Re: Do you run Tomcat with SSL?
On Thu, 13 Mar 2003 19:51:57 -0800 (PST) Mark Liu [EMAIL PROTECTED] wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but on linux it work fine with SSL on the 8443 port Actually my own problem is to use SSL only in realm login page but it's visibly difficult. Goodbye. ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
I can confirm that it works. I am using tomcat 4.1.12. The only point I have not solved so far is how to get access to the client certificate in my servlet or JSP. I would like to do programmatic security, i.e. store users in a database and verify the authenticated user in a JSP or servlet. Does anybody know if this is possible at all? - Josef Templ - Original Message - From: Gabriel Santonja [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, March 14, 2003 11:56 AM Subject: Re: Do you run Tomcat with SSL? On Thu, 13 Mar 2003 19:51:57 -0800 (PST) Mark Liu [EMAIL PROTECTED] wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but on linux it work fine with SSL on the 8443 port Actually my own problem is to use SSL only in realm login page but it's visibly difficult. Goodbye. ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Do you run Tomcat with SSL?
You can write a class that implements the X509TrustManager interface. Then initialize your SSLContext with this TrustManager. Get a SocketFactory for your SSLContext. Finally, set this as the default SocketFactory for all HttpsUrlConnections. The code in your checkClientTrusted method will execute every time someone tries to make a connection via HTTPS. This method takes an array of X509Certificates as a parameter (the whole certificate chain, not just the supplied client certificate) HTH Andy -Original Message- From: Josef Templ [mailto:[EMAIL PROTECTED] Sent: 14 March 2003 11:10 To: Tomcat Users List Subject: Re: Do you run Tomcat with SSL? I can confirm that it works. I am using tomcat 4.1.12. The only point I have not solved so far is how to get access to the client certificate in my servlet or JSP. I would like to do programmatic security, i.e. store users in a database and verify the authenticated user in a JSP or servlet. Does anybody know if this is possible at all? - Josef Templ - Original Message - From: Gabriel Santonja [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, March 14, 2003 11:56 AM Subject: Re: Do you run Tomcat with SSL? On Thu, 13 Mar 2003 19:51:57 -0800 (PST) Mark Liu [EMAIL PROTECTED] wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but on linux it work fine with SSL on the 8443 port Actually my own problem is to use SSL only in realm login page but it's visibly difficult. Goodbye. ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
Hmm, I actually don't want to check the trust chain myself. There is no need to do anything special. All I want is to access the content of the client certificate, which should be checkd as usual. Isn't this a very common situation for a web application, which uses certificates as a straight forward replacemnet for passwords? - Josef - Original Message - From: Bodycombe, Andrew [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, March 14, 2003 12:19 PM Subject: RE: Do you run Tomcat with SSL? You can write a class that implements the X509TrustManager interface. Then initialize your SSLContext with this TrustManager. Get a SocketFactory for your SSLContext. Finally, set this as the default SocketFactory for all HttpsUrlConnections. The code in your checkClientTrusted method will execute every time someone tries to make a connection via HTTPS. This method takes an array of X509Certificates as a parameter (the whole certificate chain, not just the supplied client certificate) HTH Andy -Original Message- From: Josef Templ [mailto:[EMAIL PROTECTED] Sent: 14 March 2003 11:10 To: Tomcat Users List Subject: Re: Do you run Tomcat with SSL? I can confirm that it works. I am using tomcat 4.1.12. The only point I have not solved so far is how to get access to the client certificate in my servlet or JSP. I would like to do programmatic security, i.e. store users in a database and verify the authenticated user in a JSP or servlet. Does anybody know if this is possible at all? - Josef Templ - Original Message - From: Gabriel Santonja [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, March 14, 2003 11:56 AM Subject: Re: Do you run Tomcat with SSL? On Thu, 13 Mar 2003 19:51:57 -0800 (PST) Mark Liu [EMAIL PROTECTED] wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but on linux it work fine with SSL on the 8443 port Actually my own problem is to use SSL only in realm login page but it's visibly difficult. Goodbye. ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
With Tomcat 4.1.18 there is an (undocumented??) attribute in the request, which holds the certificate trust chain as an X509Certificate[]. request.getAttribute(javax.servlet.request.X509Certificate) I have seen exceptions under Tomcat 4.1.12 (some SSL HANDSHAKE problem) in the log, which explain why there was no such attribute in the request. - Josef - Original Message - From: Bodycombe, Andrew [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, March 14, 2003 12:19 PM Subject: RE: Do you run Tomcat with SSL? You can write a class that implements the X509TrustManager interface. Then initialize your SSLContext with this TrustManager. Get a SocketFactory for your SSLContext. Finally, set this as the default SocketFactory for all HttpsUrlConnections. The code in your checkClientTrusted method will execute every time someone tries to make a connection via HTTPS. This method takes an array of X509Certificates as a parameter (the whole certificate chain, not just the supplied client certificate) HTH Andy -Original Message- From: Josef Templ [mailto:[EMAIL PROTECTED] Sent: 14 March 2003 11:10 To: Tomcat Users List Subject: Re: Do you run Tomcat with SSL? I can confirm that it works. I am using tomcat 4.1.12. The only point I have not solved so far is how to get access to the client certificate in my servlet or JSP. I would like to do programmatic security, i.e. store users in a database and verify the authenticated user in a JSP or servlet. Does anybody know if this is possible at all? - Josef Templ - Original Message - From: Gabriel Santonja [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, March 14, 2003 11:56 AM Subject: Re: Do you run Tomcat with SSL? On Thu, 13 Mar 2003 19:51:57 -0800 (PST) Mark Liu [EMAIL PROTECTED] wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but on linux it work fine with SSL on the 8443 port Actually my own problem is to use SSL only in realm login page but it's visibly difficult. Goodbye. ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
I am not sure if they are of the same format. I only know that I am able to import the certificate generated by my little Java program into the keystore as alias tomcat. Anywhere I can check the format of the keytool-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
--- Gabriel Santonja [EMAIL PROTECTED] wrote: On Thu, 13 Mar 2003 19:51:57 -0800 (PST) Mark Liu [EMAIL PROTECTED] wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but on linux it work fine with SSL on the 8443 port Actually my own problem is to use SSL only in realm login page but it's visibly difficult. Goodbye. Man, it's not that I don't know how to run Tomcat with SSL. I know how to do that with the keytool-generated certificate. What I don't understand is why I can't run Tomcat SSL with the certificate generated by my little Java program. And it is a valid certificate which I can successfully import into the keystore as alias tomcat. Any idea? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
Do your certificates work with other applications in other scenarios ? On Saturday, March 15, 2003, at 12:28 AM, Mark Liu wrote: I am not sure if they are of the same format. I only know that I am able to import the certificate generated by my little Java program into the keystore as alias tomcat. Anywhere I can check the format of the keytool-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
Well, I've never tried any other application. I only know that I can import it into the keystore, I can also import it into the browser (IE). --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Do your certificates work with other applications in other scenarios ? On Saturday, March 15, 2003, at 12:28 AM, Mark Liu wrote: I am not sure if they are of the same format. I only know that I am able to import the certificate generated by my little Java program into the keystore as alias tomcat. Anywhere I can check the format of the keytool-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Do you run Tomcat with SSL?
Man, it's not that I don't know how to run Tomcat with SSL. I know how to do that with the keytool-generated certificate. What I don't understand is why I can't run Tomcat SSL with the certificate generated by my little Java program. And it is a valid certificate which I can successfully import into the keystore as alias tomcat. Any idea? Have you had a read of http://java.sun.com/j2se/1.4/docs/tooldocs/windows/keytool.html ? Specifically, at the end under Examples you will find Requesting a Signed Certificate from a Certification Authority and Importing the Certificate Reply from the CA which may help. Cheers, Jon __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
I suggest that you try using your certificate with other applications for instance send yourself a digitally signed email using your certificate. If your certificate works with another app then probably there is something wrong with the way tomcat is handling certificates. If not (which is most probably the case) then there is something missing from the certificate. So I would strongly recommend you to try using your little java application generated certificate with some other app other than tomcat and see how it works. Thanks. On Saturday, March 15, 2003, at 12:39 AM, Mark Liu wrote: Well, I've never tried any other application. I only know that I can import it into the keystore, I can also import it into the browser (IE). --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Do your certificates work with other applications in other scenarios ? On Saturday, March 15, 2003, at 12:28 AM, Mark Liu wrote: I am not sure if they are of the same format. I only know that I am able to import the certificate generated by my little Java program into the keystore as alias tomcat. Anywhere I can check the format of the keytool-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
I think I got a little idea after I re-read the keytool doc. You see, when we generate the cert using keytool, both the private key and the public key are stored in the keystore. And when we import the cert reply from the CA, keystore will associate the private key with the cert that wraps up the corresponding public key, right? However, in my project, I have the browser IE generate the pkcs10 request and submit the request to the CA. Apparently IE does not use the SUN keystore facility. Thus, when I get the cert reply from the CA and import it into the SUN keystore, the SUN keystore has no way of matching the cert with a private key because the the private key does not exist in the SUN keystore, it is stored in the keystore that IE maintains, although the SUN keystore still imports the cert. Does my conjecture sound reasonable? Thank you for your continued education. Mark --- Mufaddal Khumri [EMAIL PROTECTED] wrote: I suggest that you try using your certificate with other applications for instance send yourself a digitally signed email using your certificate. If your certificate works with another app then probably there is something wrong with the way tomcat is handling certificates. If not (which is most probably the case) then there is something missing from the certificate. So I would strongly recommend you to try using your little java application generated certificate with some other app other than tomcat and see how it works. Thanks. On Saturday, March 15, 2003, at 12:39 AM, Mark Liu wrote: Well, I've never tried any other application. I only know that I can import it into the keystore, I can also import it into the browser (IE). --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Do your certificates work with other applications in other scenarios ? On Saturday, March 15, 2003, at 12:28 AM, Mark Liu wrote: I am not sure if they are of the same format. I only know that I am able to import the certificate generated by my little Java program into the keystore as alias tomcat. Anywhere I can check the format of the keytool-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail
Re: Do you run Tomcat with SSL?
When you create a public and a private key ... you make a request to a CA to sign your public key ... You never reveal to the CA your private key. Your private key as the name implies is always with you and nobody else. You send the CA your public key and some other information. The CA creates a certificate. Any certificate has : 1. The public key 2. expiration date 3 algorithm 4. etc. The certificate information is hashed and the hash of that is signed by the private key of the Certificate Issuing Authority (CA) .. like Verisign, or in your case your little java app. When you get back this certificate from the CA ... in your case you are using keytool to import it into your keystore. Your keystore does not have your private key yet. SSL handshake requires you to have your private key in the keystore as well. I think that is what your problem is .. get your private key into keystore too. thanks. On Saturday, March 15, 2003, at 02:40 AM, Mark Liu wrote: I think I got a little idea after I re-read the keytool doc. You see, when we generate the cert using keytool, both the private key and the public key are stored in the keystore. And when we import the cert reply from the CA, keystore will associate the private key with the cert that wraps up the corresponding public key, right? However, in my project, I have the browser IE generate the pkcs10 request and submit the request to the CA. Apparently IE does not use the SUN keystore facility. Thus, when I get the cert reply from the CA and import it into the SUN keystore, the SUN keystore has no way of matching the cert with a private key because the the private key does not exist in the SUN keystore, it is stored in the keystore that IE maintains, although the SUN keystore still imports the cert. Does my conjecture sound reasonable? Thank you for your continued education. Mark --- Mufaddal Khumri [EMAIL PROTECTED] wrote: I suggest that you try using your certificate with other applications for instance send yourself a digitally signed email using your certificate. If your certificate works with another app then probably there is something wrong with the way tomcat is handling certificates. If not (which is most probably the case) then there is something missing from the certificate. So I would strongly recommend you to try using your little java application generated certificate with some other app other than tomcat and see how it works. Thanks. On Saturday, March 15, 2003, at 12:39 AM, Mark Liu wrote: Well, I've never tried any other application. I only know that I can import it into the keystore, I can also import it into the browser (IE). --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Do your certificates work with other applications in other scenarios ? On Saturday, March 15, 2003, at 12:28 AM, Mark Liu wrote: I am not sure if they are of the same format. I only know that I am able to import the certificate generated by my little Java program into the keystore as alias tomcat. Anywhere I can check the format of the keytool-generated certificate? --- Mufaddal Khumri [EMAIL PROTECTED] wrote: Is your certificate format generated by your little java program exactly like the keytool generated certificate ? Have you tested your certificates with other applications to see if you are producing them correctly ? thanks. On Friday, March 14, 2003, at 09:21 AM, Mark Liu wrote: I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e
Do you run Tomcat with SSL?
I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
My guess would be that most people only use SSL on the web front end: Apache listens on port 443, does all the SSL layer stuff, with Tomcat usually behind the firewall, and the Tomcat -- Web Server (Apache / IIS) unencrypted. just my 2c Regards, Paul On Fri, 2003-03-14 at 02:43, Mark Liu wrote: I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- p niemandt [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Do you run Tomcat with SSL?
That means I still won't get any answer from this list, right? Does the keytool-generated certificate have something special in it? Check the attached certificate which is generated by my little Java program. It *is* a valid certificate, and can be successfully imported into the keystore. But then how come I just can't run Tomcat SSL with this certificate? There are no exception messages from the Tomcat Console. Is this a really tough problem and even gurus, if we have a few here, don't have an answer to it? --- p niemandt [EMAIL PROTECTED] wrote: My guess would be that most people only use SSL on the web front end: Apache listens on port 443, does all the SSL layer stuff, with Tomcat usually behind the firewall, and the Tomcat -- Web Server (Apache / IIS) unencrypted. just my 2c Regards, Paul On Fri, 2003-03-14 at 02:43, Mark Liu wrote: I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- p niemandt [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com cert4ca.cer Description: cert4ca.cer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Do you run Tomcat with SSL?
I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Do you run Tomcat with SSL?
I know you guys have your great strategies in balancing Apache and Tomcat. But, my project isn't really so picky about efficiency, so I simply run Tomcat with SSL all the time. It simplifies my project a little bit. But then I do need to be able to run Tomcat SSL with the certificated generated by my little Java program. --- mike jackson [EMAIL PROTECTED] wrote: I've always run tomcat as a backend to apache. Apache may or may not implement ssl. That said, every time I've implemented ssl I've done it at the apache level, never at the tomcat level. In fact the few times that I've wanted ssl at the tomcat level (usually because I'm not running apache) I've ended up setting up apache to run as the front end. But that's just me. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Mark Liu [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 6:44 PM To: Tomcat Users List Subject: Do you run Tomcat with SSL? I am able to run Tomcat SSL with the keytool-generated certificate, but not the certificate my little Java program generates. I've been asking this question for a while in this list. But it seems nobody has an answer to it. So you guys never run Tomcat in SSL mode? Or you guys always use the keytool-generated certificate for the SSL? __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
