Re: Tomcat HTTPS Help needed
where would I find any sort of performance tests of OpenSSL vs Java JSSE? is it possible to implement client authenification in both OpenSSL and Java JSSE? Thanks Martin Mladen Turk wrote: Martin Cavanagh wrote: Removing the tcnative-1.dll library worked! But doesn't that have the disadvantage of decreased performance for Tomcat? Yes, APR connector with OpenSSL is 4 times faster then with Java JSSE Is there a way to install OpenSSL without compiling it? Tcnative-1.dll for windows already contains the OpenSSL code compiled in. That's why the tcnative binaries are hosted on the Ireland's site. Regards, Mladen. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Con-Sense-GmbH __ _Martin Cavanagh_ Tel.: +49541 800 83 0 Fax: +49541 800 83 99 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Con-Sense GmbH Neuer Graben 25 49074 Osnabrück www.con-sense-group.com http://www.con-sense-group.com Geschäftsführer Eckhard Schulz Amtsgericht Hildesheim HRB 3341 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat HTTPS Help needed
Removing the tcnative-1.dll library worked! But doesn't that have the disadvantage of decreased performance for Tomcat? Is there a way to install OpenSSL without compiling it? Thanks Martin Mladen Turk wrote: Martin Cavanagh wrote: Hi everyone. I'm quite embarrassed - but inspite following the Apache guide, I just can't set up HTTPS via Tomcat! C:\keytool -list -keystore c:\.keystore Geben Sie das Keystore-Passwort ein: Keystore-Typ: JKS Keystore-Provider: SUN The logs don't seem to show anything interesting It does, like always ;) e.g. catalina - 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 You are using APR connector with OpenSSL, so Sun keystore is invalid. Either remove tcnative-1.dll from the bin directory or use the OpenSSL (like in Apache2) for SSL See: http://tomcat.apache.org/tomcat-5.5-doc/apr.html Regards, Mladen. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Con-Sense-GmbH __ _Martin Cavanagh_ Tel.: +49541 800 83 0 Fax: +49541 800 83 99 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Con-Sense GmbH Neuer Graben 25 49074 Osnabrück www.con-sense-group.com http://www.con-sense-group.com Geschäftsführer Eckhard Schulz Amtsgericht Hildesheim HRB 3341 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat HTTPS Help needed
Martin Cavanagh wrote: Removing the tcnative-1.dll library worked! But doesn't that have the disadvantage of decreased performance for Tomcat? Yes, APR connector with OpenSSL is 4 times faster then with Java JSSE Is there a way to install OpenSSL without compiling it? Tcnative-1.dll for windows already contains the OpenSSL code compiled in. That's why the tcnative binaries are hosted on the Ireland's site. Regards, Mladen. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat HTTPS Help needed
Martin Gainty wrote: just so Im clear..this would not work with keystore files but will work with APR connector and the Binaries must be compiled to JNI spec? exactly, to use APR and OpenSSL, you can use Apache style certificates, Connector protocol=org.apache.coyote.http11.Http11AprProtocol port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/usr/local/ssl/server.crt SSLCertificateKeyFile=/usr/local/ssl/server.pem clientAuth=false sslProtocol=TLS/ documented in http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html Filip M-- --- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. - Original Message - From: Mladen Turk [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, March 29, 2007 7:55 AM Subject: Re: Tomcat HTTPS Help needed Martin Cavanagh wrote: Removing the tcnative-1.dll library worked! But doesn't that have the disadvantage of decreased performance for Tomcat? Yes, APR connector with OpenSSL is 4 times faster then with Java JSSE Is there a way to install OpenSSL without compiling it? Tcnative-1.dll for windows already contains the OpenSSL code compiled in. That's why the tcnative binaries are hosted on the Ireland's site. Regards, Mladen. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.20/737 - Release Date: 3/28/2007 4:23 PM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat HTTPS Help needed
Hi everyone. I'm quite embarrassed - but inspite following the Apache guide, I just can't set up HTTPS via Tomcat! I have Windows 2000 Professional (German). Tomcat 5.5.20. Running Java 1.5. Can anyone here tell me what I'm doing wrong? I tried the keystore in my user directory - but that doesn't seem to work (because Tomcat is running as local system - a different account?). I even tried copy the .keystore file into every directory - but no luck. So I moved the .keystore to C:\.keystore C:\keytool -list -keystore c:\.keystore Geben Sie das Keystore-Passwort ein: Keystore-Typ: JKS Keystore-Provider: SUN Ihr Keystore enthlt 2 Eintrge. consense, 04.05.2006, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 4E:A5:87:1F:61:62:B2:72:48:C2:31:0D:EF:51:42:3C tomcat, 28.03.2007, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 2C:99:4C:D5:6F:94:BE:BE:EA:42:FF:9C:11:F1:A7:67 my keystore has two signatures with the password changeit. In the server.xml I have the following connector. (the default, uncommented, with the keystoreFile/keypass as parameters - keypass is not required). Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\.keystore keypass=changeit / Whenever I try to visit the following website with HTTP/HTTPS I get no response. It takes ages, so I'm sure Tomcat is thinking about doing something, just not doing anything. I've also tried from external computers - still no success. https://localhost:8443/ The logs don't seem to show anything interesting e.g. catalina - 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 28.03.2007 18:14:51 org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 28.03.2007 18:14:51 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1656 ms 28.03.2007 18:14:51 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 28.03.2007 18:14:51 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.20 28.03.2007 18:14:51 org.apache.catalina.core.StandardHost start INFO: XML validation disabled 28.03.2007 18:14:53 org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive soap.war 28.03.2007 18:14:55 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 28.03.2007 18:14:55 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-8443 28.03.2007 18:14:55 org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8009 28.03.2007 18:14:55 org.apache.catalina.storeconfig.StoreLoader load INFO: Find registry server-registry.xml at classpath resource 28.03.2007 18:14:55 org.apache.catalina.startup.Catalina start INFO: Server startup in 3922 ms similary the localhost log looks boring: 28.03.2007 18:14:54 org.apache.catalina.core.ApplicationContext log INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: [org.apache.webapp.balancer.RuleChain: [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string: News / Redirect URL: http://www.cnn.com], [org.apache.webapp.balancer.rules.RequestParameterRule: Target param name: paramName / Target param value: paramValue / Redirect URL: http://www.yahoo.com], [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL: http://jakarta.apache.org]] All other logs are empty. Can anyone tell me what silly mistake I've made? Thanks a lot. Martin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat HTTPS Help needed
Hi, If you connect to http://localhost while https://localhost:8443, what happen? Make sure http://localhost works first. Jimmy Cash America -Original Message- From: Martin Cavanagh [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 28, 2007 4:23 PM To: Tomcat Users List Subject: Tomcat HTTPS Help needed Hi everyone. I'm quite embarrassed - but inspite following the Apache guide, I just can't set up HTTPS via Tomcat! I have Windows 2000 Professional (German). Tomcat 5.5.20. Running Java 1.5. Can anyone here tell me what I'm doing wrong? I tried the keystore in my user directory - but that doesn't seem to work (because Tomcat is running as local system - a different account?). I even tried copy the .keystore file into every directory - but no luck. So I moved the .keystore to C:\.keystore C:\keytool -list -keystore c:\.keystore Geben Sie das Keystore-Passwort ein: Keystore-Typ: JKS Keystore-Provider: SUN Ihr Keystore enthlt 2 Eintrge. consense, 04.05.2006, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 4E:A5:87:1F:61:62:B2:72:48:C2:31:0D:EF:51:42:3C tomcat, 28.03.2007, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 2C:99:4C:D5:6F:94:BE:BE:EA:42:FF:9C:11:F1:A7:67 my keystore has two signatures with the password changeit. In the server.xml I have the following connector. (the default, uncommented, with the keystoreFile/keypass as parameters - keypass is not required). Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\.keystore keypass=changeit / Whenever I try to visit the following website with HTTP/HTTPS I get no response. It takes ages, so I'm sure Tomcat is thinking about doing something, just not doing anything. I've also tried from external computers - still no success. https://localhost:8443/ The logs don't seem to show anything interesting e.g. catalina - 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 28.03.2007 18:14:51 org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 28.03.2007 18:14:51 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1656 ms 28.03.2007 18:14:51 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 28.03.2007 18:14:51 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.20 28.03.2007 18:14:51 org.apache.catalina.core.StandardHost start INFO: XML validation disabled 28.03.2007 18:14:53 org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive soap.war 28.03.2007 18:14:55 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 28.03.2007 18:14:55 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-8443 28.03.2007 18:14:55 org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8009 28.03.2007 18:14:55 org.apache.catalina.storeconfig.StoreLoader load INFO: Find registry server-registry.xml at classpath resource 28.03.2007 18:14:55 org.apache.catalina.startup.Catalina start INFO: Server startup in 3922 ms similary the localhost log looks boring: 28.03.2007 18:14:54 org.apache.catalina.core.ApplicationContext log INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: [org.apache.webapp.balancer.RuleChain: [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string: News / Redirect URL: http://www.cnn.com], [org.apache.webapp.balancer.rules.RequestParameterRule: Target param name: paramName / Target param value: paramValue / Redirect URL: http://www.yahoo.com], [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL: http://jakarta.apache.org]] All other logs are empty. Can anyone tell me what silly mistake I've made? Thanks a lot. Martin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat HTTPS Help needed
http://localhost worked before and still works. I also checked the firewall settings. It definitely isn't a problem here - I even tried setting up a different connector http://localhost:8443 (not https) and this worked - so I'm 100% sure its not a firewall issue. Any other ideas? b.t.w. Thanks Martin Zhan, Jimmy wrote: Hi, If you connect to http://localhost while https://localhost:8443, what happen? Make sure http://localhost works first. Jimmy Cash America -Original Message- From: Martin Cavanagh [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 28, 2007 4:23 PM To: Tomcat Users List Subject: Tomcat HTTPS Help needed Hi everyone. I'm quite embarrassed - but inspite following the Apache guide, I just can't set up HTTPS via Tomcat! I have Windows 2000 Professional (German). Tomcat 5.5.20. Running Java 1.5. Can anyone here tell me what I'm doing wrong? I tried the keystore in my user directory - but that doesn't seem to work (because Tomcat is running as local system - a different account?). I even tried copy the .keystore file into every directory - but no luck. So I moved the .keystore to C:\.keystore C:\keytool -list -keystore c:\.keystore Geben Sie das Keystore-Passwort ein: Keystore-Typ: JKS Keystore-Provider: SUN Ihr Keystore enthlt 2 Eintrge. consense, 04.05.2006, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 4E:A5:87:1F:61:62:B2:72:48:C2:31:0D:EF:51:42:3C tomcat, 28.03.2007, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 2C:99:4C:D5:6F:94:BE:BE:EA:42:FF:9C:11:F1:A7:67 my keystore has two signatures with the password changeit. In the server.xml I have the following connector. (the default, uncommented, with the keystoreFile/keypass as parameters - keypass is not required). Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\.keystore keypass=changeit / Whenever I try to visit the following website with HTTP/HTTPS I get no response. It takes ages, so I'm sure Tomcat is thinking about doing something, just not doing anything. I've also tried from external computers - still no success. https://localhost:8443/ The logs don't seem to show anything interesting e.g. catalina - 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 28.03.2007 18:14:51 org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 28.03.2007 18:14:51 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1656 ms 28.03.2007 18:14:51 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 28.03.2007 18:14:51 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.20 28.03.2007 18:14:51 org.apache.catalina.core.StandardHost start INFO: XML validation disabled 28.03.2007 18:14:53 org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive soap.war 28.03.2007 18:14:55 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 28.03.2007 18:14:55 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-8443 28.03.2007 18:14:55 org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8009 28.03.2007 18:14:55 org.apache.catalina.storeconfig.StoreLoader load INFO: Find registry server-registry.xml at classpath resource 28.03.2007 18:14:55 org.apache.catalina.startup.Catalina start INFO: Server startup in 3922 ms similary the localhost log looks boring: 28.03.2007 18:14:54 org.apache.catalina.core.ApplicationContext log INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: [org.apache.webapp.balancer.RuleChain: [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string: News / Redirect URL: http://www.cnn.com], [org.apache.webapp.balancer.rules.RequestParameterRule: Target param name: paramName / Target param value: paramValue / Redirect URL: http://www.yahoo.com], [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL: http://jakarta.apache.org]] All other logs are empty. Can anyone tell me what silly mistake I've made? Thanks a lot. Martin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: Tomcat HTTPS Help needed
did you enable SSL on Port 8443 in server.xml??? e.g. !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS debug=5/ Martin-- --- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. - Original Message - From: Martin Cavanagh [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, March 28, 2007 6:41 PM Subject: Re: Tomcat HTTPS Help needed http://localhost worked before and still works. I also checked the firewall settings. It definitely isn't a problem here - I even tried setting up a different connector http://localhost:8443 (not https) and this worked - so I'm 100% sure its not a firewall issue. Any other ideas? b.t.w. Thanks Martin Zhan, Jimmy wrote: Hi, If you connect to http://localhost while https://localhost:8443, what happen? Make sure http://localhost works first. Jimmy Cash America -Original Message- From: Martin Cavanagh [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 28, 2007 4:23 PM To: Tomcat Users List Subject: Tomcat HTTPS Help needed Hi everyone. I'm quite embarrassed - but inspite following the Apache guide, I just can't set up HTTPS via Tomcat! I have Windows 2000 Professional (German). Tomcat 5.5.20. Running Java 1.5. Can anyone here tell me what I'm doing wrong? I tried the keystore in my user directory - but that doesn't seem to work (because Tomcat is running as local system - a different account?). I even tried copy the .keystore file into every directory - but no luck. So I moved the .keystore to C:\.keystore C:\keytool -list -keystore c:\.keystore Geben Sie das Keystore-Passwort ein: Keystore-Typ: JKS Keystore-Provider: SUN Ihr Keystore enthlt 2 Eintrge. consense, 04.05.2006, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 4E:A5:87:1F:61:62:B2:72:48:C2:31:0D:EF:51:42:3C tomcat, 28.03.2007, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 2C:99:4C:D5:6F:94:BE:BE:EA:42:FF:9C:11:F1:A7:67 my keystore has two signatures with the password changeit. In the server.xml I have the following connector. (the default, uncommented, with the keystoreFile/keypass as parameters - keypass is not required). Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\.keystore keypass=changeit / Whenever I try to visit the following website with HTTP/HTTPS I get no response. It takes ages, so I'm sure Tomcat is thinking about doing something, just not doing anything. I've also tried from external computers - still no success. https://localhost:8443/ The logs don't seem to show anything interesting e.g. catalina - 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 28.03.2007 18:14:51 org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 28.03.2007 18:14:51 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1656 ms 28.03.2007 18:14:51 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 28.03.2007 18:14:51 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.20 28.03.2007 18:14:51 org.apache.catalina.core.StandardHost start INFO: XML validation disabled 28.03.2007 18:14:53 org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive soap.war 28.03.2007 18:14:55 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 28.03.2007 18:14:55
Re: Tomcat HTTPS Help needed
I sure did - heres a little bit of my server.xml Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\.keystore keypass=changeit / I know the keypass isn't needed - just as soon as it works I want to change it :) Any other ideas? It doesn't seem like it should be that complicated I even tried installing the admin package and installing the connector port via thatno luck that way either. Thanks Martin Martin Gainty wrote: did you enable SSL on Port 8443 in server.xml??? e.g. !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS debug=5/ Martin-- --- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. - Original Message - From: Martin Cavanagh [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, March 28, 2007 6:41 PM Subject: Re: Tomcat HTTPS Help needed http://localhost worked before and still works. I also checked the firewall settings. It definitely isn't a problem here - I even tried setting up a different connector http://localhost:8443 (not https) and this worked - so I'm 100% sure its not a firewall issue. Any other ideas? b.t.w. Thanks Martin Zhan, Jimmy wrote: Hi, If you connect to http://localhost while https://localhost:8443, what happen? Make sure http://localhost works first. Jimmy Cash America -Original Message- From: Martin Cavanagh [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 28, 2007 4:23 PM To: Tomcat Users List Subject: Tomcat HTTPS Help needed Hi everyone. I'm quite embarrassed - but inspite following the Apache guide, I just can't set up HTTPS via Tomcat! I have Windows 2000 Professional (German). Tomcat 5.5.20. Running Java 1.5. Can anyone here tell me what I'm doing wrong? I tried the keystore in my user directory - but that doesn't seem to work (because Tomcat is running as local system - a different account?). I even tried copy the .keystore file into every directory - but no luck. So I moved the .keystore to C:\.keystore C:\keytool -list -keystore c:\.keystore Geben Sie das Keystore-Passwort ein: Keystore-Typ: JKS Keystore-Provider: SUN Ihr Keystore enthlt 2 Eintrge. consense, 04.05.2006, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 4E:A5:87:1F:61:62:B2:72:48:C2:31:0D:EF:51:42:3C tomcat, 28.03.2007, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 2C:99:4C:D5:6F:94:BE:BE:EA:42:FF:9C:11:F1:A7:67 my keystore has two signatures with the password changeit. In the server.xml I have the following connector. (the default, uncommented, with the keystoreFile/keypass as parameters - keypass is not required). Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\.keystore keypass=changeit / Whenever I try to visit the following website with HTTP/HTTPS I get no response. It takes ages, so I'm sure Tomcat is thinking about doing something, just not doing anything. I've also tried from external computers - still no success. https://localhost:8443/ The logs don't seem to show anything interesting e.g. catalina - 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 28.03.2007 18:14:51 org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 28.03.2007 18:14:51
Re: Tomcat HTTPS Help needed
Martin Cavanagh wrote: Hi everyone. I'm quite embarrassed - but inspite following the Apache guide, I just can't set up HTTPS via Tomcat! C:\keytool -list -keystore c:\.keystore Geben Sie das Keystore-Passwort ein: Keystore-Typ: JKS Keystore-Provider: SUN The logs don't seem to show anything interesting It does, like always ;) e.g. catalina - 28.03.2007 18:14:51 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 You are using APR connector with OpenSSL, so Sun keystore is invalid. Either remove tcnative-1.dll from the bin directory or use the OpenSSL (like in Apache2) for SSL See: http://tomcat.apache.org/tomcat-5.5-doc/apr.html Regards, Mladen. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]