Re: Isapi_Redirect Issue Page Not Found 404.0
C:/inetpub/wwwroot/test.jsp This is the home for the default web site.I gave IIS app pool the running user modify, read, execute. Also gave everone full access this is only for testing purposes. Also, tomcat usergave them full access as well. Isapi Logs [Mon Apr 01 22:21:27.151 2019] [6556:1424] [debug] handle_notify_event::jk_isapi_plugin.c (1718): Filter started [Mon Apr 01 22:21:27.151 2019] [6556:1424] [debug] jk_servlet_normalize::jk_util.c (2185): URI on entering jk_servlet_normalize: [/test.jsp] [Mon Apr 01 22:21:27.151 2019] [6556:1424] [debug] jk_servlet_normalize::jk_util.c (2279): URI on exiting jk_servlet_normalize: [/test.jsp] [Mon Apr 01 22:21:27.151 2019] [6556:1424] [trace] map_uri_to_worker_ext::jk_uri_worker_map.c (1080): enter [Mon Apr 01 22:21:27.151 2019] [6556:1424] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1140): Prefixing mapping uri with vhost '/test-site' [Mon Apr 01 22:21:27.151 2019] [6556:1424] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1168): Attempting to map URI '/test-site/test.jsp' from 1 maps [Mon Apr 01 22:21:27.151 2019] [6556:1424] [trace] find_match::jk_uri_worker_map.c (967): enter [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] find_match::jk_uri_worker_map.c (978): Attempting to map context URI '/*=tomcat01' source 'uriworkermap' [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] find_match::jk_uri_worker_map.c (991): Found a wildchar match '/*=tomcat01' [Mon Apr 01 22:21:27.167 2019] [6556:1424] [trace] find_match::jk_uri_worker_map.c (994): exit [Mon Apr 01 22:21:27.167 2019] [6556:1424] [trace] map_uri_to_worker_ext::jk_uri_worker_map.c (1198): exit [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] handle_notify_event::jk_isapi_plugin.c (1806): [/test.jsp] is a servlet url - should redirect to tomcat01 [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] handle_notify_event::jk_isapi_plugin.c (1844): fowarding escaped URI [/test.jsp] [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] handle_notify_event::jk_isapi_plugin.c (1917): forwarding to : /jakarta/isapi_redirect.dll [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] handle_notify_event::jk_isapi_plugin.c (1919): forward URI : TOMCATURI00018000:/test.jsp [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] handle_notify_event::jk_isapi_plugin.c (1924): forward worker: TOMCATWORKER00018000:tomcat01 [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] handle_notify_event::jk_isapi_plugin.c (1926): worker index : TOMCATWORKERIDX00018000:0 [Mon Apr 01 22:21:27.167 2019] [6556:1424] [trace] HttpExtensionProc::jk_isapi_plugin.c (2027): enter [Mon Apr 01 22:21:27.167 2019] [6556:1424] [trace] wc_maintain::jk_worker.c (322): enter [Mon Apr 01 22:21:27.167 2019] [6556:1424] [trace] wc_maintain::jk_worker.c (363): exit [Mon Apr 01 22:21:27.167 2019] [6556:1424] [trace] init_ws_service::jk_isapi_plugin.c (2958): enter [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (2985): Reading extension header HTTP_TOMCATWORKER00018000: tomcat01 [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (2986): Reading extension header HTTP_TOMCATWORKERIDX00018000: 0 [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (2987): Reading extension header HTTP_TOMCATURI00018000: /test.jsp [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (2988): Reading extension header HTTP_TOMCATQUERY00018000: (null) [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (3036): Applying service extensions [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Connection : Keep-Alive [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Content-Length : 0 [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Accept : text/html, application/xhtml+xml, */* [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Accept-Encoding : gzip, deflate [Mon Apr 01 22:21:27.167 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Accept-Language : en-US [Mon Apr 01 22:21:27.183 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Host : test-site [Mon Apr 01 22:21:27.183 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko [Mon Apr 01 22:21:27.183 2019] [6556:1424] [debug] init_ws_service::jk_isapi_plugin.c (3296): Service protocol=HTTP/1.1 method=GET host= addr=
how to enable OCSP for Tomcat w OpenSSL
What, if anything, needs to be configured to ENABLE (preferably REQUIRE) tomat to do CLIENT certificate revocation checking via OCSP in Tomcat 8.5.38 using Openssl ? I'm sure I'm missing something simple and obvious (once pointed out) but I've been struggling with this all morning). 1) using Openssl (the tc-native-1.dll binary for Windows, compiled w OCSP support - the X64 dll from tomcat-native-1.2.21-openssl-1.1.1a-ocsp-win32-bin.zip) (will this even work with NIO2 ? - I don't HAVE to use NIO2) (i'd prefer to have this working with OpenSSl for a couple of reasons). (extra points for a configuration to allow it to use Axways (formerly Tumbleweed) Desktop Validator for its OCSP-caching features). 2) using JSSE (java 8 (1.8.0_202)) with the NIO2 connector (I've tried adding -Dcom.sun.net.ssl.checkRevocation=true to the Java options for the tomat service). I can't see anything indicating OCSP checks in the logs for either. (when the tc-native-1.dll is present, the logs show it being used: INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.21] using APR version [1.6.5]. INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1a 20 Nov 2018] INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-nio2-192.168.1.16-443"] connector has been configured to support negotiation to [h2] via ALPN INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio2-192.168.1.16-443"] ) for JSSE, by adding -Djavax.net.debug=ssl to the Java Options for the tomcat service I see logging for key & trust stores being loaded, etc. in tomcat8-stdout(date).log the server requesting a client cert, the Client cert being received and finding a trusted root for it ("Found trusted certificate:"), but nothing about revocation checking (I do see: check handshake state: certificate_verify[15] update handshake state: certificate_verify[15] but I'm not sure that's revocation checking...). for OpenSLL, I'mnot sure how to enable equivalent loggingby enabling pretty much ALL the logging org.apache.coyote.http2.level=ALL org.apache.level=ALL org.apache.catalina.session.level=ALL I can see the truststore ("Added client CA cert") being loaded but not much else about certificates. Wireshark shows me OCSP calls for the SERVER cert, presumable from the browswer (fireFox). (I'm testing this on a personal computer, tomcat and browser on the same computer). If there are equivalent OCSP calls for the CLIENT cert, I'm not seeing them. the Connector part of the server xml.config file is (ip address and server name etc removed):
Re: Isapi_Redirect Issue Page Not Found 404.0
This is a review of your post against the Tomcat install docs. On 30/03/2019 15:12, Charles Mulvany wrote: You are right. Sorry that is what it set to. /*=tomcat01 Thanks Sent from Yahoo Mail on Android On Sat, Mar 30, 2019 at 6:40 AM, Mark Thomas wrote: On 30/03/2019 00:56, Charles Mulvany wrote: Issue: When trying to open a JSP page in IIS it appears that the isapi_redirect.dll cannot find the file to convert. I have checked several sights that confirm my configuration below but none could find that had this condition, Has anybody got this to work in the below configuration. Below is my configuration. Windows 2016 Server 64-bit IIS 10.0 Tomcat 9.0.16 Page Requests http:/// Tomcat Default Page http://:8080/ Tomcat Default Page Those two are expected. http:///test.jsp 404.0 Page not found Where have you created this file? Does D:\Tomcat\webapps\ROOT\test.jsp exist? Is it readable by the user running the Tomcat process? http:///iisstart.htm 404.0 Page not found That is expected. Isapi Redirect Configuration [according to https://tomcat.apache.org/connectors-doc/webserver_howto/iis.html ] 1) Path: D:\Tomcat\isapi 2) Ran ACL on D:\Tomcat\isapi icacls "D:\Tomcat\isapi" /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)M 3) Copied isapi_redirect.dll (64-bit, 1.2.46) [Tried all versions all the way down to 27.] 4) Created isapi_redirect.properties file (have tried registry as well) - D:\Tomcat\isapi\isapi_redirect.properties extension_uri=/jakarta/isapi_redirect.dll log_file=D:\Tomcat\isapi\isapi_redirect.log log_level=trace worker_file=D:\Tomcat\isapi\workers.properties worker_mount_file=D:\Tomcat\isapi\uriworkermap.properties 5) Created workers.properties - D:\Tomcat\isapi\workers.properties worker.list=tomcat01 worker.tomcat01.type=ajp13 worker.tomcat01.host=localhost worker.tomcat01.port=8009 6) Created uriworkermap.properties - D:\Tomcat\isapi\ \*=tomcat01 Shouldn't that be: /*=tomcat01 ? Mark 7) Creatd Virtual Directory in IIS under Default Web Site Alias: jakarta path: D:\Tomcat\isapi 8) Select newly created virtual directory. (jakarta) - Selected ISAPI-dll (checked all to enable. 9) Selected Default Web Site - Isapi Filters - Filter Name: tomcat - Path: D:\Tomcat\isapi\isapi_redirect.dll 10) Selected Server --> ISAPI and CGI Restrictions - Isapi or CGI path: D:\Tomcat\isapi\isapi_redirect.dll - Description: tomcat - Checked Allow extension path to execute Notes Other Notes: - Application Pool - Integrated, V4.0 - Enable 32-bit Application = false - FailedReqLogFiles - 233. MODULE_SET_RESPONSE_ERROR_STATUS Warning ModuleName="IsapiModule", Notification="EXECUTE_REQUEST_HANDLER", HttpStatus="404", HttpReason="404", HttpSubStatus="0", ErrorCode="The operation completed successfully. (0x0)", ConfigExceptionInfo="" Thanks for any help in advance, been trying to fix this for a couple of weeks now. Stop Tomcat. Stop IIS. Delete all the Tomcat log files. Start Tomcat. Start IIS. Try accessing your test JSP. What do you see in the Tomcat log files? Particularly isapi_redirect.log? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org