SSL problem with Tomcat 5.5
Our web site has had an ssl certificate from Godaddy for the last two years. I'm trying to update the certificate because it just expired. After the expiration, before updating I was able to get to the main page, with a certificate error. After the update of the certificaste I'm not able to get to the https page at all. Environment is Windows 2003 server, Tomcat 5.5.9, Server.xml is set to redirect http (port 80) to port 443, and did work before. What I've done so far: Downloaded the server certificate, Godaddy certificates and recreated the keystore. No errors along the way. Verified that server.xml has the correct keystore file and password. Restarted Tomcat. Under webapps/root there is a redirector to send the browser to my other app's index.html. At this point I can open the http page, but if I try to open the https url I don't get anything. I'm open and would be very grateful for any suggestions. Thanks Bob Grabbe Michigan Proteome Consortium University of Michigan [EMAIL PROTECTED] _ If we knew what we were doing, it wouldn't be called research, would it ? --Albert Einstien
RE: SSL problem with Tomcat 5.5
Did all that, to no avail. As I said, it was working until the certificate expired, and the new certificate seems to have broken things, although I can't see anything wrong with it. What it looks like, actually, is that the server isn't processing the server.xml entries that redirect http to https. I can't see why, though. Bob Grabbe Umiversity of Michigan [EMAIL PROTECTED] _ Research is the process of going up alleys to see if they are blind. -- Marston Bates -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 2:02 PM To: Tomcat Users List Subject: Re: SSL problem with Tomcat 5.5 Hi Bob There is a SSL checklist that starts with 1)installing and configuring JSSE (now comes with JDK.1.4 or 1.5) 2)a)create keystore b)import the certificate into just created keystore 3)uncomment the SSL Connector entry in $CATALINA_HOME/conf/server.xml and tweak keystoreFile to point to just created keystore http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html HTH/ Martin- - Original Message - From: Bob Grabbe [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Monday, November 26, 2007 1:04 PM Subject: SSL problem with Tomcat 5.5 Our web site has had an ssl certificate from Godaddy for the last two years. I'm trying to update the certificate because it just expired. After the expiration, before updating I was able to get to the main page, with a certificate error. After the update of the certificaste I'm not able to get to the https page at all. Environment is Windows 2003 server, Tomcat 5.5.9, Server.xml is set to redirect http (port 80) to port 443, and did work before. What I've done so far: Downloaded the server certificate, Godaddy certificates and recreated the keystore. No errors along the way. Verified that server.xml has the correct keystore file and password. Restarted Tomcat. Under webapps/root there is a redirector to send the browser to my other app's index.html. At this point I can open the http page, but if I try to open the https url I don't get anything. I'm open and would be very grateful for any suggestions. Thanks Bob Grabbe Michigan Proteome Consortium University of Michigan [EMAIL PROTECTED] _ If we knew what we were doing, it wouldn't be called research, would it ? --Albert Einstien - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL problem with Tomcat 5.5
Not sure which logs would help, but I've attached a notepad file with
excerpts.
I didn't generate a new csr, I figured renewing the cert shouldn't need
that. Do I need to go through that or should I be able to just renew it ?
What I did after downloading the new certificates was
1. Stop tomcat
2. rename the old keystore file
3. run the keytool to import the new certificates.
If there's a different sequence I should have used, I'll appreciate the
input.
Thanks
Bob Grabbe
Umiversity of Michigan
[EMAIL PROTECTED]
_
Research is the process of going up alleys to see if they are blind. --
Marston Bates
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Monday, November 26, 2007 3:38 PM
To: Tomcat Users List
Subject: Re: SSL problem with Tomcat 5.5
On Nov 26, 2007 10:04 AM, Bob Grabbe [EMAIL PROTECTED] wrote:
Our web site has had an ssl certificate from Godaddy for the last two
years.
I'm trying to update the certificate because it just expired. After
the
expiration, before updating I was able to get to the main page, with
a
certificate error. After the update of the certificaste I'm not able
to get
to the https page at all.
Downloaded the server certificate, Godaddy certificates and recreated
the
keystore.
? That sounds a little off -- the keystore should have been created as
a first step, followed by generating the certificate request to send
off
to GoDaddy.
At this point I can open the http page, but if I try to open the
https url I
don't get anything.
And the logs say ?
--
Hassan Schroeder [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Catalina log
INFO: Reloading context []
Nov 26, 2007 3:50:30 PM org.apache.coyote.http11.Http11Protocol pause
INFO: Pausing Coyote HTTP/1.1 on http-80
Nov 26, 2007 3:50:30 PM org.apache.coyote.http11.Http11Protocol pause
INFO: Pausing Coyote HTTP/1.1 on http-443
Nov 26, 2007 3:50:31 PM org.apache.catalina.core.StandardService stop
INFO: Stopping service Catalina
Nov 26, 2007 3:50:31 PM org.apache.coyote.http11.Http11Protocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-80
Nov 26, 2007 3:50:31 PM org.apache.coyote.http11.Http11Protocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-443
localhost log
Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@6db33c')
Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextDestroyed()
Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextDestroyed()
Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@159e6e8')
Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@1469658')
Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@1389b3f')
Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextDestroyed()
Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextDestroyed()
localhost access log\
192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET / HTTP/1.1 200 121
192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/ HTTP/1.1 200 1876
192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/topFrame.htm HTTP/1.1
200 2420
192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/leftUserInfoPage.htm
HTTP/1.1 200 10850
192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/images/NRPP.jpg
HTTP/1.1 200 4814
192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/JS/md5.js HTTP/1.1
200 8827
192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/images/New_icons.gif
HTTP/1.1 200 165
192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/images/groups_bar.gif
HTTP/1.1 200 2273
192.168.0.1 - - [26/Nov/2007:15:50:24 -0500] GET /prime/ HTTP/1.1 302 -
192.168.0.1 - - [26/Nov/2007:15:50:24 -0500] GET /prime/ HTTP/1.1 200 1876
192.168.0.1 - - [26/Nov/2007:15:50:24 -0500] GET /prime/leftUserInfoPage.htm
HTTP/1.1 200 10850
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL problem with Tomcat 5.5
OK, I've attached a new file with the startup. Unfortunately I'm not seeing anything in any logs that indicate any https requests. Just in case, what's the command to generate a new empty keystore file ? I've seen the notes on the tomcat docs for creating the csr, but I didn't do that this time. I might try it though, if I can get godaddy to go through the process with me again, Thanks Bob Grabbe University of Michigan [EMAIL PROTECTED] _ Research is the process of going up alleys to see if they are blind. -- Marston Bates -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 4:09 PM To: Tomcat Users List Subject: Re: SSL problem with Tomcat 5.5 What would be best would be catalina.log at startup, showing whether the SSL connector started cleanly. And of course, any log entry relating specifically to an HTTPS request. I didn't generate a new csr, I figured renewing the cert shouldn't need that. Do I need to go through that or should I be able to just renew it ? Dunno about GoDaddy, but when I renew a Thawte cert for one of my sites, I have to generate a new cert request. So I just create a new keystore file, named something like keystore-example.com-2007, and use that for the new cert. HTH! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] INFO: Initializing Coyote HTTP/1.1 on http-80 Nov 26, 2007 4:11:02 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-443 Nov 26, 2007 4:11:02 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1500 ms Nov 26, 2007 4:11:02 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Nov 26, 2007 4:11:02 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.9 Nov 26, 2007 4:11:02 PM org.apache.catalina.core.StandardHost start INFO: XML validation disabled Nov 26, 2007 4:11:03 PM org.apache.catalina.loader.WebappClassLoader validateJarFile INFO: validateJarFile(D:\jakarta-tomcat-5.5.9\jakarta-tomcat-5.5.9\webapps\prime\WEB-INF\lib\servlet-api.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class Nov 26, 2007 4:11:03 PM org.apache.catalina.loader.WebappClassLoader validateJarFile INFO: validateJarFile(D:\jakarta-tomcat-5.5.9\jakarta-tomcat-5.5.9\webapps\PRIMEInstallationSite\WEB-INF\lib\servlet-api.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class Nov 26, 2007 4:11:04 PM org.apache.struts.tiles.TilesPlugin initDefinitionsFactory INFO: Tiles definition factory loaded for module ''. Nov 26, 2007 4:11:04 PM org.apache.struts.validator.ValidatorPlugIn initResources INFO: Loading validation rules file from '/WEB-INF/validator-rules.xml' Nov 26, 2007 4:11:04 PM org.apache.struts.validator.ValidatorPlugIn initResources INFO: Loading validation rules file from '/WEB-INF/validation.xml' Nov 26, 2007 4:11:05 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-80 Nov 26, 2007 4:11:05 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-443 Nov 26, 2007 4:11:05 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Nov 26, 2007 4:11:05 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/16 config=null Nov 26, 2007 4:11:05 PM org.apache.catalina.storeconfig.StoreLoader load INFO: Find registry server-registry.xml at classpath resource Nov 26, 2007 4:11:05 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 3188 ms - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to see a Word or WordPerfect document in Tomcat?
On a related question, I have a problem with viewing .csv files with msexcel. The mime mapping is in the web.xml, but if I have the security-constraint section in web.xml to force everything to use https I get the same resource not available error. It works fine without the security constraints, though. Would you have any suggestions for this ? Bob Grabbe [EMAIL PROTECTED] - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, November 18, 2005 2:55 PM Subject: RE: How to see a Word or WordPerfect document in Tomcat? From: Ritchie Gillam [mailto:[EMAIL PROTECTED] Subject: How to see a Word or WordPerfect document in Tomcat? If I try to do this specifying a application path, for example, http://localhost:8084/Documents/test.wpd I get a ...resource it not available error. Can this be accomplished using Tomcat? Have you set the appropriate mime-mapping in conf/web.xml? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to see a Word or WordPerfect document in Tomcat?
Actually, you're right, it is IE. Being new to the list, though, could you point me toward the mail archives ? Ie, how to access them ? Thanks Bob Grabbe [EMAIL PROTECTED] - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, November 18, 2005 4:17 PM Subject: RE: How to see a Word or WordPerfect document in Tomcat? From: Bob Grabbe [mailto:[EMAIL PROTECTED] Subject: Re: How to see a Word or WordPerfect document in Tomcat? The mime mapping is in the web.xml, but if I have the security-constraint section in web.xml to force everything to use https I get the same resource not available error. Does this fail with Firefox, or just IE? There's a known feature of IE that prevents it from properly handling application data files delivered via https. I believe the mail archives contain some workarounds. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to see a Word or WordPerfect document in Tomcat?
I see it, and it looks like the right answer, I'll try it on Monda.y Thanks - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, November 18, 2005 4:49 PM Subject: RE: How to see a Word or WordPerfect document in Tomcat? From: Bob Grabbe [mailto:[EMAIL PROTECTED] Subject: Re: How to see a Word or WordPerfect document in Tomcat? Being new to the list, though, could you point me toward the mail archives ? Read the FAQ and look at the information on this page: http://tomcat.apache.org/lists.html I prefer the MARC list for searching. However, the link to that from the Tomcat lists page is incorrect; it should be: http://marc.theaimsgroup.com/?l=tomcat-userr=1w=2 Try searching on https cache download. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL w/Tomcat
Trying to set up a tomcat server to only serve up pages using ssl and we are having a few problems. In the server.xml we have tried redirecting port 80 to port 443, thusly: Connector port=80 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / and have set up the ssl connector also: Connector port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS Some of the redirection seems to be working, i.e. when I go to http://www.website.org I am redirected to https://www.website.org. If I type in just website.org (without the www), though, I go to http://website.org and do not get redirected. I've seen the note on forcing https at http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 but I have a problem with this also. When I include the pertinent section in my web.xml file everything does go to https, but I get errors on downloading files from the site through a web link. Any suggestions ? Any help or pointers would be appreciated, I'm still pretty new to Tomcat. Thanks Bob Grabbe [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
