RE: Configure SSL under Tomcat 7
Hi every body happy new spring ^^ Well, i'm asking you again to tell me please what's the purpose of these files : localhost.crt localhost.key in the last example in this link : http://tomcat.apache.org/tomcat-7.0-doc/apr.html, i wanna just know from where how did they get it (is there any command which permit to generate such files with such extensions)?!! Thanks.
RE: Configure SSL under Tomcat 7
Hi, I have downloaded OpenSSL under Windows wich required me to install Visual C++ 2008 Redistributable and i did it then i added the C:\OpenSSL-Win32\bin to my environement variable PATH, now the openssl command work very well in the cmd.exe (it give me OpenSSL), so i wanna generate the X.509 certificate format, what should i do now ?! is there any examples please ?! Thanks :) APR uses PEM-formatted X.509 certificate format and keys are in separate text blocks. Use OpenSSL to generate such certificates. Java uses JKS (Java Key Store) format and all keys are in a bundle. Use keytool to generate such certificates. In either case, keys can be imported-into or exported-out of JKS stores and converted to/from PEM-formatted key files.
Re: Configure SSL under Tomcat 7
Hi, Go through this link http://tomcat.apache.org/tomcat-4.1-doc/ssl-howto.html The file that you are asking are certificate and key file used for SSL. To configure tomcat with SSL you need to create this files. On Tue, Mar 20, 2012 at 2:51 PM, ayouB __ ayb-2...@hotmail.fr wrote: Hi every body happy new spring ^^ Well, i'm asking you again to tell me please what's the purpose of these files : localhost.crt localhost.key in the last example in this link : http://tomcat.apache.org/tomcat-7.0-doc/apr.html, i wanna just know from where how did they get it (is there any command which permit to generate such files with such extensions)?!! Thanks. -- Thanks and Regards, Tapan D. Thakkar (M:09714324778)
Re: Configure SSL under Tomcat 7
Den 20-03-2012 10:34, ayouB __ skrev: Hi, I have downloaded OpenSSL under Windows wich required me to install Visual C++ 2008 Redistributable and i did it then i added the C:\OpenSSL-Win32\bin to my environement variable PATH, now the openssl command work very well in the cmd.exe (it give me OpenSSL), so i wanna generate the X.509 certificate format, what should i do now ?! is there any examples please ?! http://lmgtfy.com/?q=openssl+create+certificate Pick one of the results (I did check the second and it looks good. For your convenience the direct link is: http://www.madboa.com/geek/openssl/) and follow it :) -Casper ps. Everyone, I'm sorry about the lmgtfy link but I got a little tired of the OP demanding explicit commands for non-tomcat tools and excessive use of !'s Thanks :) APR uses PEM-formatted X.509 certificate format and keys are in separate text blocks. Use OpenSSL to generate such certificates. Java uses JKS (Java Key Store) format and all keys are in a bundle. Use keytool to generate such certificates. In either case, keys can be imported-into or exported-out of JKS stores and converted to/from PEM-formatted key files. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configure SSL under Tomcat 7
Casper Wandahl Schmidt wrote: Den 20-03-2012 10:34, ayouB __ skrev: Hi, I have downloaded OpenSSL under Windows wich required me to install Visual C++ 2008 Redistributable and i did it then i added the C:\OpenSSL-Win32\bin to my environement variable PATH, now the openssl command work very well in the cmd.exe (it give me OpenSSL), so i wanna generate the X.509 certificate format, what should i do now ?! is there any examples please ?! http://lmgtfy.com/?q=openssl+create+certificate Pick one of the results (I did check the second and it looks good. For your convenience the direct link is: http://www.madboa.com/geek/openssl/) and follow it :) -Casper ps. Everyone, I'm sorry about the lmgtfy link but I got a little tired of the OP demanding explicit commands for non-tomcat tools and excessive use of !'s No reason to feel sorry, in my opinion. I have been myself amazed at how patient the list has been so far. Here is another link for ayoub's benefit : http://www.catb.org/~esr/faqs/smart-questions.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configure SSL under Tomcat 7
Casper Wandahl Schmidt wrote: Den 20-03-2012 10:34, ayouB __ skrev: Hi, I have downloaded OpenSSL under Windows wich required me to install Visual C++ 2008 Redistributable and i did it then i added the C:\OpenSSL-Win32\bin to my environement variable PATH, now the openssl command work very well in the cmd.exe (it give me OpenSSL), so i wanna generate the X.509 certificate format, what should i do now ?! is there any examples please ?! http://lmgtfy.com/?q=openssl+create+certificate Pick one of the results (I did check the second and it looks good. For your convenience the direct link is: http://www.madboa.com/geek/openssl/) and follow it :) -Casper ps. Everyone, I'm sorry about the lmgtfy link but I got a little tired of the OP demanding explicit commands for non-tomcat tools and excessive use of !'s No reason to feel sorry, in my opinion. I have been myself amazed at how patient the list has been so far. Here is another link for ayoub's benefit : http://www.catb.org/~esr/faqs/smart-questions.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Hi, I follow steps said in this link : http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html, i generated my files : .key and .crt, i puted them in the conf/bin then i modified my server.xml to be able to support these new changes, here it's : server.xml=== ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS SSLCertificateFile=localhost.crt SSLCertificateKeyFile=localhost.key/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !-- You should set jvmRoute to support load-balancing via AJP ie : Engine name=Catalina
Re: Configure SSL under Tomcat 7
Den 20-03-2012 13:15, ayouB __ skrev: Hi, I follow steps said in this link : http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html, i generated my files : .key and .crt, i puted them in the conf/bin then i modified my server.xml to be able to support these new changes, here it's : server.xml=== ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS SSLCertificateFile=localhost.crt SSLCertificateKeyFile=localhost.key/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html --
RE: Configure SSL under Tomcat 7
From: Tapan Thakkar [mailto:tapan.d.thak...@gmail.com] Subject: Re: Configure SSL under Tomcat 7 Go through this link http://tomcat.apache.org/tomcat-4.1-doc/ssl-howto.html It is irresponsible for anyone to suggest use of Tomcat 4 documentation; even more so in this case when the subject is SSL via APR, which didn't even exist in Tomcat 4. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Hi, the logs doesn't say any thing, tomcat still working normally, the problem is when i put the link : https://localhost:8443/ProjectTest/ , the browser display : impossible to display this page ..., like the project doesn't even exit in my workspace (the browser doesn't recognize my web project using https, which is not the case with http cause it works normally). What should i do now ?! Thanks.
Re: Configure SSL under Tomcat 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ayoub, On 3/20/12 8:15 AM, ayouB __ wrote: I'm really disturbed, i've tried every kind of solution !! does any one have any last suggestion pleaase ?! I think it may be time to hire a consultant. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9ojtoACgkQ9CaO5/Lv0PDRjQCfbXpyQcYNcfbTzGeQ8q6uSS6D XMUAni6YY7sxWO1mpabT2VqOr/PSD49r =Sg+i -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configure SSL under Tomcat 7
ayouB __ wrote: Hi, the logs doesn't say any thing, tomcat still working normally, the problem is when i put the link : https://localhost:8443/ProjectTest/ , the browser display : impossible to display this page ..., like the project doesn't even exit in my workspace (the browser doesn't recognize my web project using https, which is not the case with http cause it works normally). What should i do now ?! Thanks. Guys, I know that ayoub has a tendency to ask for ready-made answers rather than trying to figure it out by himself, but maybe he has a point nevertheless. According to a previous post, ayoub's current HTTPS Connector configuration is : Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS SSLCertificateFile=localhost.crt SSLCertificateKeyFile=localhost.key/ I personally have no idea if there are attributes missing above, or if something is wrong in the files, but If I go to this page :http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support and look up the APR Connector attributes, it says this : -- SSLCACertificateFile See the mod_ssl documentation. SSLCACertificatePath See the mod_ssl documentation. SSLCARevocationFile See the mod_ssl documentation. SSLCARevocationPath See the mod_ssl documentation. SSLCertificateChainFile See the mod_ssl documentation. SSLCACertificateFile Name of the file that contains the concatenated certificates for the trusted certificate authorities. The format is PEM-encoded. SSLCACertificatePath Name of the directory that contains the certificates for the trusted certificate authorities. The format is PEM-encoded. SSLCARevocationFile Name of the file that contains the concatenated certificate revocation lists for the certificate authorities. The format is PEM-encoded. SSLCARevocationPath Name of the directory that contains the certificate revocation lists for the certificate authorities. The format is PEM-encoded. SSLCertificateChainFile Name of the file that contains concatenated certifcates for the certificate authorities which form the certifcate chain for the server certificate. The format is PEM-encoded. SSLCertificateFile Name of the file that contains the server certificate. The format is PEM-encoded. SSLCertificateKeyFile Name of the file that contains the server private key. The format is PEM-encoded. The default value is the value of SSLCertificateFile and in this case both certificate and private key have to be in this file (NOT RECOMMENDED). etc... Note that for the attributes for which it does not say see the mod_ssl documentation, it talks about name of the file or name of the directory. Not path, but name. And when following the link to the Apache httpd mod_ssl documentation, there it says path. So, whether name or path, where should these files best be placed, and if these attributes do not require a full path, then relative to what is this interpreted ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Hi every one, Thanks you all for your replies your critics that means i became a VIP member in this mailing list :D i'm jokking ^_^ Well, i turned back to the JSSE, now it works very well and i can access to my ressources using HTTPS. Still the APR one, as it has been said earlier, i puted the absolute path of my .cer .key files as values of my SSLCertificateFile SSLCertificateKeyFile attributes, as u can see : == server.xml ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / !-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -- Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false maxThreads=150 scheme=https secure=true sslProtocol=TLS SSLCertificateFile=C:\Program Files\Apache Software Foundation\apache-tomcat-7.0.26\conf\localhost.cer SSLCertificateKeyFile=C:\Program Files\Apache Software Foundation\apache-tomcat-7.0.26\conf\localhost.key/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone
RE: Configure SSL under Tomcat 7
Hi Chris, Thank you so much for your analysis and relpies :) Now i downloaded the tcnative.jar from this link : http://download.nextag.com/apache//tomcat/tomcat-connectors/native/1.1.23/binaries/, i put it in my /lib directory, and as it's said in this link : http://tomcat.apache.org/tomcat-7.0-doc/apr.html, Windows binaries are provided for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR. So i have restarted my Tomcat server and i still having no result, every time i got : http://localhost:8080/, what sould i do now please, i'm really disturbed, i spent the whole week-end trying and retrying to solve this problem without any result. Thanks. Date: Fri, 16 Mar 2012 15:32:33 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Configure SSL under Tomcat 7 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ayoub, On 3/16/12 12:50 PM, ayouB __ wrote: Server port=8005 shutdown=SHUTDOWN [snip] !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=optional sslProtocol=TLS/ It's unusual to use port 8080 for SSL traffic, though it really does not matter what port you use. The example in the SSL howto uses port 8443, for instance. !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ Are you using AJP at all? If not, you can remove/comment-out this connector. On 3/16/12 1:10 PM, ayouB __ wrote: 16 mars 2012 17:05:48 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_31\bin;[...etc] So, if you intend to use APR, you'll have to fix this first. I can see from your java.library.path that you are on win32. Have you downloaded and installed tcnative, APR, and openssl? If not, go do that. If you have, please tell us how you have (incorrectly) installed them. Question : how to comme up with the SSLCertificateFile SSLCertificateKeyFile attributes. In case you hadn't noticed, server.xml uses neither an XML DTD nor an XML schema: that's why Eclipse can't tell you about what attributes are available. Tomcat doesn't use a DTD or Schema because some components (like Connector) need the freedom to be able to accept any attribute that will cause a setter method on the object to be called. Maintaining hundreds of possible attribute names in a DTD or Schema would be insane, so we don't do it. Trust me, the SSLCertificateFile and SSLCertificateKeyFile attributes are accepted -- and mandatory if you are going to use APR-based SSL. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9jlVEACgkQ9CaO5/Lv0PDMXwCgnIPI/aDmZKkBqhiexCqmrKMr NDYAn3FRV4tygg75B5+lPeB/rAWEoEXu =zanw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
From: ayouB __ [mailto:ayb-2...@hotmail.fr] Subject: RE: Configure SSL under Tomcat 7 1) Don't top post. 2) Reply only to the list, not to individuals. Now i downloaded the tcnative.jar That won't help; the contents of that jar are already included in the standard Tomcat jars. Remove it from your lib directory to avoid confusion. What you do need is the tomcat-native-1.1.23-win32-bin.zip file; inside that you'll find several versions of tcnative-1.dll. Pick the version appropriate for the JVM you're using (32- or 64-bit), and put it in Tomcat's bin (not lib) directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Hi, Sorry it'll be the first and the last time i send a private message to somebody, i didn't know the community's rules ! Well, now i downloaded the file you indicated me which is : http://mirror.atlanticmetro.net/apache//tomcat/tomcat-connectors/native/1.1.23/binaries/tomcat-native-1.1.23-win32-bin.zip, i found three files named : tcnative-1.dll : 1) bin/tcnative-1.dll 2) bin/i64/tcnative-1.dll 3) bin/x64/tcnative-1.dll Which one should i put in my : apache-tomcat-7.0.26\bin, knowing that i use windows xp (32 bits) as OS ?! Thanks.
Re: Configure SSL under Tomcat 7
On 19/03/2012 15:30, ayouB __ wrote: Hi, Sorry it'll be the first and the last time i send a private message to somebody, i didn't know the community's rules ! Well, now i downloaded the file you indicated me which is : http://mirror.atlanticmetro.net/apache//tomcat/tomcat-connectors/native/1.1.23/binaries/tomcat-native-1.1.23-win32-bin.zip, i found three files named : tcnative-1.dll : 1) bin/tcnative-1.dll 2) bin/i64/tcnative-1.dll 3) bin/x64/tcnative-1.dll Which one should i put in my : apache-tomcat-7.0.26\bin, knowing that i use windows xp (32 bits) as OS ?! 1) Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
From: ayouB __ [mailto:ayb-2...@hotmail.fr] Subject: RE: Configure SSL under Tomcat 7 1) bin/tcnative-1.dll 32-bit version 2) bin/i64/tcnative-1.dll Itanium version 3) bin/x64/tcnative-1.dll x86-64 version Which one should i put in my : apache-tomcat-7.0.26\bin, knowing that i use windows xp (32 bits) as OS ?! The 32-bit one. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Thanks Mark :) Which one should i put in my : apache-tomcat-7.0.26\bin, knowing that i use windows xp (32 bits) as OS ?! 1) Mark
RE: Configure SSL under Tomcat 7
Still not working !! I downloaded Apache Tomcat 7.0.26 (again), i added the tcnative-1.dll in my : apache-tomcat-7.0.26\bin, i created a keystore file with this command : keytool -genkeypair -alias tomcat -keyalg RSA -keystore C:\mykeystore i put the file named mykeystore in my : apache-tomcat-7.0.26\conf i modified my Tomcat's server.xml to be able to support HTTPS as it has been said in apache tomcat's documentation from the official website and as it had been said in the e-book : Apache Tomcat 7 (Aleska Vukotic and James Goodwill) in the chapter 7 : Securing tomcat with SSL ! (Step by step) Here's my conf/server.xml : ===server.xml= ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=mykeystore keystorePass=changeit keyAlias=tomcat keyPass=changeit/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine
RE: Configure SSL under Tomcat 7
I'm disturbed that i wrote things unlike what i think !! I want say : what things i'm supposed ... instead of what things i'm supported ... They didn't even talked ... instead of They even talked ... Thanks.
RE: Configure SSL under Tomcat 7
ayouB __ ayb-2...@hotmail.fr wrote on 03/19/2012 01:00:59 PM: From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Date: 03/19/2012 01:01 PM Subject: RE: Configure SSL under Tomcat 7 Still not working !! I downloaded Apache Tomcat 7.0.26 (again), i added the tcnative-1.dll in my : apache-tomcat-7.0.26\bin, i created a keystore file with this command : keytool -genkeypair -alias tomcat -keyalg RSA -keystore C:\mykeystore i put the file named mykeystore in my : apache-tomcat-7.0.26\conf i modified my Tomcat's server.xml to be able to support HTTPS as it has been said in apache tomcat's documentation from the official website and as it had been said in the e-book : Apache Tomcat 7 (Aleska Vukotic and James Goodwill) in the chapter 7 : Securing tomcat with SSL ! (Step by step) Here's my conf/server.xml : ===server.xml= ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=mykeystore keystorePass=changeit keyAlias=tomcat keyPass=changeit/ This part looks wrong to me. Is your keystore under /conf or in the tomcat home? If its under /conf try this: Connector SSLEnabled=true clientAuth=false keyAlias=tomcat keystoreFile=conf/mykeystore.jks keystorePass=changeit port=8443 scheme=https secure=true sslProtocol=TLS/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3
Re: Configure SSL under Tomcat 7
ok, keystore is for Java connectors. but you have chosen to use the APR connector. so you should use the certificate format that is used for that connector - Original Message - From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Sent: Monday, March 19, 2012 11:00:59 AM Subject: RE: Configure SSL under Tomcat 7 Still not working !! I downloaded Apache Tomcat 7.0.26 (again), i added the tcnative-1.dll in my : apache-tomcat-7.0.26\bin, i created a keystore file with this command : keytool -genkeypair -alias tomcat -keyalg RSA -keystore C:\mykeystore i put the file named mykeystore in my : apache-tomcat-7.0.26\conf i modified my Tomcat's server.xml to be able to support HTTPS as it has been said in apache tomcat's documentation from the official website and as it had been said in the e-book : Apache Tomcat 7 (Aleska Vukotic and James Goodwill) in the chapter 7 : Securing tomcat with SSL ! (Step by step) Here's my conf/server.xml : ===server.xml= ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration
RE: Configure SSL under Tomcat 7
hi filip, Can you explain me more what certificate format is used with APR how can i get it please ! Thanks.
Re: Configure SSL under Tomcat 7
I know that you will think this is strange, but i prefer to use the apache2 as a proxy to the tomcat server creating this lines in a ssl virtualhost: ProxyPass / http://127.0.0.1:8080 ProxyPassReverse / http://127.0.0.1:8080 Yes the data will be encrypted. 2012/3/19, ayouB __ ayb-2...@hotmail.fr: hi filip, Can you explain me more what certificate format is used with APR how can i get it please ! Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
From: ayouB __ [mailto:ayb-2...@hotmail.fr] Subject: RE: Configure SSL under Tomcat 7 Can you explain me more what certificate format is used with APR how can i get it please ! Read the docs: http://tomcat.apache.org/tomcat-7.0-doc/apr.html#APR_Connectors_Configuration - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Hi, I'm asking you again, pleaase tell me from where and how they get these files : localhost.crt localhost.key !!! Thanks.
Re: Configure SSL under Tomcat 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ayoub, On 3/19/12 1:51 PM, ayouB __ wrote: Can you explain me more what certificate format is used with APR how can i get it please ! APR uses PEM-formatted X.509 certificate format and keys are in separate text blocks. Use OpenSSL to generate such certificates. Java uses JKS (Java Key Store) format and all keys are in a bundle. Use keytool to generate such certificates. In either case, keys can be imported-into or exported-out of JKS stores and converted to/from PEM-formatted key files. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9nkd0ACgkQ9CaO5/Lv0PCtQwCfXt3jb4YaRH5hhlTDoQudSndr HJEAoIPD0/zHTZh4czIpMjPRiSZ/u2uT =vFqr -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configure SSL under Tomcat 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Luciano, On 3/19/12 1:58 PM, Luciano Andress Martini wrote: I know that you will think this is strange, but i prefer to use the apache2 as a proxy to the tomcat server creating this lines in a ssl virtualhost: ProxyPass / http://127.0.0.1:8080 ProxyPassReverse / http://127.0.0.1:8080 Yes the data will be encrypted. No, the data will not be encrypted. If you used https://; instead of http://; then the connection would be encrypted. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9nkgUACgkQ9CaO5/Lv0PDMkACfZtvbVS7TN6ZWGf+16fiMmeTq YCoAni+xWVkDD/xIzMTNeTD8j4Vfn0pn =6TwH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configure SSL under Tomcat 7
set SSLEnabled=true in your Connector element, that turns on SSL. After that, if you don't have keystoreFile or keystorePass set, it will throw errors Filip - Original Message - From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Sent: Friday, March 16, 2012 9:58:49 AM Subject: Configure SSL under Tomcat 7 Hi every one, I'm ayoub and i'm a new member of this mailing list :) Well, i want to configure SSL under Tomcat 7 so i have followed steps said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but when i deploy my project in tomcat server i don't get : https://loclhost:8080/ i still working with the native http !! what should i do, what configuration should i make on my server.xml file. PS : I want to use the APR implementation not the JSSE one, and BTW the : SSLCertificateFile SSLCertificateKeyFile don't exist in the connector ... / element (usinf eclipse Ctrl+space auto-complish) !! Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
, share authentication between web applications Documentation at: /docs/config/valve.html -- !-- Valve className=org.apache.catalina.authenticator.SingleSignOn / -- !-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern=common -- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b / /Host /Engine /Service /Server Date: Fri, 16 Mar 2012 10:41:38 -0600 From: devli...@hanik.com To: users@tomcat.apache.org Subject: Re: Configure SSL under Tomcat 7 set SSLEnabled=true in your Connector element, that turns on SSL. After that, if you don't have keystoreFile or keystorePass set, it will throw errors Filip - Original Message - From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Sent: Friday, March 16, 2012 9:58:49 AM Subject: Configure SSL under Tomcat 7 Hi every one, I'm ayoub and i'm a new member of this mailing list :) Well, i want to configure SSL under Tomcat 7 so i have followed steps said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but when i deploy my project in tomcat server i don't get : https://loclhost:8080/ i still working with the native http !! what should i do, what configuration should i make on my server.xml file. PS : I want to use the APR implementation not the JSSE one, and BTW the : SSLCertificateFile SSLCertificateKeyFile don't exist in the connector ... / element (usinf eclipse Ctrl+space auto-complish) !! Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Sorry :D i want say server.xml From: ayb-2...@hotmail.fr To: users@tomcat.apache.org Subject: RE: Configure SSL under Tomcat 7 Date: Fri, 16 Mar 2012 16:50:14 + Here's My service.xml file : ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- !-- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol connectionTimeout=2 redirectPort=8080 / -- !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=optional sslProtocol=TLS/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !-- You should set jvmRoute to support load-balancing via AJP ie : Engine name=Catalina defaultHost=localhost jvmRoute=jvm1 -- Engine name=Catalina defaultHost=localhost !--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) -- !-- Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster/ -- !-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack -- Realm className=org.apache.catalina.realm.LockOutRealm !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key
Re: Configure SSL under Tomcat 7
ok, check your logs for errors. You must have APR libraries with OpenSSL installed, and you must specify the SSLCertificateFile SSLCertificateKeyFile attributes. All errors will be in the logs Filip - Original Message - From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Sent: Friday, March 16, 2012 10:52:13 AM Subject: RE: Configure SSL under Tomcat 7 Sorry :D i want say server.xml From: ayb-2...@hotmail.fr To: users@tomcat.apache.org Subject: RE: Configure SSL under Tomcat 7 Date: Fri, 16 Mar 2012 16:50:14 + Here's My service.xml file : ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- !-- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol connectionTimeout=2 redirectPort=8080 / -- !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=optional sslProtocol=TLS/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !-- You should set jvmRoute to support load-balancing via AJP ie : Engine name=Catalina defaultHost=localhost jvmRoute=jvm1
RE: Configure SSL under Tomcat 7
logWebContextParams INFO: No context init parameter 'org.apache.myfaces.FACES_INIT_PLUGINS' found. 16 mars 2012 17:05:58 org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] 16 mars 2012 17:05:58 org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] 16 mars 2012 17:05:58 org.apache.catalina.startup.Catalina start INFO: Server startup in 9064 ms Question : how to comme up with the SSLCertificateFile SSLCertificateKeyFile attributes. Thanks :) Date: Fri, 16 Mar 2012 10:57:01 -0600 From: devli...@hanik.com To: users@tomcat.apache.org Subject: Re: Configure SSL under Tomcat 7 ok, check your logs for errors. You must have APR libraries with OpenSSL installed, and you must specify the SSLCertificateFile SSLCertificateKeyFile attributes. All errors will be in the logs Filip - Original Message - From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Sent: Friday, March 16, 2012 10:52:13 AM Subject: RE: Configure SSL under Tomcat 7 Sorry :D i want say server.xml From: ayb-2...@hotmail.fr To: users@tomcat.apache.org Subject: RE: Configure SSL under Tomcat 7 Date: Fri, 16 Mar 2012 16:50:14 + Here's My service.xml file : ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- !-- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol connectionTimeout=2 redirectPort=8080 / -- !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style
Re: Configure SSL under Tomcat 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ayoub, On 3/16/12 12:50 PM, ayouB __ wrote: Server port=8005 shutdown=SHUTDOWN [snip] !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=optional sslProtocol=TLS/ It's unusual to use port 8080 for SSL traffic, though it really does not matter what port you use. The example in the SSL howto uses port 8443, for instance. !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ Are you using AJP at all? If not, you can remove/comment-out this connector. On 3/16/12 1:10 PM, ayouB __ wrote: 16 mars 2012 17:05:48 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_31\bin;[...etc] So, if you intend to use APR, you'll have to fix this first. I can see from your java.library.path that you are on win32. Have you downloaded and installed tcnative, APR, and openssl? If not, go do that. If you have, please tell us how you have (incorrectly) installed them. Question : how to comme up with the SSLCertificateFile SSLCertificateKeyFile attributes. In case you hadn't noticed, server.xml uses neither an XML DTD nor an XML schema: that's why Eclipse can't tell you about what attributes are available. Tomcat doesn't use a DTD or Schema because some components (like Connector) need the freedom to be able to accept any attribute that will cause a setter method on the object to be called. Maintaining hundreds of possible attribute names in a DTD or Schema would be insane, so we don't do it. Trust me, the SSLCertificateFile and SSLCertificateKeyFile attributes are accepted -- and mandatory if you are going to use APR-based SSL. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9jlVEACgkQ9CaO5/Lv0PDMXwCgnIPI/aDmZKkBqhiexCqmrKMr NDYAn3FRV4tygg75B5+lPeB/rAWEoEXu =zanw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configure SSL under Tomcat 7
On 16/03/2012 15:58, ayouB __ wrote: Hi every one, I'm ayoub and i'm a new member of this mailing list :) Well, i want to configure SSL under Tomcat 7 so i have followed steps said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but when i deploy my project in tomcat server i don't get : https://loclhost:8080/ i still working with the native http !! what should i do, what configuration should i make on my server.xml file. Exactly which versions of OS, Java and Tomcat 7? Why don't you post the config for all of the Connectors you've got in server.xml, inline here, so we can see what you've done? PS : I want to use the APR implementation not the JSSE one, and Have you installed OpenSSL and APR? BTW the : SSLCertificateFile SSLCertificateKeyFile don't exist in the connector ... / element (usinf eclipse Ctrl+space auto-complish) !! I don't know what that means. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
RE: Configure SSL under Tomcat 7
The logs show that you don't have Tcnative installed - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
