Re: SSL problem with TC 5.0.16
Yes. And, what is more, apparently, Tomcat 5 can use the keystore, now. Maybe a problem with Windows 2000, cured by the reboot (yesterday it didn't work, today it does, computer was switched off overnight...) ;-). However, I've made a few more experiments, and found a snag in TC 5, possibly. Tomcat 5 can use my keystore, but only if the password is changeit, the default password. Now, the docs say, one should use this, but with TC 4.0.6 it was possible to change it. Is the password hard coded in TC 5? Maybe, that's another subject/thread... Thanks! Alex On Mon, 08 Dec 2003 20:42:41 -0500, Ankur Shah [EMAIL PROTECTED] wrote: Are you able to query your keystore (D:\ourwebapp\certificate\keystore) using the specified password from the command-line? For instance, what happens when you do this?: c:\%JAVA_HOME%/bin/keytool -list -keystore D:\ourwebapp\certificate\keystore -storepass yeahsure I just downloaded TC 5.0.16, configured SSL and ran it with no problems, FWIW. Baer Peter Christoph Alexander wrote: Yes, we set keystorePass to what we entered when creating the keystore. Below are the Connectors from our server.xml. Do you see anything wrong, here? Something, that was ok with TC 4.0.6, but is no longer valid for TC 5.0.16? Thanks in advance! Alex snip Connector acceptCount=100 connectionTimeout=3 debug=0 disableUploadTimeout=true enableLookups=true maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8080 redirectPort=8443 scheme=https secure=yes / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector acceptCount=100 debug=0 disableUploadTimeout=true enableLookups=false maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true Factory clientAuth=false keystoreFile=D:\ourwebapp\certificate\keystore keystorePass=yeahsure protocol=TLS / /Connector !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector debug=0 enableLookups=false port=8009 protocol=AJP/1.3 redirectPort=8443 / /snip -Original Message- From: Luc Foisy [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 5:53 PM To: Tomcat Users List Subject: RE: SSL problem with TC 5.0.16 Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2
RE: SSL problem with TC 5.0.16
Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL problem with TC 5.0.16
Yes, we set keystorePass to what we entered when creating the keystore. Below are the Connectors from our server.xml. Do you see anything wrong, here? Something, that was ok with TC 4.0.6, but is no longer valid for TC 5.0.16? Thanks in advance! Alex snip Connector acceptCount=100 connectionTimeout=3 debug=0 disableUploadTimeout=true enableLookups=true maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8080 redirectPort=8443 scheme=https secure=yes / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector acceptCount=100 debug=0 disableUploadTimeout=true enableLookups=false maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true Factory clientAuth=false keystoreFile=D:\ourwebapp\certificate\keystore keystorePass=yeahsure protocol=TLS / /Connector !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector debug=0 enableLookups=false port=8009 protocol=AJP/1.3 redirectPort=8443 / /snip -Original Message- From: Luc Foisy [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 5:53 PM To: Tomcat Users List Subject: RE: SSL problem with TC 5.0.16 Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with TC 5.0.16
Are you able to query your keystore (D:\ourwebapp\certificate\keystore) using the specified password from the command-line? For instance, what happens when you do this?: c:\%JAVA_HOME%/bin/keytool -list -keystore D:\ourwebapp\certificate\keystore -storepass yeahsure I just downloaded TC 5.0.16, configured SSL and ran it with no problems, FWIW. Baer Peter Christoph Alexander wrote: Yes, we set keystorePass to what we entered when creating the keystore. Below are the Connectors from our server.xml. Do you see anything wrong, here? Something, that was ok with TC 4.0.6, but is no longer valid for TC 5.0.16? Thanks in advance! Alex snip Connector acceptCount=100 connectionTimeout=3 debug=0 disableUploadTimeout=true enableLookups=true maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8080 redirectPort=8443 scheme=https secure=yes / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector acceptCount=100 debug=0 disableUploadTimeout=true enableLookups=false maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true Factory clientAuth=false keystoreFile=D:\ourwebapp\certificate\keystore keystorePass=yeahsure protocol=TLS / /Connector !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector debug=0 enableLookups=false port=8009 protocol=AJP/1.3 redirectPort=8443 / /snip -Original Message- From: Luc Foisy [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 5:53 PM To: Tomcat Users List Subject: RE: SSL problem with TC 5.0.16 Did you set keystorePass? -Original Message- From: Baer Peter Christoph Alexander [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 11:49 AM To: '[EMAIL PROTECTED]' Subject: SSL problem with TC 5.0.16 Hi, before you start throwing eggs and tomatoes at me: I *have* searched the mailing list archive before posting this message... ;-) I just installed Tomcat 5.0.16. Now we want to migrate an application from TC 4.0.6 to it. For this we need to run TC with SSL. However, there's apparently a mistake in our SSL configuration. After adapting server.xml for our webapp, we see the following startup error message: snip INFO: Starting Coyote HTTP/1.1 on port 8080 08.12.2003 17:01:45 org.apache.coyote.http11.Http11Protocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:748) at java.security.KeyStore.load(KeyStore.java:652) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:295) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:259) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JS SE14SocketFactory.java:172) /snip Following the docs, we checked the password and we have also created quite a few new keystores and put there paths into the keystoreFile attribute of the Factory tag. In TC5 even the old keystore with the original certificate of our application is rejected. Has anybody seen this before? Can you provide some hint, what the problem could be caused by? We can rule out the things mentioned in the docs, I think! Thanks in advance! Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]