Multiple Threads for one webapp
Hi All I have setup virtual hosts for 3 apps with virtual hosts config as follows. These virtual hosts are first handled by Apache and mod_jk. My apps have scheduler and automated mailing services. Host name=vhost.domain.com debug=0 appBase=deploy unpackWARs=true Aliaswww.vhost.domain.com/Alias Logger className=org.apache.catalina.logger.FileLogger directory=${jboss.server.home.dir}/log prefix=vhost_log1. suffix=.log timestamp=true/ Context path= docBase=${jboss.server.home.dir}/deploy/application.war debug=0 reloadable=true/ /Host This config is mailing the same mail 7 time. Further I noticed that there were 7 service started of the same kind. Querying the developer, he said that he had coded the apps to have the mail sent once every week. The mails are sent once every week but as said 7 copies of the same mail is delivered. The request for the app results in page not found if I follow the following config, even thought there is no error in startup. Context path=application docBase=${jboss.server.home.dir}/deploy/application.war debug=0 reloadable=true/ Can you guys have any idea on this and help me troubleshoot ??? Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multiple Threads for one webapp
Hi I have restarted Tomact and made sure no threads run in the background. But still the problem persists. Every time tomcat is restarted, I can see the notification thread start Notification thread started...32237 Regards Thanks Mahesh S Kudva -Original Message- From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Fri, 30 Sep 2005 09:56:09 -0400 Subject: Re: Multiple Threads for one webapp It seems you have a thread started in the background during the life of the application. This thread goes to some external place of storage and to look for emails to send. It seems this thread is not stopped when a context is reloaded. When the app is reloaded - a new thread is started. In this case - the app was restarted 6 times - leaving you 7 threads all looking to the smae external loctation for sending emails. Solution: Use a ServletContextListerner to detect webapp shutdown so the thread may be stopped. -Tim Mahesh S Kudva wrote: Hi All I have setup virtual hosts for 3 apps with virtual hosts config as follows. These virtual hosts are first handled by Apache and mod_jk. My apps have scheduler and automated mailing services. Host name=vhost.domain.com debug=0 appBase=deploy unpackWARs=true Aliaswww.vhost.domain.com/Alias Logger className=org.apache.catalina.logger.FileLogger directory=${jboss.server.home.dir}/log prefix=vhost_log1. suffix=.log timestamp=true/ Context path= docBase=${jboss.server.home.dir}/deploy/application.war debug=0 reloadable=true/ /Host This config is mailing the same mail 7 time. Further I noticed that there were 7 service started of the same kind. Querying the developer, he said that he had coded the apps to have the mail sent once every week. The mails are sent once every week but as said 7 copies of the same mail is delivered. The request for the app results in page not found if I follow the following config, even thought there is no error in startup. Context path=application docBase=${jboss.server.home.dir}/deploy/application.war debug=0 reloadable=true/ Can you guys have any idea on this and help me troubleshoot ??? Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multiple Threads for one webapp
Hi Thanks for the note. I just happened to see something strange. As I have configured 3 Virtual hosts, in the jboss home/server/default/work folder i can see the folders of each virtual host. Within each i can see all the hosted apps including localhost. The folder jboss home/server/default/work contains webapp1.domain.com, webapp2.domain.com and webapp3.domain.com The folder jboss home/server/default/work/webapp1.domain.com contains webapp1, webapp2, webapp3 and jmx-console. The folder jboss home/server/default/work/webapp2.domain.com contains webapp1, webapp2, webapp3 and jmx-console. The folder jboss home/server/default/work/webapp3.domain.com contains webapp1, webapp2, webapp3 and jmx-console. Within each of these there are two files session and cache. Is this causing the issue.??? Is this normal ??? Regards Thanks Mahesh S Kudva -Original Message- From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Fri, 30 Sep 2005 11:55:18 -0400 Subject: Re: Multiple Threads for one webapp This still seems to be a programming issue (possibly a config issue). Without source and config files - I don't see how the mailing list can help resolve this. -Tim Mahesh S Kudva wrote: Hi I have restarted Tomact and made sure no threads run in the background. But still the problem persists. Every time tomcat is restarted, I can see the notification thread start Notification thread started...32237 Regards Thanks Mahesh S Kudva -Original Message- From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Fri, 30 Sep 2005 09:56:09 -0400 Subject: Re: Multiple Threads for one webapp It seems you have a thread started in the background during the life of the application. This thread goes to some external place of storage and to look for emails to send. It seems this thread is not stopped when a context is reloaded. When the app is reloaded - a new thread is started. In this case - the app was restarted 6 times - leaving you 7 threads all looking to the smae external loctation for sending emails. Solution: Use a ServletContextListerner to detect webapp shutdown so the thread may be stopped. -Tim Mahesh S Kudva wrote: Hi All I have setup virtual hosts for 3 apps with virtual hosts config as follows. These virtual hosts are first handled by Apache and mod_jk. My apps have scheduler and automated mailing services. Host name=vhost.domain.com debug=0 appBase=deploy unpackWARs=true Aliaswww.vhost.domain.com/Alias Logger className=org.apache.catalina.logger.FileLogger directory=${jboss.server.home.dir}/log prefix=vhost_log1. suffix=.log timestamp=true/ Context path= docBase=${jboss.server.home.dir}/deploy/application.war debug=0 reloadable=true/ /Host This config is mailing the same mail 7 time. Further I noticed that there were 7 service started of the same kind. Querying the developer, he said that he had coded the apps to have the mail sent once every week. The mails are sent once every week but as said 7 copies of the same mail is delivered. The request for the app results in page not found if I follow the following config, even thought there is no error in startup. Context path=application docBase=${jboss.server.home.dir}/deploy/application.war debug=0 reloadable=true/ Can you guys have any idea on this and help me troubleshoot ??? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Virtual hosts and Threads
Hi All I have setup virtual hosts for 3 apps with virtual hosts config as follows. These virtual hosts are first handled by Apache and mod_jk. My apps have scheduler and automated mailing services. Host name=vhost.domain.com debug=0 appBase=deploy unpackWARs=true Aliaswww.vhost.domain.com/Alias Logger className=org.apache.catalina.logger.FileLogger directory=${jboss.server.home.dir}/log prefix=vhost_log1. suffix=.log timestamp=true/ Context path= docBase=${jboss.server.home.dir}/deploy/application.war debug=0 reloadable=true/ /Host This config is mailing the same mail 7 time. Further I noticed that there were 7 service started of the same kind. Querying the developer, he said that he had coded the apps to have the mail sent once every week. The mails are sent once every week but as said 7 copies of the same mail is delivered. The request for the app results in page not found if I follow the following config, even thought there is no error in startup. Context path=application docBase=${jboss.server.home.dir}/deploy/application.war debug=0 reloadable=true/ Can you guys have any idea on this and help me troubleshoot ??? Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Hosts
This setup has been tested on Apache2+JBoss+mod_jk-1.2.14_for MacOSX. And am sure it will work on other platforms as well. This setup also handles Apache related webapps.. Make the required entries in the DNS webapp.war: Extract the war file using zip and rename the folder with .war extension. Please put it in your deployment folder. mod-jk.so: Obtain the modjk.so library file from www.apache.org and place then in the modules folder. Apache-Virtual Host config -- NameVirtualHost *.*.*.*:80 VirtualHost *.*.*.*:80 ServerName webapp.domainname.com ServerAlias www.webapp.domainname.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /Volumes/Extra/jboss/server/default/deploy/webapp.war JkMount /* loadbalancer DirectoryIndex index.html index.jsp ErrorLog logs/webapp-error_log CustomLog logs/webapp-access_log common /VirtualHost - mod-jk.conf LoadModule jk_module /opt/apache2/modules/mod_jk.so JkWorkersFile /opt/apache2/conf/workers.properties JkLogFile /opt/apache2/logs/mod_jk.log JkLogLevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /webapp.domain.com/*.jsp loadbalancer JkMountFile /opt/apache2/conf/uriworkermap.properties JkShmFile /opt/apache2/logs/jk.shm Location /jkstatus/ JkMount status Allow from 127.0.0.1 Deny from All /Location -- Server.xml - Host name=webapp.domain.com debug=0 appBase=deploy unpackWARs=true Aliaswww.webapp.domain.com/Alias Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=webapp_log1. suffix=.log timestamp=true/ Context path= docBase=${jboss.server.home.dir}/deploy/webapp.war debug=0 reloadable=true/ /Host -- -- uriworkermap.properties /jmx-console=loadbalancer /jmx-console/*=loadbalancer /web-console=loadbalancer /web-console/*=loadbalancer /webapp.domain.com/*.jsp -- -- workers.properties worker.list=loadbalancer,status worker.webapp.port=8009 worker.webapp.host=webapp.domain.com worker.webapp.type=ajp13 worker.webapp.lbfactor=1 worker.webapp.cachesize=10 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=library worker.loadbalancer.sticky_session=1 worker.loadbalancer.local_worker_only=1 worker.list=loadbalancer worker.status.type=status _ Regards Thanks Mahesh S Kudva -Original Message- From: Steve Dodge [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Thu, 15 Sep 2005 15:57:04 -0500 Subject: Re: Virtual Hosts You probably want to change the appBase. You can control the contexts by creating a context snippet in conf/[Engine name]/[Host name] or add it to META-INF/context.xml in each war. Hope that helps, Steve Durfee, Bernard wrote: Okay, so I created two host elements in my server.xml... Host name=app01.myserver.com appBase=webapps autoDeploy=true deployOnStartup=true deployXML=true unpackWARs=true xmlValidation=false xmlNamespaceAware=false / Host name=app02.myserver.com appBase=webapps autoDeploy=true deployOnStartup=true deployXML=true unpackWARs=true xmlValidation=false xmlNamespaceAware=false / ...but how do I tell Tomcat which context to process? There will be no context correct? Do I need a separate appBase directory for each host element? Thanks, Bernie -Original Message- From: Allistair Crossley [mailto:[EMAIL PROTECTED] Sent: Thursday, September 15, 2005 12:10 PM To: Tomcat Users List Subject: RE: Virtual Hosts Simplistically ... Configure Host elements inside your Engine. Create a folder for each application within webapps. Set the Host docBase to each. Check out the online ref. -Original Message- From: Durfee, Bernard [mailto:[EMAIL PROTECTED] Sent: 15 September 2005 17:07 To: tomcat-user@jakarta.apache.org Subject: Virtual Hosts I am having trouble configuring virtual hosts in Tomcat 5.5.9. I have two applications app01 and app02. I have 2 DNS entries app01.myserver.com and app02.myserver.com that both point to the machine on which Tomcat is running. How do I configure Tomcat to serve from app01.war when app01.myserver.com is hit and app02.war when app02.myserver.com is hit. Thanks, Bernie
Re: Tomcat SSL and Virtual Domains
I had a similar issue. I too had a doubt in servr.xml. Search the archives for the topic Virtual Hosting with WAR files. I've posted in detail what the configurations that helped me with virtual hosting. Hope it helps you too Regards Thanks Mahesh S Kudva -Original Message- From: Dawn Blaine [EMAIL PROTECTED] To: Dawn Blaine [EMAIL PROTECTED] Cc: tomcat-user@jakarta.apache.org Date: Sat, 03 Sep 2005 11:45:12 -0500 Subject: Tomcat SSL and Virtual Domains We are running tomcat 4 standalone. I have things running fine with one host but now we need to add two more virtual hosts. I am pretty sure the problem is with my server.xml file but I haven't been able to figure it out. I have read through the docs and looked through the postings and I'm still stuck. Can someone help me out here? Please? Here's the file: Server is running and the sterling domain is fine. Just the others that have problems. Thank you in advance D Blaine Server port=8005 shutdown=SHUTDOWN debug=0 Service name=Tomcat-Standalone Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=false redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=false acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=/home/svhrs-1/keystore.kdb clientAuth=false protocol=TLS/ /Connector !-- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=false acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=/home/kinres/ssl2/keystore1.kdb keystorePass=kinseth clientAuth=false protocol=TLS/ /Connector -- Engine name=Standalone defaultHost=sterling-vizcaya-hotel-reservations-sacramento.com debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Host appBase=/home/svhrs-1/sterling-vizcaya-hotel-reservations-sacramento-w ww/webapps unpackWARs=true autoDeploy=true debug=0 name=sterling-vizcaya-hotel-reservations-sacramento.com Valve className=org.apache.catalina.valves.AccessLogValve pattern=common prefix=access-log directory=/home/svhrs-1/sterling-vizcaya-hotel-reservations-sacramento -logs / Context path=/home/svhrs-1/sterling-vizcaya-hotel-reservations-sacramento-www/ webapps/hotel docBase=hotel privileged=true debug=0 Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=true maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager Environment name=maxExemptions type=java.lang.Integer value=15/ /Context /Host Host appBase=/home/kinres/esavvy-reservations-www/webapps unpackWARs=true autoDeploy=true debug=0 name=esavvy-reservations.com Valve className=org.apache.catalina.valves.AccessLogValve pattern=common prefix=access-log directory=/home/kinres/esavvy-reservations-logs / Context path=/home/kinres/esavvy-reservations-www/webapps/esavvyres docBase=esavvyres privileged=true debug=0 Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=true maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager Environment name=maxExemptions type=java.lang.Integer value=15/ /Context /Host Host appBase=/home/esavvy/esavvysystems-www/webapps unpackWARs=true autoDeploy=true debug=0 name=esavvysystems.com Valve className=org.apache.catalina.valves.AccessLogValve pattern=common prefix=access-log
Re: Manager webapp and virtual hosts
This setup has been tested on Apache2+JBoss+mod_jk-1.2.14_for MacOSX. And am sure it will work on other platforms as well. This setup also handles Apache related webapps.. Make the required entries in the DNS webapp.war: Extract the war file using zip and rename the folder with .war extension. Please put it in your deployment folder. mod-jk.so: Obtain the modjk.so library file from www.apache.org and place then in the modules folder. Apache-Virtual Host config -- NameVirtualHost *.*.*.*:80 VirtualHost *.*.*.*:80 ServerName webapp.robosoft.co.in ServerAlias www.webapp.robosoft.co.in ServerAdmin [EMAIL PROTECTED] DocumentRoot /Volumes/Extra/jboss/server/default/deploy/webapp.war JkMount /* loadbalancer DirectoryIndex index.html index.jsp ErrorLog logs/webapp-error_log CustomLog logs/webapp-access_log common /VirtualHost - mod-jk.conf LoadModule jk_module /opt/apache2/modules/mod_jk.so JkWorkersFile /opt/apache2/conf/workers.properties JkLogFile /opt/apache2/logs/mod_jk.log JkLogLevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /webapp.domain.com/*.jsp loadbalancer JkMountFile /opt/apache2/conf/uriworkermap.properties JkShmFile /opt/apache2/logs/jk.shm Location /jkstatus/ JkMount status Allow from all /Location -- Server.xml - Host name=webapp.domain.com debug=0 appBase=deploy unpackWARs=true Aliaswww.webapp.domain.com/Alias Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=webapp_log1. suffix=.log timestamp=true/ Context path= docBase=${jboss.server.home.dir}/deploy/webapp.war debug=0 reloadable=true/ /Host -- -- uriworkermap.properties /jmx-console=loadbalancer /jmx-console/*=loadbalancer /web-console=loadbalancer /web-console/*=loadbalancer /webapp.domain.com/*.jsp -- -- workers.properties worker.list=loadbalancer,status worker.webapp.port=8009 worker.webapp.host=webapp.domain.com worker.webapp.type=ajp13 worker.webapp.lbfactor=1 worker.webapp.cachesize=10 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=library worker.loadbalancer.sticky_session=1 worker.loadbalancer.local_worker_only=1 worker.list=loadbalancer worker.status.type=status Regards Thanks Mahesh S Kudva -Original Message- From: David Delbecq [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Thu, 25 Aug 2005 14:01:46 +0200 Subject: Re: Manager webapp and virtual hosts Le Jeudi 25 Août 2005 13:55, Mikolaj Rydzewski a écrit : Hello, My configuration is very simple: tomcat listens on localhost with various apps in their contexts. Now I'd like to setup a virtual host for another one. Will it be possible to deploy/reload such application using manager webapp running on localhost? In other words: do I have to install separate manager webapp for each virtual host? For 1st part, did it here (2 sets of webapp depending on hostname used), must have the manager webapp deployed in each host (actually a soft link on unix having webapps-for-somespecial-hostname/manager points to webapps/manager is enough) And the second question is: is it possible to connect apache with virtual host + mod_jk + tomcat with webapp in it's context? I.e.: my1.domain.com (apache + mod_jk) === tomcat.domain.com/webapp1 my2.domain.com (apache + mod_jk) === tomcat.domain.com/webapp2 ? -- David Delbecq Royal Meteorological Institute of Belgium - Is there life after /sbin/halt -p? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Virtual Hosting with WAR files
Thanks to all. This setup has been tested on Apache2+JBoss+mod_jk-1.2.14_for MacOSX. And am sure it will work on other platforms as well. This setup also handles Apache related webapps.. Make the required entries in the DNS webapp.war: Extract the war file using zip and rename the folder with .war extension. Please put it in your deployment folder. mod-jk.so: Obtain the modjk.so library file from www.apache.org and place then in the modules folder. Apache-Virtual Host config -- NameVirtualHost *.*.*.*:80 VirtualHost *.*.*.*:80 ServerName webapp.robosoft.co.in ServerAlias www.webapp.robosoft.co.in ServerAdmin [EMAIL PROTECTED] DocumentRoot /Volumes/Extra/jboss/server/default/deploy/webapp.war JkMount /* loadbalancer DirectoryIndex index.html index.jsp ErrorLog logs/webapp-error_log CustomLog logs/webapp-access_log common /VirtualHost - mod-jk.conf LoadModule jk_module /opt/apache2/modules/mod_jk.so JkWorkersFile /opt/apache2/conf/workers.properties JkLogFile /opt/apache2/logs/mod_jk.log JkLogLevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /webapp.domain.com/*.jsp loadbalancer JkMountFile /opt/apache2/conf/uriworkermap.properties JkShmFile /opt/apache2/logs/jk.shm Location /jkstatus/ JkMount status Allow from all /Location -- Server.xml - Host name=webapp.domain.com debug=0 appBase=deploy unpackWARs=true Aliaswww.webapp.domain.com/Alias Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=webapp_log1. suffix=.log timestamp=true/ Context path= docBase=${jboss.server.home.dir}/deploy/webapp.war debug=0 reloadable=true/ /Host -- -- uriworkermap.properties /jmx-console=loadbalancer /jmx-console/*=loadbalancer /web-console=loadbalancer /web-console/*=loadbalancer /webapp.domain.com/*.jsp -- -- workers.properties worker.list=loadbalancer,status worker.webapp.port=8009 worker.webapp.host=webapp.domain.com worker.webapp.type=ajp13 worker.webapp.lbfactor=1 worker.webapp.cachesize=10 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=library worker.loadbalancer.sticky_session=1 worker.loadbalancer.local_worker_only=1 worker.list=loadbalancer worker.status.type=status Regards Thanks Mahesh S Kudva Network Analyst Robosoft Technologies --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Virtual Hosting with WAR files
Hi I have setup Tomcat+Apache2+mod_jk. I have 3 application in war files namely flie1.war, file2.war and file3.war. To deploy, I just put them in the deploy folder and access then using the urls: http://foo.com/file1 http://foo.com/file2 http://foo.com/file3 This works perfectly for me. I want to change this to simple urls as follows: http://file1.foo.com http://file2.foo.com http://file3.foo.com I have also read the notes on Virtual hosting: http://jakarta.apache.org/tomcat/connectors-doc- archive/jk2/jk2/vhosthowto.html Even though I am not able to configure Tomcat to connect to the war files as requested. How do I configure tomcat to connect to the correct war file as requested? Any help will be appreciated. Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Certificate Authentication for individual apps
Dear All My developer give me a .war file which I place it as jboss/server/default/deploy/test.war Thus I have around 5 .war placed in the server. All the apps are presently accessed using https://myorg.com:8080/test1/, https://myorg.com:8080/test2/ ... and so on. Next I want to implement client auth for certain apps. How do i go about it.?? Regards Thanks Mahesh S Kudva -Original Message- From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Date: Fri, 1 Jul 2005 21:56:37 -0700 Subject: Re: Certificate Authentication for individual apps Mahesh S Kudva [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All Thanks for the note. May be I was not clear in my earlier mail. I have client authentication using certificates. I want to skip client auth for certain hosted applications on the server but preserve client auth for other apps. On the Connector leave the 'clientAuth' attribute as 'false' (or use 'want', if you really want to be annoying :). Then in the webapps that care setup your web.xml files with something like: login-config auth-methodCLIENT-CERT/auth-method /login-config In this case, any page protected by a security-constraint will force the user to send a client-cert. Unfortunately, most of the production-quality Realms that ship with Tomcat don't support CLIENT-CERT auth. For 4.1.x = tcversion = 5.0.x, there is also a request attribute that you can use to do the same thing. If you need it, search the archives. Regards Thanks Mahesh S Kudva -Original Message- From: Paul Singleton [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Fri, 01 Jul 2005 15:32:12 +0100 Subject: Re: Certificate Authentication for individual apps Mahesh S Kudva wrote: How can I have different certificate authentication for different applications and skip certificate authentication for some applications hosted on the same server. I believe that, at least under SSL, certificates authenticate *servers* not applications, and that the Connector offers a certificate before it checks, or regardless of, the context path within that server. So you need to deploy each app at a different (virtual) host, each with a different IP address. We do this currently with 5.5.9. You can use the default keystore for all hosts, and use the (undocumented) keyAlias=myalias Connector attribute to offer the appropriate certificate for each host, e.g. Connector address=288.104.197.211 port=8443 scheme=https secure=true sslProtocol=TLS keyAlias=mrk2 / (in 5.5.9 you also need sslProtocol=TLS explicitly) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: 30/Jun/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Certificate Authentication for individual apps
Hi All How can I have different certificate authentication for different applications and skip certificate authentication for some applications hosted on the same server. Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Certificate Authentication for individual apps
Hi All Thanks for the note. May be I was not clear in my earlier mail. I have client authentication using certificates. I want to skip client auth for certain hosted applications on the server but preserve client auth for other apps. Regards Thanks Mahesh S Kudva -Original Message- From: Paul Singleton [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Fri, 01 Jul 2005 15:32:12 +0100 Subject: Re: Certificate Authentication for individual apps Mahesh S Kudva wrote: How can I have different certificate authentication for different applications and skip certificate authentication for some applications hosted on the same server. I believe that, at least under SSL, certificates authenticate *servers* not applications, and that the Connector offers a certificate before it checks, or regardless of, the context path within that server. So you need to deploy each app at a different (virtual) host, each with a different IP address. We do this currently with 5.5.9. You can use the default keystore for all hosts, and use the (undocumented) keyAlias=myalias Connector attribute to offer the appropriate certificate for each host, e.g. Connector address=288.104.197.211 port=8443 scheme=https secure=true sslProtocol=TLS keyAlias=mrk2 / (in 5.5.9 you also need sslProtocol=TLS explicitly) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: 30/Jun/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Certificate Revocation
Hi All Once if the certificates are revoked, how do I make Tomcat to know which certificates are revoked. Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Client Authentication
Hi all I sorted it out. Thanks for you help. These are the steps I followed. Hope it helps someone. 1) perl CA.pl -newca(create a new CA) 2) perl CA.pl -newreq (new client request) 3) perl CA.pl -sign (sign the certificare request) 4) openssl rsa newreq.pem client_key.pem (extract the RSA key) 5) mv newreq.pem client_req.pem(renaming for your identification) 6) mv newcert.pem client_cert.pem (renaming for your identification) 7) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12(generate a pkcs12 certificate) 8) keytool -genkey -alias tomcat -keyalg RSA (generate your keystore) 9) keytool -certreq -keyalg RSA -alias tomcat -file tomcat.csr (generate a request for tomcat) 10) openssl x509 -req -CA democa/cacert.pem -CAkey democa/private/cakey.pem -extensions v3_ca -in tomcat.csr -inform DER - out tomcat.x509 -CAcreateserial (signs the tomcat certificate request with your CA) 11) keytool -import -alias MyRootCA -keystore JAVA_HOME/jre/lib/security/cacerts -file democa/cacert.pem (import CA selfsigned into the truststore) 12) keytool -import -alias tomcat -file tomcat.x509 Import both the democa/cacert.pem and client.p12 to the clients machine. In your server.xml file enable client authentication by changing clientauth=true and that's it. Regards Thanks Mahesh S Kudva -Original Message- From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Fri, 13 May 2005 22:26:59 +0530 Subject: Re: Client Authentication Hi All Ho do i go about with clien Authentication Regards Thanks Mahesh S Kudva -Original Message- From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 10 May 2005 20:51:08 +0530 Subject: Re: Client Authentication Hi All Nothing seems to work out for me whith client auth. Here is what 've done CA and Certificates 1) perl CA.pl -newca 2) perl CA.pl -newreq 3) perl CA.pl -sign 4) openssl rsa newreq.pem server_key.pem 5) mv newcert.pem server_cert.pem 6) mv newreq.pem server_req.pem 7) perl CA.pl -newreq 8) perl CA.pl -sign 9) mv newreq.pem client_req.pem 10) mv newcert.pem client_cert.pem 11) openssl rsa client_req.pem client_key.pem 12) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12 13) openssl x509 -in server_cert.pem -out server.x509 14) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out server.p12 15) keytool -genkey -alias tomcat -storepass changeit 16) keytool -import -alias TomcatCA -file demoCA/cacert.pem I then import the CA's self signed certificate to the clients machine along with the p12 certficicate My Tomcat-users.xml file tomcat-users role rolename=tomcat/ role rolename=role1/ role rolename=manager/ role rolename=certs/ role rolename=admin/ user username=mahesh password=mahesh roles=admin,manager/ user username=CN=Mahesh, OU=SAD, O=Robosoft, L=UDP, ST=Kar, C=IN password= roles=tomcat,certs/ user username=tomcat password=tomcat roles=tomcat/ user username=role1 password=tomcat roles=role1/ user username=both password=tomcat roles=tomcat,role1/ /tomcat-users Where am i going wrong? Even if the certificates are in the client's mcahine the certificates identity windows alowys pop's up Regards Thanks Mahesh S Kudva -Original Message- From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 03 May 2005 23:00:57 +0100 Subject: Re: Client Authentication The CN for your server cert can be anything you like but you will get a warning in your browser if the CN differs from how you express it in the URL. The user needs to look something like this user username=CN=Mark Thomas, OU=Jakarta, O=Apache, L=London, C=GB password=null roles=tomcat,certs/ in tomcat-users. It must be the full DN of the user certificate. HTH, Mark Mahesh S Kudva wrote: Hi It seems like a silly question. But I am new to SSL and Certificates as well as Tomcat. If my machines IP is 192.168.0.1 then I access tomcat as https://192.168.0.1:8443. Keeping this mind should I give the Common Name as 192.168.0.1 ??? How do I specify the client info in the tomcat-users.xml? user name=mahesh password=kudva role=admin This is how my tomcat-users.xml file looks like. Regards Thanks Mahesh S Kudva -Original Message- From: lercoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 3 May 2005 14:33:46 +0200 Subject: Re: Client Authentication CA and Tomcat common name should be the same (localhost or better your DNS). First and Last Name of client sould the name
Re: Client Authentication
Hi All Ho do i go about with clien Authentication Regards Thanks Mahesh S Kudva -Original Message- From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 10 May 2005 20:51:08 +0530 Subject: Re: Client Authentication Hi All Nothing seems to work out for me whith client auth. Here is what 've done CA and Certificates 1) perl CA.pl -newca 2) perl CA.pl -newreq 3) perl CA.pl -sign 4) openssl rsa newreq.pem server_key.pem 5) mv newcert.pem server_cert.pem 6) mv newreq.pem server_req.pem 7) perl CA.pl -newreq 8) perl CA.pl -sign 9) mv newreq.pem client_req.pem 10) mv newcert.pem client_cert.pem 11) openssl rsa client_req.pem client_key.pem 12) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12 13) openssl x509 -in server_cert.pem -out server.x509 14) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out server.p12 15) keytool -genkey -alias tomcat -storepass changeit 16) keytool -import -alias TomcatCA -file demoCA/cacert.pem I then import the CA's self signed certificate to the clients machine along with the p12 certficicate My Tomcat-users.xml file tomcat-users role rolename=tomcat/ role rolename=role1/ role rolename=manager/ role rolename=certs/ role rolename=admin/ user username=mahesh password=mahesh roles=admin,manager/ user username=CN=Mahesh, OU=SAD, O=Robosoft, L=UDP, ST=Kar, C=IN password= roles=tomcat,certs/ user username=tomcat password=tomcat roles=tomcat/ user username=role1 password=tomcat roles=role1/ user username=both password=tomcat roles=tomcat,role1/ /tomcat-users Where am i going wrong? Even if the certificates are in the client's mcahine the certificates identity windows alowys pop's up Regards Thanks Mahesh S Kudva -Original Message- From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 03 May 2005 23:00:57 +0100 Subject: Re: Client Authentication The CN for your server cert can be anything you like but you will get a warning in your browser if the CN differs from how you express it in the URL. The user needs to look something like this user username=CN=Mark Thomas, OU=Jakarta, O=Apache, L=London, C=GB password=null roles=tomcat,certs/ in tomcat-users. It must be the full DN of the user certificate. HTH, Mark Mahesh S Kudva wrote: Hi It seems like a silly question. But I am new to SSL and Certificates as well as Tomcat. If my machines IP is 192.168.0.1 then I access tomcat as https://192.168.0.1:8443. Keeping this mind should I give the Common Name as 192.168.0.1 ??? How do I specify the client info in the tomcat-users.xml? user name=mahesh password=kudva role=admin This is how my tomcat-users.xml file looks like. Regards Thanks Mahesh S Kudva -Original Message- From: lercoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 3 May 2005 14:33:46 +0200 Subject: Re: Client Authentication CA and Tomcat common name should be the same (localhost or better your DNS). First and Last Name of client sould the name of a Tomcat user declared in tomcat-users.xml. Luca Ercoli - Original Message - From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, May 03, 2005 1:41 PM Subject: Re: Client Authentication Hi What kind of information do i need to put in the fields of First and Last name and Common name. Will any information do or is it required that I need to put in the server address in the client.p12 certificate.. Regards Thanks Mahesh S Kudva -Original Message- From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Mon, 02 May 2005 23:04:50 +0530 Subject: Re: Client Authentication Hi I tried with client.p12 first, when i failed I went on with client_cert.x509. I placed it in the personal folder ... Regards Thanks Mahesh S Kudva -Original Message- From: lercoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Mon, 2 May 2005 17:31:54 +0200 Subject: Re: Client Authentication You should import only client.p12 certificate in IE browser and when IE asks you in which folder you want to put it select Personal Folder. I hope it helps you. Luca Ercoli - Original Message - From: Mahesh S Kudva [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Monday, May 02, 2005 5:08 PM Subject: Client Authentication Dear All I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want to use client authentication. Hence i've enabled clientAuth=true in server.xml Running on Mac
Re: Client Authentication
Hi All Nothing seems to work out for me whith client auth. Here is what 've done CA and Certificates 1) perl CA.pl -newca 2) perl CA.pl -newreq 3) perl CA.pl -sign 4) openssl rsa newreq.pem server_key.pem 5) mv newcert.pem server_cert.pem 6) mv newreq.pem server_req.pem 7) perl CA.pl -newreq 8) perl CA.pl -sign 9) mv newreq.pem client_req.pem 10) mv newcert.pem client_cert.pem 11) openssl rsa client_req.pem client_key.pem 12) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12 13) openssl x509 -in server_cert.pem -out server.x509 14) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out server.p12 15) keytool -genkey -alias tomcat -storepass changeit 16) keytool -import -alias TomcatCA -file demoCA/cacert.pem I then import the CA's self signed certificate to the clients machine along with the p12 certficicate My Tomcat-users.xml file tomcat-users role rolename=tomcat/ role rolename=role1/ role rolename=manager/ role rolename=certs/ role rolename=admin/ user username=mahesh password=mahesh roles=admin,manager/ user username=CN=Mahesh, OU=SAD, O=Robosoft, L=UDP, ST=Kar, C=IN password= roles=tomcat,certs/ user username=tomcat password=tomcat roles=tomcat/ user username=role1 password=tomcat roles=role1/ user username=both password=tomcat roles=tomcat,role1/ /tomcat-users Where am i going wrong? Even if the certificates are in the client's mcahine the certificates identity windows alowys pop's up Regards Thanks Mahesh S Kudva -Original Message- From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 03 May 2005 23:00:57 +0100 Subject: Re: Client Authentication The CN for your server cert can be anything you like but you will get a warning in your browser if the CN differs from how you express it in the URL. The user needs to look something like this user username=CN=Mark Thomas, OU=Jakarta, O=Apache, L=London, C=GB password=null roles=tomcat,certs/ in tomcat-users. It must be the full DN of the user certificate. HTH, Mark Mahesh S Kudva wrote: Hi It seems like a silly question. But I am new to SSL and Certificates as well as Tomcat. If my machines IP is 192.168.0.1 then I access tomcat as https://192.168.0.1:8443. Keeping this mind should I give the Common Name as 192.168.0.1 ??? How do I specify the client info in the tomcat-users.xml? user name=mahesh password=kudva role=admin This is how my tomcat-users.xml file looks like. Regards Thanks Mahesh S Kudva -Original Message- From: lercoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 3 May 2005 14:33:46 +0200 Subject: Re: Client Authentication CA and Tomcat common name should be the same (localhost or better your DNS). First and Last Name of client sould the name of a Tomcat user declared in tomcat-users.xml. Luca Ercoli - Original Message - From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, May 03, 2005 1:41 PM Subject: Re: Client Authentication Hi What kind of information do i need to put in the fields of First and Last name and Common name. Will any information do or is it required that I need to put in the server address in the client.p12 certificate.. Regards Thanks Mahesh S Kudva -Original Message- From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Mon, 02 May 2005 23:04:50 +0530 Subject: Re: Client Authentication Hi I tried with client.p12 first, when i failed I went on with client_cert.x509. I placed it in the personal folder ... Regards Thanks Mahesh S Kudva -Original Message- From: lercoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Mon, 2 May 2005 17:31:54 +0200 Subject: Re: Client Authentication You should import only client.p12 certificate in IE browser and when IE asks you in which folder you want to put it select Personal Folder. I hope it helps you. Luca Ercoli - Original Message - From: Mahesh S Kudva [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Monday, May 02, 2005 5:08 PM Subject: Client Authentication Dear All I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want to use client authentication. Hence i've enabled clientAuth=true in server.xml Running on Mac OS X these were the commands to create a CA and sign a certificate using this CA. Creating a new CA: 1) perl CA.pl -newca Certificate request using openssl: 1) perl CA.pl -newreq 2) perl CA.pl -sign 3) mv newreq.pem client_req.pem 4) mv newcert.pem client_cert.pem 5
Re: Client Authentication
Hi What kind of information do i need to put in the fields of First and Last name and Common name. Will any information do or is it required that I need to put in the server address in the client.p12 certificate.. Regards Thanks Mahesh S Kudva -Original Message- From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Mon, 02 May 2005 23:04:50 +0530 Subject: Re: Client Authentication Hi I tried with client.p12 first, when i failed I went on with client_cert.x509. I placed it in the personal folder ... Regards Thanks Mahesh S Kudva -Original Message- From: lercoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Mon, 2 May 2005 17:31:54 +0200 Subject: Re: Client Authentication You should import only client.p12 certificate in IE browser and when IE asks you in which folder you want to put it select Personal Folder. I hope it helps you. Luca Ercoli - Original Message - From: Mahesh S Kudva [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Monday, May 02, 2005 5:08 PM Subject: Client Authentication Dear All I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want to use client authentication. Hence i've enabled clientAuth=true in server.xml Running on Mac OS X these were the commands to create a CA and sign a certificate using this CA. Creating a new CA: 1) perl CA.pl -newca Certificate request using openssl: 1) perl CA.pl -newreq 2) perl CA.pl -sign 3) mv newreq.pem client_req.pem 4) mv newcert.pem client_cert.pem 5) openssl rsa client_req.pem client_key.pem 6) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12 For Tomcat using Java keytool to request certificate: 1) openssl x509 -in server_cert.pem -out server.x509 2) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out server.p12 3) keytool -genkey -alias meAsClient -storepass changeit 4) keytool -certreq -alias measclient -file client.csr -storepass changeit 5) openssl x509 -req -CA demoCA/cacert.pem -CAkey demoCA/private/cakey.pem -extensions v3_ca -in client.csr -inform DER -out client_cert.x509 -CAcreateserial 6) keytool -import -alias butterflyCA -keystore /Syst.. ..urity/cacerts -file ../CA/demoCA/cacert.pem 7) keytool -import -alias measclient -keystore clientstore -trustcacerts -file client_cert.x509 Following these commands I dont get any errors. I then import the cacert.pem, the ROOT CA certificate and the client.p12 and client_cert.x509 to the browser I.E 6.0. But still there is a popup requesting for the clients identity and it asks me to select a certificate and no certificates are displayed. How can I go about this? All suggestion and ideas are welcome. Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Client Authentication
Hi It seems like a silly question. But I am new to SSL and Certificates as well as Tomcat. If my machines IP is 192.168.0.1 then I access tomcat as https://192.168.0.1:8443. Keeping this mind should I give the Common Name as 192.168.0.1 ??? How do I specify the client info in the tomcat-users.xml? user name=mahesh password=kudva role=admin This is how my tomcat-users.xml file looks like. Regards Thanks Mahesh S Kudva -Original Message- From: lercoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 3 May 2005 14:33:46 +0200 Subject: Re: Client Authentication CA and Tomcat common name should be the same (localhost or better your DNS). First and Last Name of client sould the name of a Tomcat user declared in tomcat-users.xml. Luca Ercoli - Original Message - From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, May 03, 2005 1:41 PM Subject: Re: Client Authentication Hi What kind of information do i need to put in the fields of First and Last name and Common name. Will any information do or is it required that I need to put in the server address in the client.p12 certificate.. Regards Thanks Mahesh S Kudva -Original Message- From: Mahesh S Kudva [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Mon, 02 May 2005 23:04:50 +0530 Subject: Re: Client Authentication Hi I tried with client.p12 first, when i failed I went on with client_cert.x509. I placed it in the personal folder ... Regards Thanks Mahesh S Kudva -Original Message- From: lercoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Mon, 2 May 2005 17:31:54 +0200 Subject: Re: Client Authentication You should import only client.p12 certificate in IE browser and when IE asks you in which folder you want to put it select Personal Folder. I hope it helps you. Luca Ercoli - Original Message - From: Mahesh S Kudva [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Monday, May 02, 2005 5:08 PM Subject: Client Authentication Dear All I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want to use client authentication. Hence i've enabled clientAuth=true in server.xml Running on Mac OS X these were the commands to create a CA and sign a certificate using this CA. Creating a new CA: 1) perl CA.pl -newca Certificate request using openssl: 1) perl CA.pl -newreq 2) perl CA.pl -sign 3) mv newreq.pem client_req.pem 4) mv newcert.pem client_cert.pem 5) openssl rsa client_req.pem client_key.pem 6) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12 For Tomcat using Java keytool to request certificate: 1) openssl x509 -in server_cert.pem -out server.x509 2) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out server.p12 3) keytool -genkey -alias meAsClient -storepass changeit 4) keytool -certreq -alias measclient -file client.csr -storepass changeit 5) openssl x509 -req -CA demoCA/cacert.pem -CAkey demoCA/private/cakey.pem -extensions v3_ca -in client.csr -inform DER -out client_cert.x509 -CAcreateserial 6) keytool -import -alias butterflyCA -keystore /Syst.. ..urity/cacerts -file ../CA/demoCA/cacert.pem 7) keytool -import -alias measclient -keystore clientstore -trustcacerts -file client_cert.x509 Following these commands I dont get any errors. I then import the cacert.pem, the ROOT CA certificate and the client.p12 and client_cert.x509 to the browser I.E 6.0. But still there is a popup requesting for the clients identity and it asks me to select a certificate and no certificates are displayed. How can I go about this? All suggestion and ideas are welcome. Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development
Client Authentication
Dear All I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want to use client authentication. Hence i've enabled clientAuth=true in server.xml Running on Mac OS X these were the commands to create a CA and sign a certificate using this CA. Creating a new CA: 1) perl CA.pl -newca Certificate request using openssl: 1) perl CA.pl -newreq 2) perl CA.pl -sign 3) mv newreq.pem client_req.pem 4) mv newcert.pem client_cert.pem 5) openssl rsa client_req.pem client_key.pem 6) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12 For Tomcat using Java keytool to request certificate: 1) openssl x509 -in server_cert.pem -out server.x509 2) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out server.p12 3) keytool -genkey -alias meAsClient -storepass changeit 4) keytool -certreq -alias measclient -file client.csr -storepass changeit 5) openssl x509 -req -CA demoCA/cacert.pem -CAkey demoCA/private/cakey.pem -extensions v3_ca -in client.csr -inform DER -out client_cert.x509 -CAcreateserial 6) keytool -import -alias butterflyCA -keystore /Syst.. ..urity/cacerts -file ../CA/demoCA/cacert.pem 7) keytool -import -alias measclient -keystore clientstore -trustcacerts -file client_cert.x509 Following these commands I dont get any errors. I then import the cacert.pem, the ROOT CA certificate and the client.p12 and client_cert.x509 to the browser I.E 6.0. But still there is a popup requesting for the clients identity and it asks me to select a certificate and no certificates are displayed. How can I go about this? All suggestion and ideas are welcome. Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Client Authentication
Hi I tried with client.p12 first, when i failed I went on with client_cert.x509. I placed it in the personal folder ... Regards Thanks Mahesh S Kudva -Original Message- From: lercoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Mon, 2 May 2005 17:31:54 +0200 Subject: Re: Client Authentication You should import only client.p12 certificate in IE browser and when IE asks you in which folder you want to put it select Personal Folder. I hope it helps you. Luca Ercoli - Original Message - From: Mahesh S Kudva [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Monday, May 02, 2005 5:08 PM Subject: Client Authentication Dear All I've been able to setup Tomcat 5.0.30 successfully on port 8443. I want to use client authentication. Hence i've enabled clientAuth=true in server.xml Running on Mac OS X these were the commands to create a CA and sign a certificate using this CA. Creating a new CA: 1) perl CA.pl -newca Certificate request using openssl: 1) perl CA.pl -newreq 2) perl CA.pl -sign 3) mv newreq.pem client_req.pem 4) mv newcert.pem client_cert.pem 5) openssl rsa client_req.pem client_key.pem 6) openssl pkcs12 -export -in client_cert.pem -inkey client_key.pem -out client.p12 For Tomcat using Java keytool to request certificate: 1) openssl x509 -in server_cert.pem -out server.x509 2) openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out server.p12 3) keytool -genkey -alias meAsClient -storepass changeit 4) keytool -certreq -alias measclient -file client.csr -storepass changeit 5) openssl x509 -req -CA demoCA/cacert.pem -CAkey demoCA/private/cakey.pem -extensions v3_ca -in client.csr -inform DER -out client_cert.x509 -CAcreateserial 6) keytool -import -alias butterflyCA -keystore /Syst.. ..urity/cacerts -file ../CA/demoCA/cacert.pem 7) keytool -import -alias measclient -keystore clientstore -trustcacerts -file client_cert.x509 Following these commands I dont get any errors. I then import the cacert.pem, the ROOT CA certificate and the client.p12 and client_cert.x509 to the browser I.E 6.0. But still there is a popup requesting for the clients identity and it asks me to select a certificate and no certificates are displayed. How can I go about this? All suggestion and ideas are welcome. Regards Thanks Mahesh S Kudva --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]