Re: How to change the SSL port
I thought i saw someone mention the permission error before, but perhaps it was never followed up. on unix, ports below 1024 are protected, and can only be accessed by root. so if you're starting tomcat as anything else, it won't be able to bind to 443. have you checked this out? On Thu, 2005-09-15 at 23:36 -0400, Parsons Technical Services wrote: What OS are you on and what services are running? It sounds like something else has the port tied up. If you can post a list of the services maybe someone might spot it. If you are on windows there are some apps out that can map the app/service to the ports being used. If on Linux, which flavor and what netstat command did you use? When you say scanned the ports are you talking about from another machine or using netstat? Doug - Original Message - From: CommonGround Softworks/Phil McNamara [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, September 15, 2005 11:15 PM Subject: RE: How to change the SSL port Guys, Thank you. Stephen posted the original question on my behalf. I am just now joining the list. Iannis and Chuck thank you for your feedback. Maybe I can provide some more info. Appreciate any further suggestions. I did ports scans before and after the server.xml edits to ports 443 and to 8443. 443 has never responded. I saw 8443 go away, and 443 not come up. Edited server xml back to 8443 and portscanned it coming back up. It would seem to me that this demonstrates that I am editing the correct server.xml instance. I also checked processes and confirmed only one java parent was started. Likewise tested browser https access using 443 and 8443 during the tomcat edit start/stop cycles. 8443 plays. 443 does not. The tomcat log does show a bind error message after my server.xml edit to port 443. Sep 15, 2005 10:37:07 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.net.BindException: Permission denied:443 snip... Sep 15, 2005 10:37:07 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.net.BindException: Permission denied:443 at org.apache.catalina.connector.Connector.initialize(Connector.java:920) snip.. At no time has port 443 responded to an external port scan. Possible that apache or a ssl module has already done a bind internally to 443? I disabled the apache ssl module and can't find any other app that is a likely culprit. Ran Netstat and nothing obvious jumped out at me. Maybe I'm not savvy enough to spot the obvious. Kinda stumped. No firewall config on this machine. Could this be a permissions issue of some sort? I am tempted to fire up ssl with apache on 443 with a trial cert and make sure that Apache's ssl plays. I seem to recall over a year ago that I had a server that never could play ssl. Maybe this is the one with the gremlin :). Phil Mc Check your tomcat log file. If tomcat could bind properly on the SSL port you mentioned, it should show up in the log file (one of the first lines on the top). If not (e.g. because the port is already in use), it will show you a bind error message there as well. If the log says that the port is fine, check for firewall, (etc.) on your box. At least, look at the port number that is specified in the log. It should say 443 if your changes to the server.xml are correct. Iannis -Original Message- From: Stephen Caine [mailto:[EMAIL PROTECTED] Sent: Thursday, September 15, 2005 7:07 PM To: Tomcat Users List Subject: How to change the SSL port All: Is there any way I can change the default SSL port from 8443 to 443? Change the port attribute of the SSL connector in your server.xml file. And use port number 443. yup, I tried this. It doesn't work. I tried edits to server xml connector from 8443 to 443 - 443 port unresponsive after tomcat restart. Tried 8442 also. No joy. Only plays with 8443. There is another setting somewhere Please advise. Stephen Caine CommonGround Softworks, Inc. Phil McNamara CommonGround Softworks Inc. [EMAIL PROTECTED] http://www.commongrnd.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Fwd: Re: How to change the SSL port
On 9/15/05, Hassan Schroeder [EMAIL PROTECTED] wrote: CommonGround Softworks/Phil McNamara wrote: The tomcat log does show a bind error message after my server.xml edit to port 443. Sep 15, 2005 10:37:07 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.net.BindException: Permission denied:443 Are you starting Tomcat as root? Doesn't look like it... See http://www.klawitter.de/tomcat80.html for details, just do the same but for 443 not 80. Regards, -- Jason Bainbridge Reworked to post to the list: Thanks Jason, I did a trial start of Tomcat as root to pin down if the failure to bind to 443 as a priviliged port was the problem. Seems so. The tomcat log now shows it can't find the keystore -- expected since that file is stashed in the normal starting user directory and tomcat didn't know where to find it when started as root. Log doesn't show a failure to bind to 443. So some progress I looked over info in the link above and compiled jsvc OK. Am unable to start Tomcat as a daemon though per the script referenced cd $CATALINA_HOME ./bin/jsvc \ -user $TOMCAT_USER \ -cp ./bin/bootstrap.jar \ -outfile ./logs/catalina.out \ -errfile ./logs/catalina.err \ -Djava.endorsed.dirs=./common/endorsed \ -Dcatalina.home=$CATALINA_HOME \ -Djava.io.tmpdir=$CATALINA_TMPDIR \ org.apache.catalina.startup.Bootstrap start I'll have to do some tinkering. the catalina.err file shows the following: jsvc error: Cannot continue dyld: ./bin/jsvc dead lock (dyld operation attempted in a thread already doing a dyld operation) jsvc error: Service did not exit cleanly Thoughts? phil Phil McNamara CommonGround Softworks Inc. [EMAIL PROTECTED] http://www.commongrnd.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to change the SSL port
All: Is there any way I can change the default SSL port from 8443 to 443? Change the port attribute of the SSL connector in your server.xml file. And use port number 443. yup, I tried this. It doesn't work. I tried edits to server xml connector from 8443 to 443 - 443 port unresponsive after tomcat restart. Tried 8442 also. No joy. Only plays with 8443. There is another setting somewhere Please advise. Stephen Caine CommonGround Softworks, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to change the SSL port
Check your tomcat log file. If tomcat could bind properly on the SSL port you mentioned, it should show up in the log file (one of the first lines on the top). If not (e.g. because the port is already in use), it will show you a bind error message there as well. If the log says that the port is fine, check for firewall, (etc.) on your box. At least, look at the port number that is specified in the log. It should say 443 if your changes to the server.xml are correct. Iannis -Original Message- From: Stephen Caine [mailto:[EMAIL PROTECTED] Sent: Thursday, September 15, 2005 7:07 PM To: Tomcat Users List Subject: How to change the SSL port All: Is there any way I can change the default SSL port from 8443 to 443? Change the port attribute of the SSL connector in your server.xml file. And use port number 443. yup, I tried this. It doesn't work. I tried edits to server xml connector from 8443 to 443 - 443 port unresponsive after tomcat restart. Tried 8442 also. No joy. Only plays with 8443. There is another setting somewhere Please advise. Stephen Caine CommonGround Softworks, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to change the SSL port
From: Stephen Caine [mailto:[EMAIL PROTECTED] Subject: How to change the SSL port I tried edits to server xml connector from 8443 to 443 - 443 port unresponsive after tomcat restart. What does netstat say about who's listening on which ports? Tried 8442 also. No joy. Only plays with 8443. There is another setting somewhere Really, there isn't. Sounds like you're not editing the server.xml file that's actually being used by your Tomcat instance. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to change the SSL port
Lannis, Check your tomcat log file. If tomcat could bind properly on the SSL port you mentioned, it should show up in the log file (one of the first lines on the top). If not (e.g. because the port is already in use), it will show you a bind error message there as well. If the log says that the port is fine, check for firewall, (etc.) on your box. At least, look at the port number that is specified in the log. It should say 443 if your changes to the server.xml are correct. Thank you, I will check this out and let you know. Stephen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to change the SSL port
Charles, What does netstat say about who's listening on which ports? Will check this out. Tried 8442 also. No joy. Only plays with 8443. There is another setting somewhere Really, there isn't. Sounds like you're not editing the server.xml file that's actually being used by your Tomcat instance. Thank you. Stephen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to change the SSL port
Guys, Thank you. Stephen posted the original question on my behalf. I am just now joining the list. Iannis and Chuck thank you for your feedback. Maybe I can provide some more info. Appreciate any further suggestions. I did ports scans before and after the server.xml edits to ports 443 and to 8443. 443 has never responded. I saw 8443 go away, and 443 not come up. Edited server xml back to 8443 and portscanned it coming back up. It would seem to me that this demonstrates that I am editing the correct server.xml instance. I also checked processes and confirmed only one java parent was started. Likewise tested browser https access using 443 and 8443 during the tomcat edit start/stop cycles. 8443 plays. 443 does not. The tomcat log does show a bind error message after my server.xml edit to port 443. Sep 15, 2005 10:37:07 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.net.BindException: Permission denied:443 snip... Sep 15, 2005 10:37:07 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.net.BindException: Permission denied:443 at org.apache.catalina.connector.Connector.initialize(Connector.java:920) snip.. At no time has port 443 responded to an external port scan. Possible that apache or a ssl module has already done a bind internally to 443? I disabled the apache ssl module and can't find any other app that is a likely culprit. Ran Netstat and nothing obvious jumped out at me. Maybe I'm not savvy enough to spot the obvious. Kinda stumped. No firewall config on this machine. Could this be a permissions issue of some sort? I am tempted to fire up ssl with apache on 443 with a trial cert and make sure that Apache's ssl plays. I seem to recall over a year ago that I had a server that never could play ssl. Maybe this is the one with the gremlin :). Phil Mc Check your tomcat log file. If tomcat could bind properly on the SSL port you mentioned, it should show up in the log file (one of the first lines on the top). If not (e.g. because the port is already in use), it will show you a bind error message there as well. If the log says that the port is fine, check for firewall, (etc.) on your box. At least, look at the port number that is specified in the log. It should say 443 if your changes to the server.xml are correct. Iannis -Original Message- From: Stephen Caine [mailto:[EMAIL PROTECTED] Sent: Thursday, September 15, 2005 7:07 PM To: Tomcat Users List Subject: How to change the SSL port All: Is there any way I can change the default SSL port from 8443 to 443? Change the port attribute of the SSL connector in your server.xml file. And use port number 443. yup, I tried this. It doesn't work. I tried edits to server xml connector from 8443 to 443 - 443 port unresponsive after tomcat restart. Tried 8442 also. No joy. Only plays with 8443. There is another setting somewhere Please advise. Stephen Caine CommonGround Softworks, Inc. Phil McNamara CommonGround Softworks Inc. [EMAIL PROTECTED] http://www.commongrnd.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to change the SSL port
CommonGround Softworks/Phil McNamara wrote: The tomcat log does show a bind error message after my server.xml edit to port 443. Sep 15, 2005 10:37:07 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.net.BindException: Permission denied:443 Are you starting Tomcat as root? Doesn't look like it... -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to change the SSL port
From: CommonGround Softworks/Phil McNamara [mailto:[EMAIL PROTECTED] Subject: RE: How to change the SSL port It would seem to me that this demonstrates that I am editing the correct server.xml instance. Agreed. Sounds like something else has grabbed or disabled 443, especially since the Tomcat log shows a bind failure. Possible that apache or a ssl module has already done a bind internally to 443? Highly likely. Why are you running httpd? Unless the vast majority of your response pages are pure static content, Tomcat by itself will probably be faster (and certainly simpler to set up standalone). Ran Netstat and nothing obvious jumped out at me. What platform are you running on? For Windows, try netstat -a -n -o and see if there's anything listening on 443, and if there is, use Task Manager to relate the pid to a running program (might be a service). I don't have access to a modern *nix system at the moment, so I can't suggest much for that environment, other than checking iptables. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to change the SSL port
On 9/15/05, Hassan Schroeder [EMAIL PROTECTED] wrote: CommonGround Softworks/Phil McNamara wrote: The tomcat log does show a bind error message after my server.xml edit to port 443. Sep 15, 2005 10:37:07 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.net.BindException: Permission denied:443 Are you starting Tomcat as root? Doesn't look like it... See http://www.klawitter.de/tomcat80.html for details, just do the same but for 443 not 80. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to change the SSL port
What OS are you on and what services are running? It sounds like something else has the port tied up. If you can post a list of the services maybe someone might spot it. If you are on windows there are some apps out that can map the app/service to the ports being used. If on Linux, which flavor and what netstat command did you use? When you say scanned the ports are you talking about from another machine or using netstat? Doug - Original Message - From: CommonGround Softworks/Phil McNamara [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, September 15, 2005 11:15 PM Subject: RE: How to change the SSL port Guys, Thank you. Stephen posted the original question on my behalf. I am just now joining the list. Iannis and Chuck thank you for your feedback. Maybe I can provide some more info. Appreciate any further suggestions. I did ports scans before and after the server.xml edits to ports 443 and to 8443. 443 has never responded. I saw 8443 go away, and 443 not come up. Edited server xml back to 8443 and portscanned it coming back up. It would seem to me that this demonstrates that I am editing the correct server.xml instance. I also checked processes and confirmed only one java parent was started. Likewise tested browser https access using 443 and 8443 during the tomcat edit start/stop cycles. 8443 plays. 443 does not. The tomcat log does show a bind error message after my server.xml edit to port 443. Sep 15, 2005 10:37:07 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.net.BindException: Permission denied:443 snip... Sep 15, 2005 10:37:07 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.net.BindException: Permission denied:443 at org.apache.catalina.connector.Connector.initialize(Connector.java:920) snip.. At no time has port 443 responded to an external port scan. Possible that apache or a ssl module has already done a bind internally to 443? I disabled the apache ssl module and can't find any other app that is a likely culprit. Ran Netstat and nothing obvious jumped out at me. Maybe I'm not savvy enough to spot the obvious. Kinda stumped. No firewall config on this machine. Could this be a permissions issue of some sort? I am tempted to fire up ssl with apache on 443 with a trial cert and make sure that Apache's ssl plays. I seem to recall over a year ago that I had a server that never could play ssl. Maybe this is the one with the gremlin :). Phil Mc Check your tomcat log file. If tomcat could bind properly on the SSL port you mentioned, it should show up in the log file (one of the first lines on the top). If not (e.g. because the port is already in use), it will show you a bind error message there as well. If the log says that the port is fine, check for firewall, (etc.) on your box. At least, look at the port number that is specified in the log. It should say 443 if your changes to the server.xml are correct. Iannis -Original Message- From: Stephen Caine [mailto:[EMAIL PROTECTED] Sent: Thursday, September 15, 2005 7:07 PM To: Tomcat Users List Subject: How to change the SSL port All: Is there any way I can change the default SSL port from 8443 to 443? Change the port attribute of the SSL connector in your server.xml file. And use port number 443. yup, I tried this. It doesn't work. I tried edits to server xml connector from 8443 to 443 - 443 port unresponsive after tomcat restart. Tried 8442 also. No joy. Only plays with 8443. There is another setting somewhere Please advise. Stephen Caine CommonGround Softworks, Inc. Phil McNamara CommonGround Softworks Inc. [EMAIL PROTECTED] http://www.commongrnd.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]