomcat ssl config and apache
Do I need to configure anything on Tomcat for SSL if I already have SSL working on Apache and Apache works together with Tomcat. Why? Thanks, MIkhail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: tomcat ssl config and apache
On Wed, 7 Mar 2001, mikhail malamud wrote: Do I need to configure anything on Tomcat for SSL if I already have SSL working on Apache and Apache works together with Tomcat. Why? I don't believe so -- that's how I have it set up (i.e. Apache with SSL), and I didn't have to set anything extra up (i.e. to get Tomcat working with it). If you're using Tomcat standalone, I believe there are some extra steps involved (check the comments in the server.xml file). Milt Epstein Research Programmer Software/Systems Development Group Computing and Communications Services Office (CCSO) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: tomcat ssl config and apachey
On Wed, 7 Mar 2001, mikhail malamud wrote: Do I need to configure anything on Tomcat for SSL if I already have SSL working on Apache and Apache works together with Tomcat. Why? Thanks, MIkhail You do not only need, but you actually cannot configure SSL in Tomcat if your requests are handled by Apache. The SSL in Tomcat is only used when you use Tomcat as a web server. If you use Tomcat as a servlet/JSP container which talks to apache via mod_jk, you have to configure SSL in Apache. Things to remember is that if you want to serve your servlets/JSP ONLY via HTTPS you must incluse all the mod_jk context mounting stuff within the virtual host, e.g., VirtualHost _default_:443 Include /full/path/to/mod_jk.conf /VirtualHost in your httpd.conf, but you must comment out/delete the LoadModule jk_module libexec/mod_jk.so AddModule mod_jk.c within mod_jk.conf file and add them in the Load/Add/Module block at the beginning of your httpd.conf If you want to do HTTP and HTTPS with identical contexts, you just include your /full/path/to/mod_jk.conf in httpd.conf before the SSL virtural host, though it will also work if you include it at the very end of httpd.conf Jan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] Jan K. Labanowski|phone: 614-292-9279, FAX: 614-292-7168 Ohio Supercomputer Center|Internet: [EMAIL PROTECTED] 1224 Kinnear Rd, |http://www.ccl.net/chemistry.html Columbus, OH 43212-1163 |http://www.osc.edu/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: tomcat ssl config and apache
On 2001.03.07 21:36 mikhail malamud wrote: Do I need to configure anything on Tomcat for SSL if I already have SSL working on Apache and Apache works together with Tomcat. Why? There's very little you need to configure, actually. You will probably want to capture some of the SSL session variables that Apache uses. See http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/tomcat-ssl-howto.html#s3 for the full details. It's actually quite simple, just a couple of directives in the mod_jk.conf file. Note that you *must* use Ajp13 and mod_jk to be able to do this. -- Brett http://www.chapelperilous.net/~bmccoy/ Any stone in your boot always migrates against the pressure gradient to exactly the point of most pressure. -- Milt Barber - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]