SSL Problem with Tomcat 5.5.25 on Windows 2003 Server
Hi; I have a tomcat 5.5.25 installation on windows 2003 server. I tried to configure ssl on tomcat. When i write browser http://localhost:443 i can see the pages and applications. But when i write https://localhost i cant reach any page or applications. There is no error in the log files. Please help. -- Abdullah Teke = Tel: 0 555 337 21 89 MSN : abdullaht...@hotmail.com ICQ : 164500674 Web : www.abdullahteke.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server
From: Abdullah Teke [mailto:abdullaht...@gmail.com] Subject: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server When i write browser http://localhost:443 i can see the pages and applications. Which you shouldn't be able to - this is indicative of your server.xml being broken. But when i write https://localhost i cant reach any page or applications. Post your server.xml (preferably without all the comments, and obfuscate any passwords). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server
On Tue, Apr 27, 2010 at 4:33 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Abdullah Teke [mailto:abdullaht...@gmail.com] Subject: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server When i write browser http://localhost:443 i can see the pages and applications. Which you shouldn't be able to - this is indicative of your server.xml being broken. But when i write https://localhost i cant reach any page or applications. Post your server.xml (preferably without all the comments, and obfuscate any passwords). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. This is my server.xml. I have an mirror tomcat server installation that working perfect which have the same configuration and enviroment. But this server didnt work as i said before. -- Abdullah Teke = Tel: 0 555 337 21 89 MSN : abdullaht...@hotmail.com ICQ : 164500674 Web : www.abdullahteke.com ?xml version=1.0? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Example Server Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN !-- Comment these entries out to disable JMX MBeans support used for the administration web application -- Listener className=org.apache.catalina.core.AprLifecycleListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. By default, a non-SSL HTTP/1.1 Connector is established on port 8080. You can also enable an SSL HTTP/1.1 Connector on port 8443 by following the instructions below and uncommenting the second Connector entry. SSL support requires the following steps (see the SSL Config HOWTO in the Tomcat 5 documentation bundle for more detailed instructions): * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or later, and put the JAR files into $JAVA_HOME/jre/lib/ext. * Execute: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) with a password value of changeit for both the certificate and the keystore itself
Re: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server
On 27/04/2010 14:57, Abdullah Teke wrote: On Tue, Apr 27, 2010 at 4:33 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Abdullah Teke [mailto:abdullaht...@gmail.com] Subject: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server When i write browser http://localhost:443 i can see the pages and applications. Which you shouldn't be able to - this is indicative of your server.xml being broken. But when i write https://localhost i cant reach any page or applications. Post your server.xml (preferably without all the comments, and obfuscate any passwords). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. This is my server.xml. I have an mirror tomcat server installation that working perfect which have the same configuration and enviroment. But this server didnt work as i said before. The list often strips attachments, it's better to post the contents of the file, inline. (Makes it easier to suggest edits, too). p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server
On Tue, Apr 27, 2010 at 5:03 PM, Pid p...@pidster.com wrote: On 27/04/2010 14:57, Abdullah Teke wrote: On Tue, Apr 27, 2010 at 4:33 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Abdullah Teke [mailto:abdullaht...@gmail.com] Subject: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server When i write browser http://localhost:443 i can see the pages and applications. Which you shouldn't be able to - this is indicative of your server.xml being broken. But when i write https://localhost i cant reach any page or applications. Post your server.xml (preferably without all the comments, and obfuscate any passwords). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. This is my server.xml. I have an mirror tomcat server installation that working perfect which have the same configuration and enviroment. But this server didnt work as i said before. The list often strips attachments, it's better to post the contents of the file, inline. (Makes it easier to suggest edits, too). p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ok then. ?xml version=1.0? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Example Server Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN !-- Comment these entries out to disable JMX MBeans support used for the administration web application -- Listener className=org.apache.catalina.core.AprLifecycleListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. By default, a non-SSL HTTP/1.1 Connector is established on port 8080. You can also enable an SSL HTTP/1.1 Connector on port 8443 by following the instructions below and uncommenting the second Connector entry. SSL support requires the following steps (see the SSL Config HOWTO in the Tomcat 5 documentation bundle for more detailed instructions): * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or later, and put the JAR
Re: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Abdulla, On 4/27/2010 10:09 AM, Abdullah Teke wrote: On Tue, Apr 27, 2010 at 5:03 PM, Pid p...@pidster.com wrote: The list often strips attachments, it's better to post the contents of the file, inline. (Makes it easier to suggest edits, too). FWIW, it looks like the attachment came through the first time. Listener className=org.apache.catalina.core.AprLifecycleListener / Are you using APR for SSL? If so, the configuration for the Connector is different. !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\keystore keystorePass= / The comment doesn't reflect the Connector definition, but that all looks good to me. Are you sure Tomcat is using this server.xml? We've heard reports that Eclipse, NetBeans, and other IDEs sometimes use a different server.xml than you expect it to. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvXI5QACgkQ9CaO5/Lv0PCTNQCgoKnwC598syZ27DRsuxfWbBra C38An0HIHjO2iakZEo2Pw+Uoh91/+QFC =3TdH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server
From: Abdullah Teke [mailto:abdullaht...@gmail.com] Subject: Re: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server This is my server.xml. Connector port=8080 If you're using port 443 for HTTPS traffic, why are you using 8080 for HTTP? redirectPort=8443 This should be 443, not 8443. You're either not actually using this server.xml, or something else is listening on 443, or your browser is ignoring the port number (which some versions of IE are known to do). Do you have httpd or IIS in front of Tomcat? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server
On Tue, Apr 27, 2010 at 8:56 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Abdullah Teke [mailto:abdullaht...@gmail.com] Subject: Re: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server This is my server.xml. Connector port=8080 If you're using port 443 for HTTPS traffic, why are you using 8080 for HTTP? redirectPort=8443 This should be 443, not 8443. You're either not actually using this server.xml, or something else is listening on 443, or your browser is ignoring the port number (which some versions of IE are known to do). Do you have httpd or IIS in front of Tomcat? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. I think it uses this server.xml because after changed configuration and restart server, we can see the changes. It is wanted to use both http and https. -- Abdullah Teke = Tel: 0 555 337 21 89 MSN : abdullaht...@hotmail.com ICQ : 164500674 Web : www.abdullahteke.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Problem with Tomcat 5.5.25 on Windows 2003 Server
On Tue, Apr 27, 2010 at 8:49 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Abdulla, On 4/27/2010 10:09 AM, Abdullah Teke wrote: On Tue, Apr 27, 2010 at 5:03 PM, Pid p...@pidster.com wrote: The list often strips attachments, it's better to post the contents of the file, inline. (Makes it easier to suggest edits, too). FWIW, it looks like the attachment came through the first time. Listener className=org.apache.catalina.core.AprLifecycleListener / Are you using APR for SSL? If so, the configuration for the Connector is different. !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\keystore keystorePass= / The comment doesn't reflect the Connector definition, but that all looks good to me. Are you sure Tomcat is using this server.xml? We've heard reports that Eclipse, NetBeans, and other IDEs sometimes use a different server.xml than you expect it to. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvXI5QACgkQ9CaO5/Lv0PCTNQCgoKnwC598syZ27DRsuxfWbBra C38An0HIHjO2iakZEo2Pw+Uoh91/+QFC =3TdH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Yes i am sure server use this server.xml file. But i use the HP SM on this. If i use APR for SSL can you tell me how should i change configuration? Thanks. -- Abdullah Teke = Tel: 0 555 337 21 89 MSN : abdullaht...@hotmail.com ICQ : 164500674 Web : www.abdullahteke.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org