Re: How to install an updated third party SSL certificate for B2B transactions
I believe all I need to do is import the new certificate into the keystore. The certificate from our trading partner appears to be getting used for verifying data which has been signed by them and sent to us. So I execute the following statement to try to import the new certificate: keytool -import -trustcacerts -file path_to_file_with_.der_extension -keystore .keystore -alias tomcat I am asked for the keystore password, and I enter it I then receive the following error: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Thoughts on what I'm doing wrong? Many thanks. On Tue, Sep 8, 2009 at 10:20 AM, Peter Crowther peter.crowt...@melandra.com wrote: 2009/9/8 David Uctaa duc...@gmail.com I have inherited a Tomcat 5.5 installation running on Windows XP. There are processes on this box which do server-to-server connections with a third party via HTTPS over SSL. We have installed the third party's SSL certificate on our server, and they have done likewise with ours. We use their certificate for recognizing messages that they have signed and encrypted, etc. OK. So the first step is to work out what piece of code uses their certificate. It's unlikely to be Tomcat, which probably uses your certificate to identify itself to them - but it's possible. It's more likely to be one or more B2B web applications (webapps) running inside Tomcat, which probably check returns from them to make sure the correct cert has been seen from their server. They have now updated their certificate and sent it to us. But I do not know how or where to update this on our system. Do I need to do something with the keystore? Are there resources online which will give me the how-tos on this? I've googled around and only managed to confuse myself further. I think it'll stay confusing until you answer the above question. You'll have to find / create / mind-read the documentation about which part of the system needs to know about which certificates. I suspect finding that out, or simply finding the architecture diagram that shows what apps are hosted in what containers and how they communicate, would be very useful to you! Once you've got more information, you can then ask far more targeted questions. They might be of the Tomcat users if that's relevant, or they might be of some other group that knows about the technology in your B2B webapps. Hope that helps. I'm not trying to fob you off; I just think we all need some more information about what's on the box! - Peter
Re: How to install an updated third party SSL certificate for B2B transactions
Gee thanks, I didn't think to Google answers first, that suggestion was very helpful. I actually did Google it and read the threads that came up under such searches. There were very few threads, and most of them were completely unanswered. Those that were answered did not pertain to my circumstance. A followup question: If I import certificates to my .keystore file for use by processes running under Tomcat, do they need to be under the tomcat alias in my .keystore? Or should each certificate be entered under a different alias? On Wed, Sep 9, 2009 at 11:33 AM, Serge Fonville serge.fonvi...@gmail.comwrote: Hi, keytool error: java.lang.Exception: Public keys in reply and keystore don't match http://lmgtfy.com/?q=Public+keys+in+reply+and+keystore+don%27t+matchl=1 Start with that, read the thread and maybe it helps HTH Regards, Serge Fonville On Wed, Sep 9, 2009 at 5:07 PM, David Uctaa duc...@gmail.com wrote: I believe all I need to do is import the new certificate into the keystore. The certificate from our trading partner appears to be getting used for verifying data which has been signed by them and sent to us. So I execute the following statement to try to import the new certificate: keytool -import -trustcacerts -file path_to_file_with_.der_extension -keystore .keystore -alias tomcat I am asked for the keystore password, and I enter it I then receive the following error: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Thoughts on what I'm doing wrong? Many thanks. On Tue, Sep 8, 2009 at 10:20 AM, Peter Crowther peter.crowt...@melandra.com wrote: 2009/9/8 David Uctaa duc...@gmail.com I have inherited a Tomcat 5.5 installation running on Windows XP. There are processes on this box which do server-to-server connections with a third party via HTTPS over SSL. We have installed the third party's SSL certificate on our server, and they have done likewise with ours. We use their certificate for recognizing messages that they have signed and encrypted, etc. OK. So the first step is to work out what piece of code uses their certificate. It's unlikely to be Tomcat, which probably uses your certificate to identify itself to them - but it's possible. It's more likely to be one or more B2B web applications (webapps) running inside Tomcat, which probably check returns from them to make sure the correct cert has been seen from their server. They have now updated their certificate and sent it to us. But I do not know how or where to update this on our system. Do I need to do something with the keystore? Are there resources online which will give me the how-tos on this? I've googled around and only managed to confuse myself further. I think it'll stay confusing until you answer the above question. You'll have to find / create / mind-read the documentation about which part of the system needs to know about which certificates. I suspect finding that out, or simply finding the architecture diagram that shows what apps are hosted in what containers and how they communicate, would be very useful to you! Once you've got more information, you can then ask far more targeted questions. They might be of the Tomcat users if that's relevant, or they might be of some other group that knows about the technology in your B2B webapps. Hope that helps. I'm not trying to fob you off; I just think we all need some more information about what's on the box! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to install an updated third party SSL certificate for B2B transactions
I have inherited a Tomcat 5.5 installation running on Windows XP. There are processes on this box which do server-to-server connections with a third party via HTTPS over SSL. We have installed the third party's SSL certificate on our server, and they have done likewise with ours. We use their certificate for recognizing messages that they have signed and encrypted, etc. They have now updated their certificate and sent it to us. But I do not know how or where to update this on our system. Do I need to do something with the keystore? Are there resources online which will give me the how-tos on this? I've googled around and only managed to confuse myself further. Thank you in advance, David
Re: How to forcibly close abandoned database connections?
Created a little admin app to do just that, and it worked perfectly. All the connections being shown as busy cleared right out, and only the minimum number of idle / available connections remained. Thanks much. On 1/10/07, Varley, Roger [EMAIL PROTECTED] wrote: I agree that is probably what is happening, since the application has gone idle. However, with garbage collection, while it will only reclaim memory when necessary, there is a way to force garbage collection. I am looking for a similar process with abandoned database connections. If the connections will only re-cycle with increased demand, could you not create that demand with an admin type program that requests, opens then closes X connections? Regards Roger ___ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. ___ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to forcibly close abandoned database connections?
Perhaps I was unclear what it is I'm trying to do. I have a connection pool set up under Tomcat 5.5, connecting to DB2 on an iSeries box using Tomcat's DBCP. It is set up for 30 connections. I am using Lambda Probe (a great open source Tomcat monitoring app) to monitor the datasources. It is showing, let's say, that there are a max of 30 connections allowed, that 11 have been established, and 9 are busy. I know that these 9 are due to a connection pool leak bug that was corrected (but not yet deployed), so even though the application has gone idle and no one is using it, the connections remain busy indefinitely. I have enabled removeAbandoned in my server.xml, but according to the Tomcat docs, abandoned connections are only recycled if there is a need for them, due to the number of available datasources getting low. The number of available datasources are not yet low, so these orphaned connections are still being reported as busy. I'm a little bit anal with regard to keeping things kinda clean on the server, so I would like to have these abandoned connections no longer reported as busy once they are orphaned. Is there a way to find and recycle abandoned connections forcibly? Thanks, David On 1/8/07, David Uctaa [EMAIL PROTECTED] wrote: Tomcat provides the removeAbandoned and removeAbandonedTimeout parameters when setting up data sources in server.xml. But according to the documentation I've read, abandoned connections only get closed and recycled when available connections run low and new connections are requested. Is there a way for me to forcibly close/release abandoned connections on the server from a privileged application running on the same server? BTW, I'm running Tomcat 5.5 on a Windows 2003 box, running against DB2 on an iSeries box (jt400 for the JDBC driver), using Tomcat's DBCP for the pooling. Thanks, David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to forcibly close abandoned database connections?
I agree that is probably what is happening, since the application has gone idle. However, with garbage collection, while it will only reclaim memory when necessary, there is a way to force garbage collection. I am looking for a similar process with abandoned database connections. On 1/10/07, EDMOND KEMOKAI [EMAIL PROTECTED] wrote: It is possible that whatever procedure is responsible for checking for abandoned connections only does so when there is actual need for a connection, similar to how a garbage collector works to reclaim memory. If there is no seeming stress on the connection resources then it would make sense not to jump the gun to look for and recycle abandoned connections. Of course I don't know if that is what is happening, but I suspect it might be. On 1/10/07, David Uctaa [EMAIL PROTECTED] wrote: Perhaps I was unclear what it is I'm trying to do. I have a connection pool set up under Tomcat 5.5, connecting to DB2 on an iSeries box using Tomcat's DBCP. It is set up for 30 connections. I am using Lambda Probe (a great open source Tomcat monitoring app) to monitor the datasources. It is showing, let's say, that there are a max of 30 connections allowed, that 11 have been established, and 9 are busy. I know that these 9 are due to a connection pool leak bug that was corrected (but not yet deployed), so even though the application has gone idle and no one is using it, the connections remain busy indefinitely. I have enabled removeAbandoned in my server.xml, but according to the Tomcat docs, abandoned connections are only recycled if there is a need for them, due to the number of available datasources getting low. The number of available datasources are not yet low, so these orphaned connections are still being reported as busy. I'm a little bit anal with regard to keeping things kinda clean on the server, so I would like to have these abandoned connections no longer reported as busy once they are orphaned. Is there a way to find and recycle abandoned connections forcibly? Thanks, David On 1/8/07, David Uctaa [EMAIL PROTECTED] wrote: Tomcat provides the removeAbandoned and removeAbandonedTimeout parameters when setting up data sources in server.xml. But according to the documentation I've read, abandoned connections only get closed and recycled when available connections run low and new connections are requested. Is there a way for me to forcibly close/release abandoned connections on the server from a privileged application running on the same server? BTW, I'm running Tomcat 5.5 on a Windows 2003 box, running against DB2 on an iSeries box (jt400 for the JDBC driver), using Tomcat's DBCP for the pooling. Thanks, David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- talk trash and carry a small stick. PAUL KRUGMAN (NYT) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to forcibly close abandoned database connections?
Possible. I'll give it a try... On 1/10/07, Varley, Roger [EMAIL PROTECTED] wrote: I agree that is probably what is happening, since the application has gone idle. However, with garbage collection, while it will only reclaim memory when necessary, there is a way to force garbage collection. I am looking for a similar process with abandoned database connections. If the connections will only re-cycle with increased demand, could you not create that demand with an admin type program that requests, opens then closes X connections? Regards Roger ___ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. ___ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to forcibly close abandoned database connections?
In server.xml, within GlobalNamingResources, include something like this: Resource auth=Container driverClassName=com.ibm.as400.access.AS400JDBCDriver maxActive=30 maxIdle=2 maxWait=5000 name=jdbc/something password=password type=javax.sql.DataSource url=jdbc:as400://abc.def.com username=username removeAbandoned=true removeAbandonedTimeout=120 logAbandoned=true/ Within the context.xml in your application's META-INF folder, include this underneath the Context element: ResourceLink global=jdbc/something name=jdbc/something type=javax.sql.DataSource / Within your appilcation code, include something like this: InitialContext initCtx = new InitialContext(); Context ctx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) ctx.lookup(jdbc/something); Connection con = ds.getConnection(); Make sure jt400.jar resides in your tomcat's common/lib folder Hope this helps. On 1/10/07, Greg Foulks [EMAIL PROTECTED] wrote: David, Any chance you could share with me your connection pool configuration? I've been struggling with trying to setup my own connection to our DB2 using the jt400 jar and have not been able to find any documentation for doing this with a DB2 connection. Thanks, Greg On 1/10/07, David Uctaa [EMAIL PROTECTED] wrote: Perhaps I was unclear what it is I'm trying to do. I have a connection pool set up under Tomcat 5.5, connecting to DB2 on an iSeries box using Tomcat's DBCP. It is set up for 30 connections. I am using Lambda Probe (a great open source Tomcat monitoring app) to monitor the datasources. It is showing, let's say, that there are a max of 30 connections allowed, that 11 have been established, and 9 are busy. I know that these 9 are due to a connection pool leak bug that was corrected (but not yet deployed), so even though the application has gone idle and no one is using it, the connections remain busy indefinitely. I have enabled removeAbandoned in my server.xml, but according to the Tomcat docs, abandoned connections are only recycled if there is a need for them, due to the number of available datasources getting low. The number of available datasources are not yet low, so these orphaned connections are still being reported as busy. I'm a little bit anal with regard to keeping things kinda clean on the server, so I would like to have these abandoned connections no longer reported as busy once they are orphaned. Is there a way to find and recycle abandoned connections forcibly? Thanks, David On 1/8/07, David Uctaa [EMAIL PROTECTED] wrote: Tomcat provides the removeAbandoned and removeAbandonedTimeout parameters when setting up data sources in server.xml. But according to the documentation I've read, abandoned connections only get closed and recycled when available connections run low and new connections are requested. Is there a way for me to forcibly close/release abandoned connections on the server from a privileged application running on the same server? BTW, I'm running Tomcat 5.5 on a Windows 2003 box, running against DB2 on an iSeries box (jt400 for the JDBC driver), using Tomcat's DBCP for the pooling. Thanks, David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to forcibly close abandoned database connections?
Tomcat provides the removeAbandoned and removeAbandonedTimeout parameters when setting up data sources in server.xml. But according to the documentation I've read, abandoned connections only get closed and recycled when available connections run low and new connections are requested. Is there a way for me to forcibly close/release abandoned connections on the server from a privileged application running on the same server? BTW, I'm running Tomcat 5.5 on a Windows 2003 box, running against DB2 on an iSeries box (jt400 for the JDBC driver), using Tomcat's DBCP for the pooling. Thanks, David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.5 problems enabling SSL on Windows service version
I have Tomcat 5.5 installed as both a Windows service version and as the standard deployment version (non Windows service - starts up with startup.bat). I purchased and installed an SSL certificate from Verisign. I modified the server.xml to enable the SSL connector. I have two different versions of server.xml: one uses ports 8080 and 8443 for http and https, the other version uses 80 and 443. On the Tomcat machine, I tried to connect to the https: version of my webapps. I can connect to my webapps on the standard (non-service) version of Tomcat with either server.xml and either set of ports, so I know that 80, 443, 8080, and 8443 are all good. On the service version of Tomcat, the non-SSL (http:) ports 80 and 8080 are good, but I can not connect to either 443 or 8443 via https. I've tried copying the entire \conf folder from the non-service version to the service version of Tomcat, and still no connection. The browser simply times out waiting for the connection. Nothing is showing up in the log files at all, so it looks like Tomcat is not seeing these connections at all. Platform: Windows Server 2003 Tomcat 5.5.20 (service version) / Tomcat 5.5.16 (non-service version) jdk1.5.0_08 I'm including my 2 server.xml files, but these can't be the problem, since both of them work on the non-service version, and neither of them work on the Windows service version. Any clues as to where else I should look? Many thanks, David == server.xml (intended for non-service version of Tomcat) ?xml version=1.0 encoding=UTF-8? Server port=8105 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener/ Listener className= org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Listener className= org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ GlobalNamingResources Environment name=isProduction type=java.lang.Boolean value=FALSE/ Environment name=productionMode type=java.lang.String value=TEST/ Resource auth=Container description=User database that can be updated and saved factory= org.apache.catalina.users.MemoryUserDatabaseFactory name=UserDatabase pathname=conf/tomcat-users.xml type=org.apache.catalina.UserDatabase/ Resource auth=Container driverClassName= com.ibm.as400.access.AS400JDBCDriver maxActive=30 maxIdle=2 maxWait=5000 name=jdbc/ password= type=javax.sql.DataSource url=jdbc:as400://abc.def.com username=/ Resource auth=Container driverClassName= com.ibm.as400.access.AS400JDBCDriver maxActive=30 maxIdle=2 maxWait=5000 name=jdbc/xxx password=xx type=javax.sql.DataSource url=jdbc:as400://ghi.jkl.com username=xx/ Resource auth=Container driverClassName= com.ibm.as400.access.AS400JDBCDriver maxActive=30 maxIdle=2 maxWait=5000 name=jdbc/ password=xxx type=javax.sql.DataSource url=jdbc:as400://mno.pqr.com username=JPxxxGMR/ /GlobalNamingResources Service name=Catalina Connector port=8080 redirectPort=8443 minSpareThreads=25 connectionTimeout=2 maxThreads=150 maxSpareThreads=75 maxHttpHeaderSize=8192 /Connector Connector port=8009 redirectPort=8443 protocol=AJP/1.3 /Connector Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\Program Files\Java\jdk1.5.0_06\bin\.keystore / Engine defaultHost=localhost name=Catalina Realm className=org.apache.catalina.realm.UserDatabaseRealm/ Host appBase=webapps name=localhost autoDeploy=true liveDeploy=true unpackWARs=true Context path= reloadable=true /Context /Host /Engine /Service /Server server.xml (intended for Windows service version) ?xml version=1.0 encoding=UTF-8? Server port=8105 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener/ Listener className= org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Listener className= org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ GlobalNamingResources Environment name=isProduction type=java.lang.Boolean value=FALSE/ Environment name=productionMode type=java.lang.String value=TEST/ Resource auth=Container description=User database that can be updated and saved factory= org.apache.catalina.users.MemoryUserDatabaseFactory name=UserDatabase pathname=conf/tomcat-users.xml type=org.apache.catalina.UserDatabase/ Resource auth=Container driverClassName=
Re: Tomcat 5.5 problems enabling SSL on Windows service version
According to Windows, the Group or User Names assigned to .keystore are: Administrators Power Users SYSTEM TERMINAL SERVER USER Users Tomcat's logon properties are: Log on as: Local System Account (Allow service to interact with desktop is *not* checked) Should I change this to log on as me? If so, will I have to re-boot the server, or will simply re-starting the service be sufficient? Many thanks, David On 11/15/06, Markus Schönhaber [EMAIL PROTECTED] wrote: David Uctaa wrote: I have Tomcat 5.5 installed as both a Windows service version and as the standard deployment version (non Windows service - starts up with startup.bat). I purchased and installed an SSL certificate from Verisign. I modified the server.xml to enable the SSL connector. I have two different versions of server.xml: one uses ports 8080 and 8443 for http and https, the other version uses 80 and 443. On the Tomcat machine, I tried to connect to the https: version of my webapps. I can connect to my webapps on the standard (non-service) version of Tomcat with either server.xml and either set of ports, so I know that 80, 443, 8080, and 8443 are all good. On the service version of Tomcat, the non-SSL (http:) ports 80 and 8080 are good, but I can not connect to either 443 or 8443 via https. I've tried copying the entire \conf folder from the non-service version to the service version of Tomcat, and still no connection. The browser simply times out waiting for the connection. Nothing is showing up in the log files at all, so it looks like Tomcat is not seeing these connections at all. WAG: check if the account the Tomcat service runs under (propably SYSTEM) has sufficient rights to access the .keystore file. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 problems enabling SSL on Windows service version
I tried changing the service to log on with my credentials, and still no go. However, if there were a problems such as you described, then shouldn't there be an exception thrown somewhere that I should be able to find? The SSL service started up without a problem: Nov 15, 2006 9:44:38 AM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-443 and after the browser timeouts, nothing shows up in any of the logs indicating that there was a problem with the keystore file... On 11/15/06, David Uctaa [EMAIL PROTECTED] wrote: According to Windows, the Group or User Names assigned to .keystore are: Administrators Power Users SYSTEM TERMINAL SERVER USER Users Tomcat's logon properties are: Log on as: Local System Account (Allow service to interact with desktop is *not* checked) Should I change this to log on as me? If so, will I have to re-boot the server, or will simply re-starting the service be sufficient? Many thanks, David On 11/15/06, Markus Schönhaber [EMAIL PROTECTED] wrote: David Uctaa wrote: I have Tomcat 5.5 installed as both a Windows service version and as the standard deployment version (non Windows service - starts up with startup.bat). I purchased and installed an SSL certificate from Verisign. I modified the server.xml to enable the SSL connector. I have two different versions of server.xml: one uses ports 8080 and 8443 for http and https, the other version uses 80 and 443. On the Tomcat machine, I tried to connect to the https: version of my webapps. I can connect to my webapps on the standard (non-service) version of Tomcat with either server.xml and either set of ports, so I know that 80, 443, 8080, and 8443 are all good. On the service version of Tomcat, the non-SSL (http:) ports 80 and 8080 are good, but I can not connect to either 443 or 8443 via https. I've tried copying the entire \conf folder from the non-service version to the service version of Tomcat, and still no connection. The browser simply times out waiting for the connection. Nothing is showing up in the log files at all, so it looks like Tomcat is not seeing these connections at all. WAG: check if the account the Tomcat service runs under (propably SYSTEM) has sufficient rights to access the .keystore file. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 problems enabling SSL on Windows service version
It doesn't work when logged on as me. I changed the service to log on with my credentials, and I still have the same thing happening. On 11/15/06, Markus Schönhaber [EMAIL PROTECTED] wrote: David Uctaa wrote: According to Windows, the Group or User Names assigned to .keystore are: Administrators Power Users SYSTEM TERMINAL SERVER USER Users Tomcat's logon properties are: Log on as: Local System Account (Allow service to interact with desktop is *not* checked) LOCAL SYSTEM is a different account than SYSTEM. And the former doesn't seem to have any access rights on the .keystore file. Assinig sufficient permissions for LOCAL SYSTEM on the .keystore file might help. Should I change this to log on as me? If so, will I have to re-boot the server, or will simply re-starting the service be sufficient? No, at least not when the service is running live. But changing the account just temporarily might be helpful diagnose-wise. If everything works when the service is running under your account, this would be a strong indication that it really is a permission problem. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 problems enabling SSL on Windows service version
Do you think it possible that this is a problem that upgrading the service version to 5.5.20 would help resolve? The service version is 5.5.16 and the non-service version is 5.5.20. That seems like a really far stretch to me. On 11/15/06, David Uctaa [EMAIL PROTECTED] wrote: It doesn't work when logged on as me. I changed the service to log on with my credentials, and I still have the same thing happening. On 11/15/06, Markus Schönhaber [EMAIL PROTECTED] wrote: David Uctaa wrote: According to Windows, the Group or User Names assigned to .keystore are: Administrators Power Users SYSTEM TERMINAL SERVER USER Users Tomcat's logon properties are: Log on as: Local System Account (Allow service to interact with desktop is *not* checked) LOCAL SYSTEM is a different account than SYSTEM. And the former doesn't seem to have any access rights on the .keystore file. Assinig sufficient permissions for LOCAL SYSTEM on the .keystore file might help. Should I change this to log on as me? If so, will I have to re-boot the server, or will simply re-starting the service be sufficient? No, at least not when the service is running live. But changing the account just temporarily might be helpful diagnose-wise. If everything works when the service is running under your account, this would be a strong indication that it really is a permission problem. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 problems enabling SSL on Windows service version
Markus, Thanks for the info on APR. I'll try configuring that properly, or if that fails, to let it fall back to the base connector. And apologies for the inappropriate CC. List newbie. On 11/15/06, Markus Schönhaber [EMAIL PROTECTED] wrote: I'm reading the list. There's no need to CC me. I have even set the Reply-To pointing to the list. Please respect that. David Uctaa wrote: I tried changing the service to log on with my credentials, and still no go. However, if there were a problems such as you described, then shouldn't there be an exception thrown somewhere that I should be able to find? The SSL service started up without a problem: Nov 15, 2006 9:44:38 AM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-443 In this case the APR connector is used. It's SSL configuration is done in a very different way from how it's done whith the Base Connector - APR doesn't know nor care about the .keystore: http://tomcat.apache.org/tomcat-5.5-doc/apr.html There are two options: 1. Change the configuration the way APR needs it. 2. Make sure tcnative-1.dll isn't found by the service. Then the Base connector will be used. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 problems enabling SSL on Windows service version
Yup, it's the APR connector. I'm going to try changing the configuration to handle that properly, or if that fails, to let it fall back to the base connector. Thanks, David On 11/15/06, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: David Uctaa [mailto:[EMAIL PROTECTED] Subject: Re: Tomcat 5.5 problems enabling SSL on Windows service version Do you think it possible that this is a problem that upgrading the service version to 5.5.20 would help resolve? Probably not. But - did you install the APR connector (tcnative-1.dll)? If so, the SSL config is different than for the standard connector. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 problems enabling SSL on Windows service version
:) Thanks for the assistance. I'm hip-deep in APR configuration info now. On 11/15/06, Markus Schönhaber [EMAIL PROTECTED] wrote: Markus Schönhaber wrote: LOCAL SYSTEM is a different account than SYSTEM. And the former doesn't Bullshit. This should be LOCAL SERVICE (or however it is called on an English Windows). This is indeed a different account than SYSTEM, but it is irrelevant in your case. Reading error on my part. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to handle trailing slash and upper/lower case combinations
I'm running Tomcat 5.5 in standalone mode -- no web server front-ending it. If Apache were front-ending it, I would know how to handle the situation where the context path is entered in differring upper/lower case(s), or if a directory's trailing slash was included or not, but how do I configure this when using Tomcat standalone? So all of the following combinations should resolve to http://my.domain.com/MyApp http://my.domain.com/myapp http://my.domain.com/myapp/ http://my.domain.com/Myapp http://my.domain.com/Myapp/ etc... My configuration: Tomcat 5.5.16 jdk1.5.0_06 Windows XP Thanks, David
Cannot load JDBC driver class... but it's definitely there...
Running Tomcat 5.5.17 through Eclipse 3.2.1 Using jdk1.5.0_08 OS = Windows XP server.xml contains the following within the Server element: GlobalNamingResources Resource auth=Container driverClassName= com.ibm.as400.access.AS400JDBCDriver maxActive=30 maxIdle=2 maxWait=5000 name=jdbc/myDatabase password=pw type= javax.sql.DataSource url=jdbc:as400://abc.def.com username=uid/ /GlobalNamingResources -- the web application's context.xml contains the following: ?xml version=1.0 encoding=UTF-8? Context path=/TestBed reloadable=true ResourceLink global=jdbc/myDatabase name=jdbc/myDatabase type=javax.sql.DataSource / /Context - my servlet code contains the following: InitialContext ctx = new InitialContext(); Context envCtx = (Context) ctx.lookup(java:comp/env); ds = (DataSource) envCtx.lookup(jdbc/myDatabase); con = ds.getConnection(); --- jt400.jar contains the driver class com.ibm.as400.access.AS400JDBCDriver and the jar files resides in WEB-INF/lib under my web app. - the ds.getConnection call is causing the following exceptions to be thrown: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.ibm.as400.access.AS400JDBCDriver' at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource( BasicDataSource.java:766) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection( BasicDataSource.java:540) at com.nuhorizons.util.TestStuff.doPost(TestStuff.java:48) at com.nuhorizons.util.TestStuff.doGet(TestStuff.java:34) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection (Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) Caused by: java.lang.ClassNotFoundException: com.ibm.as400.access.AS400JDBCDriver at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:164) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource( BasicDataSource.java:760) ... 19 more -- What setting in Eclipse am I overlooking? Many thanks, David
Re: Cannot load JDBC driver class... but it's definitely there...
Worked like a charm David. Thank you so very much! David On 11/9/06, David Smith [EMAIL PROTECTED] wrote: The driver has to be in tomcat's common/lib so tomcat's internal classloader can see it. Don't know what the equivalent is in Eclipse. Additionally, when in common/lib it should be removed from WEB-INF/lib of your webapp to avoid classloader problems. --David David Uctaa wrote: Running Tomcat 5.5.17 through Eclipse 3.2.1 Using jdk1.5.0_08 OS = Windows XP server.xml contains the following within the Server element: GlobalNamingResources Resource auth=Container driverClassName= com.ibm.as400.access.AS400JDBCDriver maxActive=30 maxIdle=2 maxWait=5000 name=jdbc/myDatabase password=pw type= javax.sql.DataSource url=jdbc:as400://abc.def.com username=uid/ /GlobalNamingResources -- the web application's context.xml contains the following: ?xml version=1.0 encoding=UTF-8? Context path=/TestBed reloadable=true ResourceLink global=jdbc/myDatabase name=jdbc/myDatabase type=javax.sql.DataSource / /Context - my servlet code contains the following: InitialContext ctx = new InitialContext(); Context envCtx = (Context) ctx.lookup(java:comp/env); ds = (DataSource) envCtx.lookup(jdbc/myDatabase); con = ds.getConnection(); --- jt400.jar contains the driver class com.ibm.as400.access.AS400JDBCDriver and the jar files resides in WEB-INF/lib under my web app. - the ds.getConnection call is causing the following exceptions to be thrown: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.ibm.as400.access.AS400JDBCDriver' at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource( BasicDataSource.java:766) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection( BasicDataSource.java:540) at com.nuhorizons.util.TestStuff.doPost(TestStuff.java:48) at com.nuhorizons.util.TestStuff.doGet(TestStuff.java:34) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection (Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) Caused by: java.lang.ClassNotFoundException: com.ibm.as400.access.AS400JDBCDriver at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:164) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource( BasicDataSource.java:760) ... 19 more -- What setting in Eclipse am I overlooking? Many thanks, David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can GlobalNamingResources be accessed without a ResourceLink
I am running Tomcat 5.5.16, and I have a couple of DataSources set up in the GobalNamingResources section of my server.xml. Now, I preferably want to be able to access these resources without having to set up a separate Context section for each application, so I can deploy new applications that access these resources without having to modify my server configuration. Currently, the only way I am able to access the DataSources is to set things up like this: GlobalNamingResources Environment name=productionMode type=java.lang.String value=TEST/ Resource auth=Container driverClassName=com.ibm.as400.access.AS400JDBCDriver name=jdbc/xxx1 password=xxx type=javax.sql.DataSource url=jdbc:as400://abc.def.com username=xxx/ Resource auth=Container driverClassName=com.ibm.as400.access.AS400JDBCDriver name=jdbc/xxx2 password=xxx type=javax.sql.DataSource url=jdbc:as400://ghi.jkl.com username=xxx/ Resource auth=Container driverClassName=com.ibm.as400.access.AS400JDBCDriver name=jdbc/xxx3 password=xxx type=javax.sql.DataSource url=jdbc:as400://mno.pqr.com username=xxx/ /GlobalNamingResources .. Engine defaultHost=localhost name=Catalina Realm className=org.apache.catalina.realm.UserDatabaseRealm/ Host appBase=webapps name=localhost autoDeploy=true liveDeploy=true unpackWARs=true Context docBase=myApp path=/myApp reloadable=true ResourceLink global=productionMode name=productionMode type= java.lang.String/ ResourceLink global=jdbc/xxx1 name=jdbc/xxx1 type= javax.sql.DataSource / ResourceLink global=jdbc/xxx2 name=jdbc/xxx2 type= javax.sql.DataSource / ResourceLink global=jdbc/xxx3 name=jdbc/xxx3 type= javax.sql.DataSource / /Context /Host /Engine My question is, can I create the links to the global resources in my web.xml? Or are my only options to do either: 1) Create a context for each new application with the resource links 2) Create the resources in the web.xml on a per-application basis. Option 1) is inconvenient but doable. Option 2) isn't really an option, because at the very least, I need to set some server-level environment variables that the applications read. So, is there a way for me to get around having to create a Context for each application I want to install? DefaultContext didn't work for me. Thanks, David Uctaa
