FW: Pass env variables to application during deploy Tomcat 7
Never mind. Figured out that setenv.sh was the correct location. -John -Original Message- From: John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco) Sent: Friday, May 22, 2015 12:30 PM To: Tomcat Users List Subject: Pass env variables to application during deploy Tomcat 7 Hello, We need to pass on some environment variables to the application being deployed at the time it's being deployed in Tomcat 7. Where should that be done. Context.xml, server.xml, setenv.sh? Thank you -John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Pass env variables to application during deploy Tomcat 7
Hello, We need to pass on some environment variables to the application being deployed at the time it's being deployed in Tomcat 7. Where should that be done. Context.xml, server.xml, setenv.sh? Thank you -John
Re: Fwd: Fwd:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Yuval, On 5/22/15 9:54 AM, Yuval Schwartz wrote: > I wasn't aware that I can look at the actual classes but I wasn't > able to find a precompiled version of RealmBase for tomcat 8. You mean you didn't know you could look at the source code for Tomcat? It's open-source software, like like everything else at the Apache Software Foundation. Here's a link directly into the Subversion repository for the RealmBase code: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catali na/realm/RealmBase.java?view=markup You can also pull the whole source tree from Subversion, or download a source distribution: http://tomcat.apache.org/download-80.cgi#Source_Code_Distributions > The following is a link to the class of version 7 (which doesn't > include the CredentialHandler code): > http://grepcode.com/file/repository.springsource.com/org.apache.catali na/com.springsource.org.apache.catalina/7.0.26/org/apache/catalina/realm /RealmBase Looking > at Tomcat 7 won't help, as you said: the CredentialHandler code is not in there. > When I try to view this file from my netbeans IDE (which is the > correct version), I get the compiled version. Do you know how I can > view the file that's not compiled? See above. This is the beauty of open source software :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVX2SPAAoJEBzwKT+lPKRYxVAQAL4tp2cWv/xcVjEQ1BgnTAFT tlnBrBwVxRQvUsemByZ4DzGSQmkR6LFXFc0P95BLx7XBUB9AymGAL2CQdFevg3ah AUtwChNzu2Bfeu05fShHUNAGeJhArfxOpkYGtGX5VnD96XnyKCcTe2fME4vPm9hs 8VqsYr9bRLx0AhVmC2HgGan60DPGIjb/ZvFagS5nZDtj3/ZlYz+kkrN51POVcFXe EpWZi5lNBUNdeN1Dq+IbD9OqAkZJE/OjB2xdPPRGZfBeuXnzA97W2DrjCNTUpBHL wYsSxBoWjFVXtClZrn1Tkr1E72nWtKNu7mai7nou996c3oCvIZS92ev8SOIfb512 BduEhPYeGI4vcTOv+Vtn02TTCApFjqD+OAxWfKtkT+Moau4L63qOeEedWKs9byVp lRKep137+ljyBDZXd9scArIs5RLShZBybkTTgyBc6v6ZJFsQiIF5Z3ow3Ox8v3u4 w0gucKdiMEfQIorlmkCUgCUQDfzotammyaCg4O69N4dU7Okcla7Jpl1blv0YHCFf xnHVc0wXHQwRWdS+kJOsis8ScivXU5lYOS7vsRR3ZtKOadzE1rO4INHljpdK1G1T qySaZO0MH3k4BA3Gq1VIXpld2q7bWcEE8kaAiLl17LlBzSbGMSBik3uxl9PmF32N jjnMtokx3RX4oi1KaAD9 =18f6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: After applying self-signed certificate, server is up but cannot connect with browser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ori,
On 5/22/15 10:03 AM, Ori Raz wrote:
> Thank you Christopher for your reply.
>
> I always make a backup before changes :) luckily :)
>
> I reverted back and tried without deleting the entries and getting
> this:
>
> primeusr@sagi-vzadik-01 [~]# keytool -import -trustcacerts -alias
> tomcat -file
> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
>
>
- -keystore /opt/primecentral/install/utils/sslgen/prime.keystore
> Enter keystore password: keytool error: java.lang.Exception: Public
> keys in reply and keystore don't match primeusr@sagi-vzadik-01 [~]#
> keytool -import -trustcacerts -alias tomcat -file
> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
>
>
- -keystore /opt/primecentral/XMP_Platform/jre/lib/security/cacerts
> Enter keystore password: keytool error: java.lang.Exception:
> Certificate not imported, alias already exists
> primeusr@sagi-vzadik-01 [~]#
>
>
> Regarding the import you wrote - $ keytool -import -alias
> ${HOSTNAME} -file ${HOSTNAME}.crt -keystore${HOSTNAME}.jks
>
> Isnt that this one or am I missing something: keytool -importcert
> -file
> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
>
>
- -keystore /opt/primecentral/install/utils/sslgen/prime.keystore -alias
> tomcat
I'll have a look at that later when I have more time.
> as mentioned, catalina-.log is empty... I cannot see any
> other relevant logs (if you can point me to other log -please do :)
> )
>
>
> If I try to connect to ssl localy, then with the original
> certificate it workes, but with the new one - here is the output:
> primeusr@sagi-vzadik-01 [~]# openssl s_client -connect
> 10.56.57.65:8443 CONNECTED(0003) 4954:error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> failure:s23_clnt.c:583: primeusr@sagi-vzadik-01 [~]# openssl
> s_client -connect 127.0.0.1:8443 CONNECTED(0003)
> 5050:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
> alert handshake failure:s23_clnt.c:583:
Try using the -tls1 flag for s_client (or -tls1_1, ot -tls1_2), since
ssl3 is dead and the handshake won't even work anymore.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVX2O6AAoJEBzwKT+lPKRYVUMQAJPV95HUDJ/fQvd3u3O8CB4C
haz+SHu8MdU4Vi2qpJY0pjz2rr0p035Sk7llS2dO3ByinEkQuMPazWPW6e7Q0qpp
bBVwBI0k3GPII35AtEEc5r47EI9vkfDTci23qr+qVbt0V9HY6EWS3rARbHDGGK3X
Y8fSEXZuTFp0JCrVPf5ShuuxfVcC/BBrofOmCWGqerpaAiwdEWEBjujLg/dzv4H5
tFWhBQJSN7Bn8C0u+cYUaoCTy2UVD/0bWN7j6PPNb4ojAsI5grByv2akWbYedMRy
4j3yt68KmGZQVAFprzNN6yuWKfSFiMQCbUTJR8qis3M+Kig/3Ikk9n3g+5vh+hGM
2AD+aJCzhFWnOwecnInytNwUUz1SUs8unrg52XEaZQjQg1KRW/I6HwUfxQPlvTov
uIGDhZlvHom//SGNpO0bsII4n3z+okJPg+y26NksoevAQ/sOlXBOoi+CIgvr7Kvp
QYOmJmN3wKH0ae7IEFRlE7cOjz6cadbC6Go3yxOfsv64jsGu56lSH4IwThL3Bz24
YtN6GeSJne223nMJ/kJykDmU5xspcq8BnhwvG+3UVKt9GVTv83xF1FaMZHAh934G
j56cugNRHOIYeT46IcsyzLeYRrDZEVr4CHXiz9OwoPwOthPlobUHvagtsA669/ja
R3LXaV99hAp7Aj0IsPpF
=KyJc
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: After applying self-signed certificate, server is up but cannot connect with browser
Thank you Christopher for your reply.
I always make a backup before changes :) luckily :)
I reverted back and tried without deleting the entries and getting this:
primeusr@sagi-vzadik-01 [~]# keytool -import -trustcacerts -alias tomcat
-file /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
-keystore /opt/primecentral/install/utils/sslgen/prime.keystore
Enter keystore password:
keytool error: java.lang.Exception: Public keys in reply and keystore don't
match
primeusr@sagi-vzadik-01 [~]# keytool -import -trustcacerts -alias tomcat
-file /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
-keystore /opt/primecentral/XMP_Platform/jre/lib/security/cacerts
Enter keystore password:
keytool error: java.lang.Exception: Certificate not imported, alias
already exists
primeusr@sagi-vzadik-01 [~]#
Regarding the import you wrote -
$ keytool -import -alias ${HOSTNAME} -file ${HOSTNAME}.crt
-keystore${HOSTNAME}.jks
Isnt that this one or am I missing something:
keytool -importcert -file
/opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
-keystore /opt/primecentral/install/utils/sslgen/prime.keystore -alias
tomcat
as mentioned, catalina-.log is empty... I cannot see any other
relevant logs (if you can point me to other log -please do :) )
If I try to connect to ssl localy, then with the original certificate it
workes, but with the new one - here is the output:
primeusr@sagi-vzadik-01 [~]# openssl s_client -connect 10.56.57.65:8443
CONNECTED(0003)
4954:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:583:
primeusr@sagi-vzadik-01 [~]# openssl s_client -connect 127.0.0.1:8443
CONNECTED(0003)
5050:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:583:
Thanks,
Barc
On Fri, May 22, 2015 at 3:17 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Ori,
>
> On 5/22/15 8:18 AM, Ori Raz wrote:
> > We got an application based on tomcat 7.0.23 and all working fine.
> >
> > We are trying to apply our self-signed certificate and encountering
> > some problems.
> >
> > I hope that the procedure I did is correct :)
> >
> > This is the procedure we followed:
> >
> > 1. copy the certificate file under this location:
> > /opt/primecentral/install/utils/sslgen/vlg-cipr-pcpil1.megafon.ru.cer
> >
> > 2. remove existing entries: keytool -delete -alias tomcat
> > -keystore /opt/primecentral/install/utils/sslgen/prime.keystore
> > keytool -delete -alias tomcat -keystore
> > /opt/primecentral/XMP_Platform/jre/lib/security/cacerts
>
> It's not necessary to remove the existing certs. If you load the
> CA-signed certificate into your keystore (making sure to use the
> original alias, if any), it should update the certificate.
>
> Also, you need to first import the CA's root and intermediate
> certificates, first, like this:
>
> $ keytool -import -alias [Authority.CA] -trustcacerts -file
> [authority's CA cert] -keystore ${HOSTNAME}.jks
> $ keytool -import -alias [Authority.intermediate] -trustcacerts -file
> [authority's intermediate cert] -keystore ${HOSTNAME}.jks
> $ keytool -import -alias ${HOSTNAME} -file ${HOSTNAME}.crt -keystore
> ${HOSTNAME}.jks
>
> (That last one is your signed certificate, returned from the CA).
>
> If, as you did your "delete", you managed to delete your server's key,
> then your keystore is worthless. I hope you had a backup, because
> without the server key, the certificate is worthless and you have to
> re-start the entire process.
>
> > After the restart of tomcat, I get the message that server started
> > and catalina is empty (normal as there is no error...) hence all
> > looks good.
> >
> > I can also see that tomcat process is up and port is listening: tcp
> > 0 0 0.0.0.0:84430.0.0.0:* LISTEN
> > 18724/java
> >
> > But, when trying to open browser to the server, then I get "This
> > page cannot be displayed".
> >
> > I cannot locate any errors/exception in the server side.
> >
> > Can anyone please assist? we are in a dead end :)
>
> If there is a problem loading the certificate, Tomcat should emit an
> error message. Please check all log files, not just catalina.out
> (although it should have the error in there).
>
> Can you connect to the server using openssl?
>
> $ openssl s_client -connect 10.56.57.65:8443
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJVXyxNAAoJEBzwKT+lPKRYHdAQAI3/LTLtOwfX28SJQgD1gu74
> F0HTS2Rjo7vdtITvMxEulCqj2kES97qTH6TnpG3Qo99r8SWELHV2bC79pb6ic0e+
> /YvXngt3MPwXOaf9jWqeDFWLcjW0VV53FcEfbo71j4JZd01hSjb7+v+Kml5mCH0m
> X0Av31oigj2vJuEmbgty2hkukLyPHTzDIHnP6oS8gfIMsc4lNveDRng5yLF1tZ+M
> dRi5CWWdWibZoBpMZT1QjrWUI9Z/MhsKcr0pn/FWcJfLEQUwJJqPejV8MiuPf2a8
> rF+QSn5JSJtGHo9dgjdNFs/skOeF1LTZHalqun1eLIKYLJXKhvfhTvl+mXD6ITHB
> K6cJ1f83L5/8HilqpBZUdUdVETUxBb9/fXe0sYM4vHoqD49Si4DaCvggiq
Re: Fwd: Fwd:
Thanks again Chris,
I wasn't aware that I can look at the actual classes but I wasn't able to
find a precompiled version of RealmBase for tomcat 8.
The following is a link to the class of version 7 (which doesn't include
the CredentialHandler code):
http://grepcode.com/file/repository.springsource.com/org.apache.catalina/com.springsource.org.apache.catalina/7.0.26/org/apache/catalina/realm/RealmBase
When I try to view this file from my netbeans IDE (which is the correct
version), I get the compiled version. Do you know how I can view the file
that's not compiled?
Thanks
On Thu, May 21, 2015 at 11:49 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Yuval,
>
> On 5/21/15 2:39 PM, Yuval Schwartz wrote:
> > Hello,
> >
> > I have some follow-up questions to Chris' response below (in
> > blue).
> >
> > On Wed, May 20, 2015 at 5:53 PM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Yuval,
> >
> > On 5/20/15 9:34 AM, Yuval Schwartz wrote:
> I believe I am running tomcat 8.0 (although when I call the
> getServerInfo() method of the implicit ServletContext Object
> It tells me that I am running on 7.54)
> >
> > Then you are not running Tomcat 8.0.x.
> >
> I configured my realm element in my context.xml file as
> follows (based on the howto guide:
> https://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html):
> >
> > If you are running Tomcat 7, the Tomcat 8 users guide may give you
> > bad guidance. If you are intending to run Tomcat 8, you might want
> > to get that fixed, first.
> >
> >
> >> You are correct, I was running Tomcat 7, which doesn't use the
> >> same syntax for digesting from the command prompt (I think it
> >> doesn't have the options for salt, iterations, etc.). So I
> >> updated to tomcat 8.
>
> Correct: you'll need Tomcat 8 for the salting and iterative hashing.
>
> debug="99"
> >
> > The "debug" attribute hasn't been supported for something like 10
> > years.
> >
> dataSourceName="jdbc/board" localDataSource="true"
> userTable="test_user" userNameCol="Email"
> userCredCol="HashedPassword" userRoleTable="test_user_role"
> roleNameCol="Role">
>
> className="MessageDigestCredentialHandler" algorithm="SHA-1"
> iterations="1000" saltLength="48"/>
> >
> > Oh, good: someone is using the CredentialHandler to improve their
> > security. You might want to:
> >
> > 1. Switch to a larger hash, like SHA-256 2. Find out how much time
> > it takes to do 1000 SHA-1 (or SHA-256) hashes on your server. You
> > want the hashing to take more than a trivial amount of time. Our
> > services currently use more than 10k iterations of SHA-256. This
> > makes brute-forcing our password database very time consuming for
> > an attacker, if they were to capture the database itself.
> >
>
>
>
> However, despite the password being stored in the format
> described in your "how to" manual
> (ie:{salt}${iterations}${password}), authentication fails. I
> assume that this is because something in my
> configuration is wrong.
> >
> > Tomcat can generate a hash for you from the command-line:
> >
> > $ ./bin/digest.sh -a SHA-256 -i 1000 -s 48 'test'
> > test:04d9deb5f6f1f206c7139a28806e7ebde8f444018e0191168f8d00291d6e8719c
> d2
> >
> >
> 5cc82eca073f9a925c005aadf238b$1000$22cb9257949205ffbff01088b46137cf768dc
> > 67a0faca26f48269ca9250d4d9b
> >
> > Let's take-apart that credential to see what's in there:
> >
> > hash:
> >
> >
> >> Don't you mean "salt" above, instead of "hash:"?
>
> Yes.
>
> > 04d9deb5 f6f1f206 c7139a28 806e7ebd e8f44401 8e019116 8f8d0029
> > 1d6e8719 cd25cc82 eca073f9 a925c005 aadf238b
> >
> > That's 48 bytes (96 characters) of data.
> >
> > iteration count: 1000 (easy)
> >
> > fingerprint: 22cb9257 949205ff bff01088 b46137cf 768dc67a 0faca26f
> > 48269ca9 250d4d9b
> >
> > That's 32 bytes (64 characters) of data. SHA-1 produces 32-byte
> > output, so this looks good on the face of it.
> >
> >
> >> I think you mean "SHA-256" here, right?
>
> Yes, sorry. SHA-256 produces a 256-bit hash, which is 32 8-bit bytes.
>
> >> Yes, it looks correct. My issue is that I would like to run this
> >> "digest" from a servlet. How would I do that? I need to run it
> >> from a servlet because I need to enter it into my database (in
> >> the format {salt}${iterations}${passowrd}).
>
> Take a look at RealmBase to see how it does it.
>
> >> Should I even be doing it this way? This relates to my previous
> >> comment: Is there no way to call the same digest function that we
> >> ran from the command line, in a servlet?
>
> Sure. Look at how RealmBase does it.
>
> >> Indeed there is a digest method as part of the RealmBase API, I
> >> just don't know how to get an instance of the RealmBase Object
> >> from the servlet.
>
> Create a new one and fill it with the information you know about how
> you want to store password
Re: After applying self-signed certificate, server is up but cannot connect with browser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ori,
On 5/22/15 8:18 AM, Ori Raz wrote:
> We got an application based on tomcat 7.0.23 and all working fine.
>
> We are trying to apply our self-signed certificate and encountering
> some problems.
>
> I hope that the procedure I did is correct :)
>
> This is the procedure we followed:
>
> 1. copy the certificate file under this location:
> /opt/primecentral/install/utils/sslgen/vlg-cipr-pcpil1.megafon.ru.cer
>
> 2. remove existing entries: keytool -delete -alias tomcat
> -keystore /opt/primecentral/install/utils/sslgen/prime.keystore
> keytool -delete -alias tomcat -keystore
> /opt/primecentral/XMP_Platform/jre/lib/security/cacerts
It's not necessary to remove the existing certs. If you load the
CA-signed certificate into your keystore (making sure to use the
original alias, if any), it should update the certificate.
Also, you need to first import the CA's root and intermediate
certificates, first, like this:
$ keytool -import -alias [Authority.CA] -trustcacerts -file
[authority's CA cert] -keystore ${HOSTNAME}.jks
$ keytool -import -alias [Authority.intermediate] -trustcacerts -file
[authority's intermediate cert] -keystore ${HOSTNAME}.jks
$ keytool -import -alias ${HOSTNAME} -file ${HOSTNAME}.crt -keystore
${HOSTNAME}.jks
(That last one is your signed certificate, returned from the CA).
If, as you did your "delete", you managed to delete your server's key,
then your keystore is worthless. I hope you had a backup, because
without the server key, the certificate is worthless and you have to
re-start the entire process.
> After the restart of tomcat, I get the message that server started
> and catalina is empty (normal as there is no error...) hence all
> looks good.
>
> I can also see that tomcat process is up and port is listening: tcp
> 0 0 0.0.0.0:84430.0.0.0:* LISTEN
> 18724/java
>
> But, when trying to open browser to the server, then I get "This
> page cannot be displayed".
>
> I cannot locate any errors/exception in the server side.
>
> Can anyone please assist? we are in a dead end :)
If there is a problem loading the certificate, Tomcat should emit an
error message. Please check all log files, not just catalina.out
(although it should have the error in there).
Can you connect to the server using openssl?
$ openssl s_client -connect 10.56.57.65:8443
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVXyxNAAoJEBzwKT+lPKRYHdAQAI3/LTLtOwfX28SJQgD1gu74
F0HTS2Rjo7vdtITvMxEulCqj2kES97qTH6TnpG3Qo99r8SWELHV2bC79pb6ic0e+
/YvXngt3MPwXOaf9jWqeDFWLcjW0VV53FcEfbo71j4JZd01hSjb7+v+Kml5mCH0m
X0Av31oigj2vJuEmbgty2hkukLyPHTzDIHnP6oS8gfIMsc4lNveDRng5yLF1tZ+M
dRi5CWWdWibZoBpMZT1QjrWUI9Z/MhsKcr0pn/FWcJfLEQUwJJqPejV8MiuPf2a8
rF+QSn5JSJtGHo9dgjdNFs/skOeF1LTZHalqun1eLIKYLJXKhvfhTvl+mXD6ITHB
K6cJ1f83L5/8HilqpBZUdUdVETUxBb9/fXe0sYM4vHoqD49Si4DaCvggiq/2bZSx
XJ0BHaFbVw+JVTVCzwng6VrNr32Ji7uKD275/mcGLbCIlCzKWd1QaPKtTD/nD5AB
PtWMAzWKoSYJgJlWhlAiF2TEyHjZ6tU8B33hpoU7AxMCqaeY2YavRwaibWENKCLc
RJXExcMK1+59etSLdqI5IwN33fcChBksGMN+bokRZB6RvvyNz+PtH6oNpN87DHnO
IanB5Lp8p5YPig/AiYa5fLPoH40RjmmB1grUF4H7iuKkEt5Epw5BICPcgRxDePJU
uEva2cy+32ZIgIC3q9+V
=xi4N
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: After applying self-signed certificate, server is up but cannot connect with browser
Hello David, Thanks for replying. https://10.56.57.65:8443/ This is the same url that we used before applying our certification. Thanks, Barc On Fri, May 22, 2015 at 2:41 PM, David kerber wrote: > On 5/22/2015 8:18 AM, Ori Raz wrote: > >> Hello experts, >> >> We got an application based on tomcat 7.0.23 and all working fine. >> >> We are trying to apply our self-signed certificate and encountering some >> problems. >> >> I hope that the procedure I did is correct :) >> >> This is the procedure we followed: >> >> 1. copy the certificate file under this location: >> /opt/primecentral/install/utils/sslgen/vlg-cipr-pcpil1.megafon.ru.cer >> >> 2. remove existing entries: >> keytool -delete -alias tomcat -keystore >> /opt/primecentral/install/utils/sslgen/prime.keystore >> keytool -delete -alias tomcat -keystore >> /opt/primecentral/XMP_Platform/jre/lib/security/cacerts >> >> 3. insert new entries: >> keytool -importcert -file >> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer >> -keystore /opt/primecentral/install/utils/sslgen/prime.keystore -alias >> tomcat >> keytool -import -alias tomcat -keystore >> /opt/primecentral/XMP_Platform/jre/lib/security/cacerts -trustcacerts >> -file >> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer >> >> once done - restarted the tomcat. >> >> >> >> After the restart of tomcat, I get the message that server started and >> catalina is empty (normal as there is no error...) hence all looks good. >> >> I can also see that tomcat process is up and port is listening: >> tcp0 0 0.0.0.0:84430.0.0.0:* >> LISTEN 18724/java >> >> But, when trying to open browser to the server, then I get "This page >> cannot be displayed". >> > > What is the full url you're entering in your browser? > > > > >> I cannot locate any errors/exception in the server side. >> >> Can anyone please assist? we are in a dead end :) >> >> Thanks a lot, >> >> Barc >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: After applying self-signed certificate, server is up but cannot connect with browser
On 5/22/2015 8:18 AM, Ori Raz wrote: Hello experts, We got an application based on tomcat 7.0.23 and all working fine. We are trying to apply our self-signed certificate and encountering some problems. I hope that the procedure I did is correct :) This is the procedure we followed: 1. copy the certificate file under this location: /opt/primecentral/install/utils/sslgen/vlg-cipr-pcpil1.megafon.ru.cer 2. remove existing entries: keytool -delete -alias tomcat -keystore /opt/primecentral/install/utils/sslgen/prime.keystore keytool -delete -alias tomcat -keystore /opt/primecentral/XMP_Platform/jre/lib/security/cacerts 3. insert new entries: keytool -importcert -file /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer -keystore /opt/primecentral/install/utils/sslgen/prime.keystore -alias tomcat keytool -import -alias tomcat -keystore /opt/primecentral/XMP_Platform/jre/lib/security/cacerts -trustcacerts -file /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer once done - restarted the tomcat. After the restart of tomcat, I get the message that server started and catalina is empty (normal as there is no error...) hence all looks good. I can also see that tomcat process is up and port is listening: tcp0 0 0.0.0.0:84430.0.0.0:* LISTEN 18724/java But, when trying to open browser to the server, then I get "This page cannot be displayed". What is the full url you're entering in your browser? I cannot locate any errors/exception in the server side. Can anyone please assist? we are in a dead end :) Thanks a lot, Barc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
After applying self-signed certificate, server is up but cannot connect with browser
Hello experts, We got an application based on tomcat 7.0.23 and all working fine. We are trying to apply our self-signed certificate and encountering some problems. I hope that the procedure I did is correct :) This is the procedure we followed: 1. copy the certificate file under this location: /opt/primecentral/install/utils/sslgen/vlg-cipr-pcpil1.megafon.ru.cer 2. remove existing entries: keytool -delete -alias tomcat -keystore /opt/primecentral/install/utils/sslgen/prime.keystore keytool -delete -alias tomcat -keystore /opt/primecentral/XMP_Platform/jre/lib/security/cacerts 3. insert new entries: keytool -importcert -file /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer -keystore /opt/primecentral/install/utils/sslgen/prime.keystore -alias tomcat keytool -import -alias tomcat -keystore /opt/primecentral/XMP_Platform/jre/lib/security/cacerts -trustcacerts -file /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer once done - restarted the tomcat. After the restart of tomcat, I get the message that server started and catalina is empty (normal as there is no error...) hence all looks good. I can also see that tomcat process is up and port is listening: tcp0 0 0.0.0.0:84430.0.0.0:* LISTEN 18724/java But, when trying to open browser to the server, then I get "This page cannot be displayed". I cannot locate any errors/exception in the server side. Can anyone please assist? we are in a dead end :) Thanks a lot, Barc
