SSL with Tomcat 3.2.1
Hi , I've been using jsse 1.0.2 with jdk1.3. i use Tomcat 3.2.1 as webserver. when i stalled jdk1.4, Tomcat is not running when i enable it for SSL. why is this so? Which version of jsse.jar does Tomcat 3.2.x support? could anyone get rid off my prob. Thanq --Rams winmail.dat Description: application/ms-tnef -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
vurtual hosting
Hi, Does Tomcat support Virtual Hosting? lf yes, how? could anyone please give the config. snippet? Thanq Rams winmail.dat Description: application/ms-tnef -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
SSL problem
Hi, l've a problem regarding SSL. l'm using Tomcat 3.2 server. Different clients'll be contacting this server thinking as if they are contacting their respective merchant sites, wherein all sites' server certs are stored in the same Tomcat server in different keystores l mean, each merchant has his own server cert..but all merchants are configured at one webserver. How can l do my Tomcat webserver work on behalf of many merchant sites ? So How can l configure my Tomcat dynamically in changing its Keystore according to the request obtained? Shall l go for Apache? which SSL package can l adapt with apache? l'm grateful if anyone has a solution.. Thanq Rams winmail.dat Description: application/ms-tnef -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
openSSL
Hi, What is the difference betn OpenSSL and mod_ssl? When l need my Apache server to be ssl enabled, which of the above should l install along with Apache? And what is Apache-ssl? Shall l go for this instead of the above two? Please Help Thanq Rams winmail.dat Description: application/ms-tnef -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
RE: SSL Standalone Tomcat 4.0 Windows NT - Thawte
Mr.Madhav, Just u do like this. did u ever open the cert? lt shows like a window with some details. right? lt has three tabs on the top a) General b) Details c) Certification Path. u go for Details. There u can see Copy to File button to the bottom. Now u change the cert to .der encoded cert and try to import with keytool. regards Rams -Original Message- From: Madhav Tadikonda [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 05, 2001 2:31 AM To: [EMAIL PROTECTED] Subject: SSL Standalone Tomcat 4.0 Windows NT - Thawte I was wondering if anyone has successfully installed a commercial cert into Tomcat 4.0 on Windows using the "keytool" function? I am following the attached instructions and got to the final step (keytool -import -alias tomcat -trustcacerts..) of importing my test Thawte certificate and I get the following error: keytool error: java.security.cert.CertificateException: Unsupported encoding I was wondering if anyone has experienced this problem? I am having issues with OpenSSL and was hoping to just use the keytool function. Thank you, Madhav Some day's ago [EMAIL PROTECTED] sent the attached mail: >-Ursprüngliche Nachricht- >Von: Jon Shoberg [mailto:[EMAIL PROTECTED]] >Gesendet: Donnerstag, 27. September 2001 00:41 >An: [EMAIL PROTECTED] >Betreff: Thawte, SSL, and Tomcat > Does anyone have, literally, "blind instructions" for setting up a >commercial SSL cert? The current docs are pretty good but I am looking for >something related to tomcat 3.x.x which covers creation and install of a >commercial cert. --- Begin Message --- Hi, after long time of trying to setup a (demo)certificate from thawte.com or trustcenter.de I finally made it. And because of the numerous questions on this list concerning this topic, I thought it would be a good idea to share my gained "wisdom" :-) So what follows is a step-by-step instruction on how to install a commercial (*not* self signed or openssl) certificate: 1. generate a local certificate: keytool -genkey -alias tomcat -keyalg RSA -keystore where is the name of the desired keystore-file 2. generate the CSR (you need it to request your (demo)certificate) keytool -certreq -keyalg RSA -alias tomcat -file certreq.pem -keystore now you have a file called "certreq.pem". Send this to your trustcenter. 3. most trustcenters do not deliver a so called "chained certificate", so you have to install their root-certificate (their website says where to find it) keytool -import -alias root -keystore -trustcacerts -file 4. after your final (demo)certificate has been sent to you, install it like this keytool -import -alias tomcat -keystore -trustcacerts -file For the tomcat-specific part of the installation go to the *real good* tomcat-doc-page: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html I hope it helped somebody... If there are any questions/suggestions/etc... simply hit "REPLY" (-: greets, pero _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
How can?
Hi, How can one Tomcat works as a server on behalf of somany entities? l mean, client wants to contact securely different entities whose certificates are stored in different keystores, but all are in one system. That system should work as server on behalf of all entities. So client should think that he is connecting to respective servers whose certs are stored on only one system. Different clients will be connecting to different entities at a time whose certs are stored in one system. Using Tomcat as webserver, how can this be achieved? how can we dynamically load respective keystore depending on the request obtained? Rams -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
RE: SSL Connection problem through jsp
You have to register SSL driver which ssl package do u use? Rams -Original Message- From: Lomesh Contractor [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 3:25 PM To: [EMAIL PROTECTED] Subject: SSL Connection problem through jsp Hi , I am facing one very strange problem for SSL connectivity from JSP page. I have one java application( one class file ) that make SSL connection to any secure server, if I run that application independently. But,when i use the same class file from my JSP page, to make SSL connection to other server, it shows, MalFormedURLConnection exception "https" unknown protocol. Well, the JSP file compiles successfully. This error occurres only at run time. I have included all the required jar files in the classpath. The same url is working fine, if i run it at java application.. ANY IDEA... Regards, Lomesh.
ssl performance
Hi, lt is observed that while pumping more than 1 request per sec., jsse throws some exception like untrusted server cert chain, though the cert is available. lt works fine for 1 or 2 requests. lt clientAuthenticatiion is required,its unable to connect. l'm pumping requests thru' threads.l use jsse 1.0.2 and Tomcat 3.2. That to performance is so bad. can any one help me? Rams winmail.dat
RE: tomcat-SSL
The jsse classes do on part of you. no need for u to do anything even in case of client authentication, as we do nothing in server Authentication. lf u r connecting as client to other severs and they need client Authentication. u should have ur client cert in ur keystore. Am l making sense? --Rams -Original Message- From: Mehul S Dave [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 12:32 PM To: Tomcat User archive Subject: tomcat-SSL Hi I have configured tomcat-SSL as an Standalone. Its working Fine I have used JSSE Well i need some more step-by step dtails for more Secured Authentication. In the Server.XML in the SSL phase if i set parameter=clientAuth value=true then it will expect clients Certificate too from the Client side. I wanna know on the Server side how do i have the clients Certificate for Authentication. Or any other Steps for Client Authentication with respect to Certificates. Thanking you. Bye * Mehul S Dave Scientific Officer, (STCS Dept.), Tata Institute of Fundamental Research Phone - 2152971 Extn - 2372 Mumbai . webpage:- http://www.ecom.tifr.res.in/~mehul *
RE: howto redirect
this is not possible.. Rams -Original Message- From: Bernhard Wraase [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 26, 2001 3:12 PM To: [EMAIL PROTECTED] Subject: howto redirect In the docs it seems simple... Even in the thread recently But it don't work. Each request works: http://127.0.0.1:8080 ->http://127.0.0.1:8080/index.html https://127.0.0.1:8443 ->https://127.0.0.1:8443/index.html But I want this: http://127.0.0.1:8080 ->https://127.0.0.1:8443/index.html The server.xml looks like: --snip-- --snap-- Any suggestions? -- TIA Bernhard Wraase
RE: mod_jk
Anagha, where do u need to compile source for mod_jk? whats the application of jk_global.h etc .h files? Rams +91-040-3000401 x 2162 (O) +91-040-6313447 (R) -Original Message- From: Anagha Mudigonda [mailto:[EMAIL PROTECTED]] Sent: Friday, July 06, 2001 11:42 AM To: [EMAIL PROTECTED] Subject: mod_jk hi, while compiling the source for mod_jk i find a lot of .h files cant be opened ... like jk_global.h etc. am i doing something wrong ?? help ! how do i go about it ? regards anagha -- Where the mind is without fear and the head is held high; Where knowledge is free; Where the world has not been broken up into fragments by narrow domestic walls; Where words come out from the depths of truth; ... Where the mind is led by thee into ever-widening thought and action; Into that heaven of freedom,my Father,let my country awake.
RE: imp - Tomcat with SSL
Tomcat does support SSL.. Ver 3.2.1 or above. Rams +91-040-3000401 x 2162 (O) +91-040-6313447 (R) -Original Message-From: Parag S [mailto:[EMAIL PROTECTED]]Sent: Friday, July 06, 2001 11:33 AMTo: [EMAIL PROTECTED]Subject: imp - Tomcat with SSL Does Tomcat supports SSL If yes then which version supports it. Please let me know immediatly Thanking you in advance. parag
RE: SSL handshake failure URGENT
can u send ur server,client,ca certs? Rams +91-040-3000401 x 2162 (O) +91-040-6313447 (R) -Original Message- From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 14, 2001 7:27 PM To: [EMAIL PROTECTED] Subject: SSL handshake failure URGENT Hello, I get no responses for my previous mails... so maybe I did not contact the good mailing list. Please give me an start of response... Hello, I have a cert importation problem here is the output of an openSSL client command [witch emulate a browser] (openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key cl_key.pem -state) : Enter PEM pass phrase: CONNECTED(0003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:handshake failure SSL_connect:error in SSLv2/v3 read server hello A 1993:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:453: Can someone help me ? Is it a way to make it work without installing apache ? Thanks for your answer I have this tomcat configuration : And that are all the lines procedure I entered to make it well work mkdir ./demoCA echo "" > ./demoCA/index.txt echo "01" > ./demoCA/serial # CA openssl req -new -out ca_req.pem -keyout ca_key.pem #pwd:pwd_ca #challenge_pwd:ch_ca #company name:THE_ORG # CLIENT openssl req -new -out cl_req.pem -keyout cl_key.pem #pwd:pwd_cl #ch_pwd:ch_cl #company name:THE_ORG # SERVER openssl req -new -out sr_req.pem -keyout sr_key.pem #pwd:pwd_sr #ch_pwd:ch_sr #company name:THE_ORG # CA AUTH echo "CA AUTH : enter CA password" openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem #pwd:pwd_ca rm ./demoCA/index.txt rm ./demoCA/serial cat "" > ./demoCA/index.txt cat "01" > ./demoCA/serial # CLIENT AUTH BY CA echo "CL AUTH : enter CA password" openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem -keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf #pwd:pwd_ca # SERVER AUTH BY CA echo "SR AUTH : enter CA password" openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem -keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf #pwd:pwd_ca # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der # REMOVE PREVIOUS KEYSTORE rm /opt/tomcat-3-2-2/tomcat/conf/keystore # IMPORT SERVER CERT IN TOMCAT KEYSTORE echo "IMPORT SR CERT : enter SR password" /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias tomcat -file sr_cert.der -keystore /opt/tomcat-3-2-2/tomcat/conf/keystore #pwd:pwd_sr # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd" openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out cl_cert.p12 #pwd:pwd_cl #exp_pwd:pwd_cl # CONNECTION TO THE TOMCAT SERVER openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key cl_key.pem -state __ Voila vous propose une boite aux lettres gratuite sur Voila Mail: http://mail.voila.fr
RE: JNI support in mod_jk : Was: mod_jk.so kills apache 1.3.19 on tru 64 v5.1
can anyone remove me from mailing list Rams
RE: SSL +tomcat
what did u write here? Rams +91-040-3000401 x 2162 (O) +91-040-6313447 (R) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 13, 2001 4:35 PM To: [EMAIL PROTECTED] Subject: RE: SSL +tomcat --> -Message d'origine- --> De: Rams [mailto:[EMAIL PROTECTED]] --> Date: mercredi 13 juin 2001 10:14 --> À: [EMAIL PROTECTED] --> Objet: RE: SSL +tomcat --> --> --> Actually, --> when trying with any browser, u have to configure ur --> client and ca cert --> in the browser keystore. --> when thru' code also, have to put both certs and ur ca --> cert in the keystore --> that u specified in server.xml. --> once u configure, browser show the client cert when clientAuth=true. --> --> try with this --> --> Rams --> +91-040-3000401 x 2162 (O) --> +91-040-6313447 (R) --> --> --> -Original Message- --> From: [EMAIL PROTECTED] --> [mailto:[EMAIL PROTECTED]] --> Sent: Tuesday, June 12, 2001 6:59 PM --> To: [EMAIL PROTECTED] --> Subject: SSL +tomcat --> --> --> hello all, --> --> I am testing Tomcat standalone with client authentication --> on, and getting --> some odd results. It works fine if client authentication --> is not turned on --> (for both IE and Netscape browsers). If I turn on client --> authentication, --> Netscape claims that I do not have a personal certificate, --> and IE asks me to --> choose from an empty list of certificates. --> Any ideas on the problem with the certificate request when --> I use Tomcat --> standalone? Is there some configuration to indicate the --> type of certificate --> the server is requesting? I am using both client & server --> certificates --> generated by Openssl. --> More precisely I have an Server Certificate stored in --> Keystore (Tomcat side) --> and a client --> Certificate integrated in my browser. Both certificates are --> signed by a CA --> Authority whose --> certificate is on my browser too. --> This problem has been already encoutered by many people --> ([EMAIL PROTECTED] for example) --> Many thanks, --> Arnaud Pierre. --> --> PS: I use tomcat 4.0b5 -->
RE: SSL +tomcat
Actually, when trying with any browser, u have to configure ur client and ca cert in the browser keystore. when thru' code also, have to put both certs and ur ca cert in the keystore that u specified in server.xml. once u configure, browser show the client cert when clientAuth=true. try with this Rams +91-040-3000401 x 2162 (O) +91-040-6313447 (R) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 12, 2001 6:59 PM To: [EMAIL PROTECTED] Subject: SSL +tomcat hello all, I am testing Tomcat standalone with client authentication on, and getting some odd results. It works fine if client authentication is not turned on (for both IE and Netscape browsers). If I turn on client authentication, Netscape claims that I do not have a personal certificate, and IE asks me to choose from an empty list of certificates. Any ideas on the problem with the certificate request when I use Tomcat standalone? Is there some configuration to indicate the type of certificate the server is requesting? I am using both client & server certificates generated by Openssl. More precisely I have an Server Certificate stored in Keystore (Tomcat side) and a client Certificate integrated in my browser. Both certificates are signed by a CA Authority whose certificate is on my browser too. This problem has been already encoutered by many people ([EMAIL PROTECTED] for example) Many thanks, Arnaud Pierre. PS: I use tomcat 4.0b5
Reg ssl
Hi All, I have a problem reg. ssl. while sending a huge amount of data thru' ssl, the server is unable to receive it. it throws ArrayIndexOutofBoundsException.. so is there any constraint on the size of data to be sent thru ssl? regards Rams winmail.dat
RE: how to automaticaly redirect to SSL?
Jan, Anyway, ur tomcat server is ssl enabled. once u enable server for ssl, there u specify the ssl-port and all. Depending on some criteria, u'll be redirecting to ssl using https. so use some condition for https and change the url accordingly.. To comm. thru' https, u have to enable the ssl part in server.xml. so check some condition and turn to https. Rams -Original Message- From: Pernica, Jan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 2:34 PM To: Tomcat-User (E-mail) Subject: how to automaticaly redirect to SSL? Hi I would like to automaticaly redirect client to use HTTPS if it is required. In the version 4.0 there is attribute "redirectPort". How can I set up this feature in the version 3.2.2? Thank you Jan __ Tato komunikace je urcena vyhradne pro adresata a je duverna. This communication is intended solely for the addressee and is confidential.
RE: Still Have SSL problems
if u have certificate, u can import it to keystore thru' keytool with alias 'tomcat'. try with this. Rams -Original Message- From: Todd Sussman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 29, 2001 12:06 PM To: [EMAIL PROTECTED] Subject: RE: Still Have SSL problems Ok. Maybe I can explain a little better. I had tomcat running against IIS. All was fine. I added a SSL Cert from Verisign to the IIS. I need to allow tomcat to use SSL aswell. I uncommented the section in server.xml for use with SSL. What I need is to know how to import the same ssl cert to Tomcat (3.2.1/JDK1.2.2). Do I need to run keytool and create a new one for tomcat or can I import it somehow? Thanks Todd -Original Message- From: Warren Crossing [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 29, 2001 8:19 AM To: '[EMAIL PROTECTED]' Subject: RE: Still Have SSL problems it should jsut use keytool that comes with the jdk.. have a look at the tools java doc. i think that netscape object signing uses netscapes keystore. but java ( jdk ) also has a keystore and tool. hope this helps. -Original Message- From: Todd Sussman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 29 May 2001 3:23 PM To: [EMAIL PROTECTED] Subject: Still Have SSL problems I altered the server.xml file as explained in the ssl + tomcat document. The problem I have is that I do not understand how to import the cert. I have from Verisign. This was created with a request gernerated by IIS 5.0. I keep getting an error that it can not find the .keystore file. Do I need to d/l and install openssl to generate a second key for tomcat? I am just learning tomcat and if you need further information to help me, I will gladly post more. Thank You in Advance Todd
RE: Signed certificate and tomcat
Hi Andromaque, can u elaborate ur doubt? Rams -Original Message-From: François Andromaque [mailto:[EMAIL PROTECTED]]Sent: Monday, May 28, 2001 9:16 PMTo: [EMAIL PROTECTED]Subject: Signed certificate and tomcat How configure tomcat, after have create a new self signed certificate server.crt
RE: IIS + Tomcat + SSL
Hi Todd, did u make changes in server.xml of tomcat for ssl enabling? not that jsp doesnt agree or servlets only agree? u r worried of URL for https,not the component,ok. let me know how did u test ur jsp using https? was it working with http? --Rams -Original Message- From: Todd Sussman [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 27, 2001 12:26 PM To: [EMAIL PROTECTED] Subject: IIS + Tomcat + SSL We have a working IIS + Tomcat 3.2.1 server running under windows 2000. We would like to add SSL security. I recieved my cert from Verisign and installed it. The problem is that I don't think the JSP's aree using the SSL information. Is there anyway to test this or a howto I can check. Thank You Todd
RE: Tomcat and SSL
For Tomcat, The cert. should be kept in keystote with alias 'tomcat'. ls the keystore where ur cert present and the one u specified in server.xml the same? ls the password in server.xml and for the keystore the same? whats the error u r getting? Rams CMCLtd 3000401 x 2162 (O) 6313447 (R) -Original Message- From: François Andromaque [mailto:[EMAIL PROTECTED]] Sent: Friday, May 25, 2001 3:35 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat and SSL still done, i am the user root and the file .keystore is present in the root directory - Original Message - From: "Pernica, Jan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 25, 2001 11:49 AM Subject: RE: Tomcat and SSL > you have to add your keys into > ${user.home}/.keystore then it works fine > > Regards > > Jan > > On Friday, May 25, 2001 11:46 AM, François Andromaque > [SMTP:[EMAIL PROTECTED]] wrote: > > Hello, > > I wonder if it's possible to configure Tomcat with SSL without using > apache. > > I have allready : > > > > activated SSL connector in server.xml with a port value of 8443 > > generated a SSL certificate with openssl > > Added security.provider.2=com.sun.net.ssl.internal.ssl.Provider to the > $JAVA_HOME/jre/lib/ext/java.security file > > > > but i can'nt connect my the server by requesting <https://myhost:8443>. > > What have i to do to complete the configuration of tomcat? > > > __ > Tato komunikace je urcena vyhradne pro adresata a je duverna. > This communication is intended solely for the addressee and is confidential. > >
RE: HTTPS connections from servlet
what exactly is ur problem? u need to connect to a server securely from ur servlet, right? or anything more? lf u want to connect thru https to another server, no need for ur tomcat to get ssl enabled. elaborate ur problem. rgrds --Rams -Original Message- From: Steven Banks [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 24, 2001 7:13 PM To: '[EMAIL PROTECTED]' Subject: HTTPS connections from servlet I am having severe trouble getting my application to access a secure web-server from within one of my servlets. I have installed all the necessary JSSE jar files, set the properties: System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); java.security.Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider()); ... and tried fiddling around with the proxy properties, to no avail. In order to allow this functionality, do we need to build an SSL enabled tomcat instance? Or am I missing something more fundamental. The code runs fine outside of Tomcat BTW. I've searched the net high and low for answers, but found none. ANy help would be most appreciated. Oh, we're using tomcat 3.2.1 on NT4. Regards Steve Banks
RE: Query
when l compiled it, error is at line 61..undefined variable 'propernoun'... so declare it.. Rams -Original Message-From: haneesh [mailto:[EMAIL PROTECTED]]Sent: Thursday, May 24, 2001 12:49 PMTo: [EMAIL PROTECTED]Subject: Query on compiling the attached java file i receive the following error C:\test\changed\loginagain.java:27: cannot resolve symbolsymbol : method setMaxInactiveInterval (int)location: interface javax.servlet.http.HttpSession httpsession.setMaxInactiveInterval(1800); ^1 error advice thanks
RE: Enabling only HTTPS for a container
how to use this CONFIDENTIAL transport-guarantee and where? --Rams -Original Message- From: Pernica, Jan [mailto:[EMAIL PROTECTED]] Sent: Monday, May 21, 2001 11:19 AM To: [EMAIL PROTECTED] Subject: RE: Enabling only HTTPS for a container Sorry about the question. I found solution in the documentation (servlet 2.3 specification). I have to use CONFIDENTIAL transport-guarantee. Regards Jan On Monday, May 21, 2001 7:30 AM, Pernica, Jan [SMTP:[EMAIL PROTECTED]] wrote: > Hi everybody > > I would like disable HTTP for one container. How can I do that? > Thank you in advance. > Regards > > Jan > > > > __ > Tato komunikace je urcena vyhradne pro adresata a je duverna. > This communication is intended solely for the addressee and is confidential. > > __ Tato komunikace je urcena vyhradne pro adresata a je duverna. This communication is intended solely for the addressee and is confidential.
RE: SSL
lt supports Rams CMCLtd 3000401 x 2162 (O) 6313447 (R) -Original Message- From: Noone Anil Kumar [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 18, 2001 11:32 AM To: [EMAIL PROTECTED] Subject: SSL Hi, Does Tomcat V3.1.1 supports SSL ??? Any help appreciated Thanks in advance, Anil
RE: Apache, SSL and TOMCAT
hi dave, first of all, what do u mean by steps 1,2..n. r u refering server.xml here? ln server.xml u find a set of lines to uncomment to enable SSL part in Tomcat webserver.Thats all.. clarifications,if any, r invited. Rams CMCLtd 3000401 x 2162 (O) 6313447 (R) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 11, 2001 7:58 PM To: [EMAIL PROTECTED] Subject: Apache, SSL and TOMCAT Hi, I'm confused and can't find any good documentation dealing with TOMCAT,SSL and Apache. I'm using a 128 bit SSL key from Verisign with my Apache web server. I noticed in the TOMCAT's server.xml file a series of steps to be completed if I need SSL support. I don't understand step 1 and 3. I'm new at this so please forgive me. But what is JSSE and where do I added it to the CLASSPATH. If I'm intergrating TOMCAT with Apache why do I generate key as outlined in Step 3. Dave
level of security
does anyone know how to set page/directory level security using Tomcat+SSL? -Rams winmail.dat
secure access
hi, How can we set secure access to certain page/directorty? l'm using Tomcat. l've to set clientAuth=true for certain pages and false to some other pages.How can l achieve this? l am grateful if my prob. will be solved. -Rams winmail.dat
ssl-levels of security
hi, How can we set secure access to certain page/directorty? l'm using Tomcat. l've to set clientAuth=true for certain pages and false to some other pages.How can l achieve this? l am grateful if my prob. will be solved. -Rams winmail.dat
Tomcat-ClientAuthentication
Hi, ln Tomcat,we know that server cert should be stored as key entry in the keystore with the name 'tomcat' only. Then if the same site needs client cert from the same CA, then by what name we can get it and stored as key entry in the keystore? can we use any custom defined name? if so,the IP of the machine will be the same for server cert and client cert? any suggestion is appreciated. -Rams winmail.dat
RE: Certificate based client authentication with standalone tomcat...
hi saha, do u have both ssl server,client certs stored in the browser? once u have no client cert, nothing is shown in the personal settings. --Rams -Original Message- From: Anindya Saha [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 05, 2001 4:44 PM To: [EMAIL PROTECTED] Subject: Certificate based client authentication with standalone tomcat... I have tried to implement client authentication using certificates on a standalone tomcat server. I have made all the manadated steps (like changing the server.xml file and loading the certificates on server and client). However, what I end up is an empty list of certificates on IE and with an error message (saying I have no personal certificates) on Netscape. The various searches on the mailing list and else where r also not helpful. I am using tomcat release 3.2. To complicate matters I see the following in the tomcat 3.2 release notes: *** DIGEST authentication and HTTPS client authentication (i.e. SSL) are not supported in this release. *** Then what's the point of the change in the server.xml file. Please let me know your thoughts/solutions. Regards, Anindya
Https Connector
Hi all, This is the default HttpConnector. ls there any HttpsConnector that comes with Tomcat? -Rams winmail.dat
server.xml
Hi all, The SSL part in server.xml usually be like this. l changed the handler and socket factory value from apache.tomcat to JSSE handler and SocketFactory like below: Then if i restart the server, it gives ClassCastException : setAttribute handler=com.sun.net.ssl.internal.www.protocol.https.Handler; Could any one gimme solution? --Rams winmail.dat
RE: Client Authentication
Hi Mandar, >I want to know if there are any additional settings to be done on Tomcat >side ? There is nothing to done extra on Tomcat side for Client Authentication.. u have to get SSLClient Cert. from any Trusted CA, in case if u want to connect to any server which needs client Authentication. >I know IE should atleast allow me to select a certificate to be sent to the >server by showing a dialog box. >It does not reach that stage. For this u should import ur client cert to browser , it'll be stored in personal settings. if the CA of ur cert matches any of the trusted CAs in the browser, u'll get a dialog to select a cert. Thats it. do reply if it works. --Rams
reg SSL Keystore
Hi, could any one tell me, from where the keystore is refered? ls that the path we specify in the server.xml? lf it is l'm not getting expected results.. does anyone have any idea? Rams CMCLtd 3000401 x 2162 (O) 6313447 (R) winmail.dat
reg SSL
Hi guys, l'm new to Tomcat.l face some problem while testing with Tomcat+SSL. l got server cert from CA and added in the store of server. when l connect to server thru' https on port 8443..l'm getting the exception: no cipher suites in common. Server key is in RSA format only..l'm using JSSE1.0.2. could anyone resolve my problem ? --Rams winmail.dat