Re: Tomcat and SSL
i dont think https and http requests from the same machine will be having any impact on the session created already. I mean even if u call request.getSession(true) in a secure page and if a valid session already exists , nothinng like creating a new session and invalidating it will happen. There will not any difference between a http request and https request from web server point of view, except that they are received on different ports and one needs to be decrypted before processing any detailed explaination on this will be appreciated On 7/19/05, Mufaddal Khumri [EMAIL PROTECTED] wrote: Hello, I wanted to verify if I am understanding this right. The website has certain sections of it using HTTPS (secure) and certain sections use only HTTP (unsecure). 1. A new session resulting from a call to request.getSession(true) in a secure area of a website is invalidated automatically when the session transitions from the secure to an unsecure area of the website. 2. A new session resulting from a call to request.getSession(true) in an unsecure area of a website is untouched when the session transitions from the unsecure to a secure area of the website and from the unsecure to a secure area of the website. Am I understanding 1 and 2 right? Thanks, Mufaddal. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Consult your physician prior to the use of any medical supplies or product. -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat For SSL
Tomcat handles SSL certificates as it is, but I'd recommend install Apache to handle all cert instead of Tomcat. -Original Message- From: Scott Purcell [mailto:[EMAIL PROTECTED] Sent: Monday, May 23, 2005 9:39 AM To: tomcat-user@jakarta.apache.org Subject: Tomcat For SSL Hello, I have a webapp that is running on Tomcat 5.5. I have always developed just using Tomcat. Now I want to take a site, and host it. The site will also run certificates for SSL. Should I wrap my site around Apache now. Meaning should I install apache and put tomcat inside? Or however this is done. Or can tomcat handle SSL certificates (from Verisign?) as it is. I hear of security issues, etc. Any information would be appreciated. Thanks, Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat For SSL
Get ready for differing opinions on this, it's been asked loads of times before, try searching the archives for more info. My very quick summary would be that you do not need apache httpd to do SSL, and it can be very fast and stable without apache, as well as simpler to config if you don't already know apache, but there are good reasons to introduce apache. depending on the exact requirements of your site, there are some useful feature benefits from using apache+tomcat, and when the site gets heavily loaded, apache+tc performs better than tc alone, if you let apache handle the static page requests. A friend of mine advises me that he uses apache+tc for these reasons: - server side includes which is easier for most people to use to do minor dynamic content in otherwise static pages - mod_rewrite can help with redirection between http - https if you have pages that can only be accessed through one or other protocol - can config reverse proxy content off another server I do not run apache with my TC because I do not require any of these features; however I am not against using it for the right app. -Original Message- From: Scott Purcell [mailto:[EMAIL PROTECTED] Sent: Monday 23 May 2005 14:39 To: tomcat-user@jakarta.apache.org Subject: Tomcat For SSL Hello, I have a webapp that is running on Tomcat 5.5. I have always developed just using Tomcat. Now I want to take a site, and host it. The site will also run certificates for SSL. Should I wrap my site around Apache now. Meaning should I install apache and put tomcat inside? Or however this is done. Or can tomcat handle SSL certificates (from Verisign?) as it is. I hear of security issues, etc. Any information would be appreciated. Thanks, Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat For SSL
Scott Purcell wrote: Should I wrap my site around Apache now. Meaning should I install apache and put tomcat inside? There is no standard answer to this question. It depends what you are trying to achieve. Apache adds both functionality and configuration complexity. You have to weigh the costs of one against the benefits of the other. If you don't know, stick with Tomcat standalone - you can always change your mind later. Or can tomcat handle SSL certificates (from Verisign?) as it is. Yes. I hear of security issues, etc. Like what? It is difficult to answer your concerns when you are this vauge. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and SSL
How did you create the certificate ? And with what details ? -Original Message- From: Marcos Ferreira [mailto:[EMAIL PROTECTED] Sent: 19 April 2005 13:39 To: tomcat-user@jakarta.apache.org Subject: Tomcat and SSL Hi, I'm having problems using Tomcat with SSL Protocol. I setup Client Authentication in Tomcat administration tool. When i try to use access a page that needs a certificate, i receive error DNS Error cause the site is unreachable. Is there anyone who knows how to solve this problem. Thanks. PS.: Tomcat 5.0.28 Windows 2000 Port 8443 listener OK ** Informação transmitida destina-se apenas à pessoa a quem foi endereçada e pode conter informação confidencial, legalmente protegida e para conhecimento exclusivo do destinatário. Se o leitor desta advertência não for o seu destinatário, fica ciente de que sua leitura, divulgação ou cópia é estritamente proibida. Caso a mensagem tenha sido recebida por engano, favor comunicar ao remetente e apagar o texto de qualquer computador. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by person or entity other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html Set enableLookups to false. Doug - Original Message - From: Marcos Ferreira [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Tuesday, April 19, 2005 8:39 AM Subject: Tomcat and SSL Hi, I'm having problems using Tomcat with SSL Protocol. I setup Client Authentication in Tomcat administration tool. When i try to use access a page that needs a certificate, i receive error DNS Error cause the site is unreachable. Is there anyone who knows how to solve this problem. Thanks. PS.: Tomcat 5.0.28 Windows 2000 Port 8443 listener OK ** Informação transmitida destina-se apenas à pessoa a quem foi endereçada e pode conter informação confidencial, legalmente protegida e para conhecimento exclusivo do destinatário. Se o leitor desta advertência não for o seu destinatário, fica ciente de que sua leitura, divulgação ou cópia é estritamente proibida. Caso a mensagem tenha sido recebida por engano, favor comunicar ao remetente e apagar o texto de qualquer computador. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by person or entity other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL
I created the certificate using keytool and choosed JKS type. I'm using false to enableLookups attribute. Thanx - Original Message - From: Raghupathy,Gurumoorthy [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Tuesday, April 19, 2005 9:46 AM Subject: RE: Tomcat and SSL How did you create the certificate ? And with what details ? -Original Message- From: Marcos Ferreira [mailto:[EMAIL PROTECTED] Sent: 19 April 2005 13:39 To: tomcat-user@jakarta.apache.org Subject: Tomcat and SSL Hi, I'm having problems using Tomcat with SSL Protocol. I setup Client Authentication in Tomcat administration tool. When i try to use access a page that needs a certificate, i receive error DNS Error cause the site is unreachable. Is there anyone who knows how to solve this problem. Thanks. PS.: Tomcat 5.0.28 Windows 2000 Port 8443 listener OK ** Informação transmitida destina-se apenas à pessoa a quem foi endereçada e pode conter informação confidencial, legalmente protegida e para conhecimento exclusivo do destinatário. Se o leitor desta advertência não for o seu destinatário, fica ciente de que sua leitura, divulgação ou cópia é estritamente proibida. Caso a mensagem tenha sido recebida por engano, favor comunicar ao remetente e apagar o texto de qualquer computador. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by person or entity other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** Informação transmitida destina-se apenas à pessoa a quem foi endereçada e pode conter informação confidencial, legalmente protegida e para conhecimento exclusivo do destinatário. Se o leitor desta advertência não for o seu destinatário, fica ciente de que sua leitura, divulgação ou cópia é estritamente proibida. Caso a mensagem tenha sido recebida por engano, favor comunicar ao remetente e apagar o texto de qualquer computador. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by person or entity other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat/4.1.31 - SSL Troubles
On 4/13/05, Andrey [EMAIL PROTECTED] wrote: Hello, (j2re1.4.1_02 is installed) I've created certificate keystore as described: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/printer/ssl-howto.html then i uncommented Connector element for an SSL connector i server.xml. I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Sounds like you are using Internet Explorer so the first step would be to disable Show friendly HTTP error messages and if you are using IE for any sort of web development testing that is one of the first things you should do: Tools / Internet Options, Advanced tab, then it is under the Browsing subheading. Then you can see the real error. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat/4.1.31 - SSL Troubles
I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Is the page OK on http then? - https://server.com:8443/app1/page1.jsp - http://server.com:8080/app1/page1.jsp Regards, Ben Kim Database Developer/Systems Administrator 434E Harrington Tower / College of Education Texas AM University - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 / SSL / Digsigtrust Certificate...
I figured it out. I was importing the new signed cert to a new alias in my keystore, rather than the original key I generated when I created the keystore. And, Netscape's CA Chain certs work with JBoss/Tomcat5. John Urban wrote: I have sent my CSR and been approved and received my SSL Web server certificate from Digsigtrust. I have having problems getting the SSL certificate to install properly. I have tried every conceivable combinations to getting my browser to NOT pop up the Security Alart dialog. Most documentation I've read seems to tell me to import the CA chain to my keystore first, then my signed certificate from Digsigtrust. I've had no success. My issue seems to be obtaining the correct Chain certificate from Digsigtrust. Can someone advise me which is the closet server to Tomcat 5: Apache + Mod/Open SSL Apache Raven Microsoft Internet Information Server 5 and 6 Microsoft Internet Information Server 4 iPlanet Enterprise Server 4.1 Domino 4.6 and Higher Netscape Enterprise Server 3.6.1 Stronghold 3.0 Others/Misc This should be a step in the right direction. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 / SSL / Digsigtrust Certificate...
I have sent my CSR and been approved and received my SSL Web server certificate from Digsigtrust. I have having problems getting the SSL certificate to install properly. I have tried every conceivable combinations to getting my browser to NOT pop up the Security Alart dialog. Most documentation I've read seems to tell me to import the CA chain to my keystore first, then my signed certificate from Digsigtrust. I've had no success. My issue seems to be obtaining the correct Chain certificate from Digsigtrust. Can someone advise me which is the closet server to Tomcat 5: Apache + Mod/Open SSL Apache Raven Microsoft Internet Information Server 5 and 6 Microsoft Internet Information Server 4 iPlanet Enterprise Server 4.1 Domino 4.6 and Higher Netscape Enterprise Server 3.6.1 Stronghold 3.0 Others/Misc This should be a step in the right direction. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL
On Sun, 27 Feb 2005 16:22:52 -0800 (PST), deepak suldhal [EMAIL PROTECTED] wrote: Hi I followed the document http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html and reached to a point where I created .keystore file. * This .keystore is now located at C:\Documents and Settings\Owner * Where as my Tomcat is at C:\jakarta-tomcat-5.0.28 What is the default location that tomcat expects this .keystore file. Search for keystoreFile in that document and you will receive your answer... Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL : Want Client Authentication but not Server Authentication
I've never heard of being able to connect using SSL without a server certificate. But you don't have to spend money to get one: just use a self-signed certificate. Onkar Singh wrote: Hi , I want Client ( Web Browser) to be authenticated and not the Server ( Web Server). Is it possible to achieve or not because as far as i know JSSE and Claymore' PureTLS (SSL implementations) both make Server authentication mandatory !! Thanks in advance !! Onkar __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - 4.1 - SSL redirect only works on ports 80 and 443
Dave- Please post the non-ssl and ssl connector fields from your server.xml file Azam Khan -Original Message- From: David Austin [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 10, 2004 9:53 AM To: [EMAIL PROTECTED] Subject: Tomcat - 4.1 - SSL redirect only works on ports 80 and 443 Good Morning, This is my first post to this site, so please go easy on me... I am running a tomcat 4.1 standalone server and I am trying to implement an SSL connector. I followed the instructions and was able to successfully get it to work with one problem: For some reason the redirect only works when i set the non-SSL port to 80 and the SSL port to 443. When I try any other ports (including the default ports 8080, and 8443), it fails to redirect. When I type https://localhost:8080 i get a page not found or other browser error. When I change the ports to 80 and 443 respectively, and type in https://localhost/ it works fine. I am running Fedora linux Any ideas? Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - 4.1 - SSL redirect only works on ports 8
Ok, here are my connector tags: !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=1 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=1 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS / /Connector - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat smtp SSL transport?
Hi, Tomcat only ships with the basic JavaMail provider, which IIRC doesn't have S/MIME support. You have to get a 3rd party library, such as CryptoMail (a SourceForge project IIRC), and use it. You might need to write a trivial CryptoMailSessionFactory to use as the Bean factory for Tomcat's JNDI resource. Or you could use the library directory from your webapp without going through Tomcat and its JNDI resources. There are numerous providers of S/MIME support for JavaMail listed on the JavaMail java.sun.com site. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 6:04 PM To: Tomcat Users List Subject: Tomcat smtp SSL transport? I need to send email from Tomcat: - smtp server on localhost. - port 465. - smtp encrypts messages using SSL. - smtp authenticates users via CRAM-MD5. I probably need to add more parameters ResourceParams name=mail/Session parameternamemail.smtp.host/namevalue127.0.0.1/value/paramet er parameternamemail.smtp.port/namevalue465/value/parameter /ResourceParams 1. Do I need to set a specific mail.class of the provider, which and how ? 2. How to specify SSL encryption ? 3. How to specify CRAM-MD5 authentication ? Thanks! Evgeny __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat smtp SSL transport?
Hi Yoav. Tomcat and QMail are installed on same host. Currently clients (Mozilla-mail, KMail, ect) send email using SSL encryption. I need also send e-mails from Tomcat. Can I configure Tomcat server.xml or QMail or smtp relay (/etc/tcp.smtp) or ? to send e-mail via TCP and not SSL? Thanks! Evgeny --- Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Tomcat only ships with the basic JavaMail provider, which IIRC doesn't have S/MIME support. You have to get a 3rd party library, such as CryptoMail (a SourceForge project IIRC), and use it. You might need to write a trivial CryptoMailSessionFactory to use as the Bean factory for Tomcat's JNDI resource. Or you could use the library directory from your webapp without going through Tomcat and its JNDI resources. There are numerous providers of S/MIME support for JavaMail listed on the JavaMail java.sun.com site. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 6:04 PM To: Tomcat Users List Subject: Tomcat smtp SSL transport? I need to send email from Tomcat: - smtp server on localhost. - port 465. - smtp encrypts messages using SSL. - smtp authenticates users via CRAM-MD5. I probably need to add more parameters ResourceParams name=mail/Session parameternamemail.smtp.host/namevalue127.0.0.1/value/paramet er parameternamemail.smtp.port/namevalue465/value/parameter /ResourceParams 1. Do I need to set a specific mail.class of the provider, which and how ? 2. How to specify SSL encryption ? 3. How to specify CRAM-MD5 authentication ? Thanks! Evgeny __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat smtp SSL transport?
Hi, I personally don't know, as I haven't tried it. But it's more of a JavaMail question than a Tomcat question. All Tomcat does is provide a Bean factory for the normal JavaMail Session objects. Tomcat doesn't provide customized mail Session objects or anything like that. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 9:46 AM To: Tomcat Users List Subject: RE: Tomcat smtp SSL transport? Hi Yoav. Tomcat and QMail are installed on same host. Currently clients (Mozilla-mail, KMail, ect) send email using SSL encryption. I need also send e-mails from Tomcat. Can I configure Tomcat server.xml or QMail or smtp relay (/etc/tcp.smtp) or ? to send e-mail via TCP and not SSL? Thanks! Evgeny --- Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Tomcat only ships with the basic JavaMail provider, which IIRC doesn't have S/MIME support. You have to get a 3rd party library, such as CryptoMail (a SourceForge project IIRC), and use it. You might need to write a trivial CryptoMailSessionFactory to use as the Bean factory for Tomcat's JNDI resource. Or you could use the library directory from your webapp without going through Tomcat and its JNDI resources. There are numerous providers of S/MIME support for JavaMail listed on the JavaMail java.sun.com site. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 6:04 PM To: Tomcat Users List Subject: Tomcat smtp SSL transport? I need to send email from Tomcat: - smtp server on localhost. - port 465. - smtp encrypts messages using SSL. - smtp authenticates users via CRAM-MD5. I probably need to add more parameters ResourceParams name=mail/Session parameternamemail.smtp.host/namevalue127.0.0.1/value/parame t er parameternamemail.smtp.port/namevalue465/value/parameter /ResourceParams 1. Do I need to set a specific mail.class of the provider, which and how ? 2. How to specify SSL encryption ? 3. How to specify CRAM-MD5 authentication ? Thanks! Evgeny __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat smtp SSL transport?
Well, it could be a certificate issue. tail -f /var/log/qmail/smtpd/current | tai64nlocal ... 454 TLS connection failed: error:14094416:SSL routines:SSL _READ_BYTES:sslv3 alert certificate unknown (#4.3.0) Looks like I need to import qmail's clientcert.pem into Tomcat or Java trustStore. Thanks Evgeny --- Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, I personally don't know, as I haven't tried it. But it's more of a JavaMail question than a Tomcat question. All Tomcat does is provide a Bean factory for the normal JavaMail Session objects. Tomcat doesn't provide customized mail Session objects or anything like that. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 9:46 AM To: Tomcat Users List Subject: RE: Tomcat smtp SSL transport? Hi Yoav. Tomcat and QMail are installed on same host. Currently clients (Mozilla-mail, KMail, ect) send email using SSL encryption. I need also send e-mails from Tomcat. Can I configure Tomcat server.xml or QMail or smtp relay (/etc/tcp.smtp) or ? to send e-mail via TCP and not SSL? Thanks! Evgeny --- Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Tomcat only ships with the basic JavaMail provider, which IIRC doesn't have S/MIME support. You have to get a 3rd party library, such as CryptoMail (a SourceForge project IIRC), and use it. You might need to write a trivial CryptoMailSessionFactory to use as the Bean factory for Tomcat's JNDI resource. Or you could use the library directory from your webapp without going through Tomcat and its JNDI resources. There are numerous providers of S/MIME support for JavaMail listed on the JavaMail java.sun.com site. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Evgeny Gesin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 6:04 PM To: Tomcat Users List Subject: Tomcat smtp SSL transport? I need to send email from Tomcat: - smtp server on localhost. - port 465. - smtp encrypts messages using SSL. - smtp authenticates users via CRAM-MD5. I probably need to add more parameters ResourceParams name=mail/Session parameternamemail.smtp.host/namevalue127.0.0.1/value/parame t er parameternamemail.smtp.port/namevalue465/value/parameter /ResourceParams 1. Do I need to set a specific mail.class of the provider, which and how ? 2. How to specify SSL encryption ? 3. How to specify CRAM-MD5 authentication ? Thanks! Evgeny __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 SSL problem
Hola Frank, I'm doing it too. My server.xml configuration is: Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true keystoreFile=e:\java\pruebas\WSOverSSL\server.keystore keystorePass=changeit clientAuth=true sslProtocol=TLS/ I don't know if it's the best but the Tomcat Run. Now I'm trying to indetify/authentificate my WS-Client. Con fecha viernes, 27 de agosto de 2004, 19:09:03, escribiste: FZ Hello all. I'm trying to get SSL working on my Tomcat 5.0.27 instance... FZ I've read all the how-to's and spent an hour Googling, but I can't get past FZ an issue I'm having... FZ I have the following entry in my server.xml: FZ Connector className=org.apache.coyote.tomcat5.CoyoteConnector FZ port=8443 minProcessors=5 maxProcessors=75 FZ enableLookups=true FZ acceptCount=100 debug=0 scheme=https secure=true FZ useURIValidationHack=false disableUploadTimeout=true FZ Factory FZ className=org.apache.coyote.tomcat5.CoyoteServerSocketFactory FZ keystoreFile=c:\tomcat\.keystore keystorePass=my_password FZ clientAuth=false protocol=TLS / FZ /Connector FZ The keystore file is there, and I believe generated properly, as per the FZ how-to instructions. When I start Tomcat however, I get the following FZ exception: FZ [INFO] Http11Protocol - Initializing Coyote HTTP/1.1 on http-8181 FZ [ERROR] Http11Protocol - Error initializing socket factory FZ java.lang.ClassNotFo FZ undException: Can't find any SSL implementationjava.lang.ClassNotFoundException FZ : Can't find any SSL implementation FZ at FZ org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement FZ ation.java:57) FZ at FZ org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement FZ ation.java:63) FZ at FZ org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Prot FZ ocol.java:770) FZ at FZ org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:119) FZ at FZ org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. FZ java:1429) FZ at FZ org.apache.catalina.core.StandardService.initialize(StandardService.j FZ ava:609) FZ at FZ org.apache.catalina.core.StandardServer.initialize(StandardServer.jav FZ a:2384) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:507) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:528) FZ at java.lang.reflect.Method.invoke(Native Method) FZ at FZ org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) FZ at FZ org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) FZ [ERROR] Catalina - Catalina.start LifecycleException: Protocol handler FZ initial FZ ization failed: java.lang.ClassNotFoundException: Can't find any SSL FZ implementat FZ ionLifecycleException: Protocol handler initialization failed: FZ java.lang.Class FZ NotFoundException: Can't find any SSL implementation FZ at FZ org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector. FZ java:1431) FZ at FZ org.apache.catalina.core.StandardService.initialize(StandardService.j FZ ava:609) FZ at FZ org.apache.catalina.core.StandardServer.initialize(StandardServer.jav FZ a:2384) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:507) FZ at FZ org.apache.catalina.startup.Catalina.load(Catalina.java:528) FZ at java.lang.reflect.Method.invoke(Native Method) FZ at FZ org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) FZ at FZ org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421) FZ Tomcat DOES continue to run, but obviously without SSL working. Any ideas? FZ Thanks all! FZ Frank W. Zammetti FZ Founder and Chief Software Architect FZ Omnytex Technologies FZ www.omnytex.com FZ _ FZ Get ready for school! Find articles, homework help and more in the Back to FZ School Guide! http://special.msn.com/network/04backtoschool.armx FZ - FZ To unsubscribe, e-mail: [EMAIL PROTECTED] FZ For additional commands, e-mail: FZ [EMAIL PROTECTED] -- Saludos, Danielmailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 + SSL = Problems
On 7/8/2004 3:46 PM, Fredrik Liden wrote: I followed the instructions on the tomcat SSL Config page. I generated the .keystore file using changeit password. When I go to the test page http://localhost:8443/ I see 5 squares up in the left corner and that's it. Anyone encountered this?? I'm not sure how to proceed. Use https://... instead of http://... I'm using Jdk 1.4.1 so I shouldn't have to download the JSSE files according to the instructions. Anyone please! /Fredrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 + SSL = Problems
=== Thu, Jul 08, 2004 at 05:35:05PM -0700 / Dennis Dai === I followed the instructions on the tomcat SSL Config page. I generated the .keystore file using changeit password. When I go to the test page http://localhost:8443/ I see 5 squares up in the left corner and that's it. Anyone encountered this?? I'm not sure how to proceed. Use https://... instead of http://... I'm using Jdk 1.4.1 so I shouldn't have to download the JSSE files according to the instructions. Anyone please! /Fredrik === End Quote === Wow, if only I'd held off a few more minutes on my mail; thanks, this was my problem as well. Is there a reason there's not a more legible error? Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 + SSL = Problems
: Use https://... instead of http://... : : Wow, if only I'd held off a few more minutes on my mail; thanks, this : was my problem as well. Is there a reason there's not a more legible : error? The server expects to complete an SSL-enabled handshake before your HTTP-level request makes it to Tomcat proper. Since you don't issue the GET/POST to Tomcat in this case, it certainly can't generate an HTTP-level error page in response. Sniff the connection and you'll see. The four squares are likely your brower's approximation of the non-ASCII chars it received from the server when attempting a handshake. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 + SSL = Problems
On 7/8/2004 7:39 PM, QM wrote: : Use https://... instead of http://... : : Wow, if only I'd held off a few more minutes on my mail; thanks, this : was my problem as well. Is there a reason there's not a more legible : error? The server expects to complete an SSL-enabled handshake before your HTTP-level request makes it to Tomcat proper. Since you don't issue the GET/POST to Tomcat in this case, it certainly can't generate an HTTP-level error page in response. Sniff the connection and you'll see. The four squares are likely your brower's approximation of the non-ASCII chars it received from the server when attempting a handshake. -QM Don't know how Apache's httpd server handles it - if I send an http request to the https port (eg. http://www.domain.com:443) which has ssl support, it managed to display something like: Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://www.domain.com:443/; I wonder if it's possible to hack the coyote connector to have the same behavior ... Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat with ssl
Hello, in the official tomcat docu there is a good chapter about how to configure Tomcat with ssl. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html Check it out! Regards, Thilo Hi, I search a good description to configure tomcat with ssl on port 443 and redirect from port 80. Has anyone a good solution? Regards, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
I followed John Turner's Web page: http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-how-to.html and it worked perfectly. This site is only for connecting Tomcat and apache through a connector. But not sure about the ssl. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:41 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
Thanks Claudia, Do you know about TC5 and A2 -Mensaje original- De: Casas, Claudia [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 02:48 p.m. Para: Tomcat Users List Asunto: RE: Tomcat + Apache + SSL I followed John Turner's Web page: http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-how-to.html and it worked perfectly. This site is only for connecting Tomcat and apache through a connector. But not sure about the ssl. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:41 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 3:46 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
I tried did try to install tomcat5 and apache2 with success following the same steps. BUT, I could not get the connector working since it is recommended that you use the jk2 connector when using tomcat5 already. If you get it working, please let me know. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 3:46 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks Claudia, Do you know about TC5 and A2 -Mensaje original- De: Casas, Claudia [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 02:48 p.m. Para: Tomcat Users List Asunto: RE: Tomcat + Apache + SSL I followed John Turner's Web page: http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-how-to.html and it worked perfectly. This site is only for connecting Tomcat and apache through a connector. But not sure about the ssl. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:41 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 3:46 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately
Re: Tomcat with SSL
I believe that you can't use IBM's JSSE with the HttpConnector. You have to use the CoyoteConnector. Hiemer, Bernhard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Tomcat-Users, I found out, that my problem depends on the configuration of the security providers in the java.security file. (On my machine is installed jsse from IBM and Sun). If the configuration is security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.jsse.JSSEProvider security.provider.3=com.sun.net.ssl.internal.ssl.Provider I get the following Exception Catalina.start: LifecycleException: null.open: java.security.NoSuchAlgorithmException: Class com.ibm.jsse.ba configured for SSLContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) at org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) ... In the other case, when the configuration-file looks like security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.ibm.jsse.JSSEProvider this error message occurs: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError The relevant part of the server.xml file is: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS keystoreFile=C:\Programme\IBM\WebSphere Studio\Application Developer\v5.1\runtimes\base_v5\java\jre\lib\security\test keystorePass=changeit / /Connector In the first case it looks like the two different jsse implementations cause the problem. But how to configure it right? Can anyone give me any suggestions? Thanks Bernhard -Ursprüngliche Nachricht- Von: Hiemer, Bernhard Gesendet: Freitag, 16. April 2004 08:00 An: '[EMAIL PROTECTED]' Betreff: Tomcat with SSL Hi at all! I´m trying to configure my Tomcat-Standalone for SSL-Support. I use Win XP, JRE 1.3.1 and JSSE 1.0.3_02. The Tomcat-Versions I tried are 4.1.30 and 5.0.19. I worked along the HOW-TO on the Jakarta-Website: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html BUT I receive the following error on startup of Tomcat: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError I have already tried the Options -Xmx512m -Xms128m to give the VM more memory. What´s to do now? Thanks in advance for each little help! Bernhard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat with SSL
Thanks for your reply! I configured my server.xml like this: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=C:\Programme\IBM\WebSphere Studio\Application Developer\v5.1\runtimes\base_v5\java\jre\lib\security\test keystorePass=changeit / /Connector But there are the same effects ... -Ursprüngliche Nachricht- Von: Bill Barker [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 22. April 2004 08:38 An: [EMAIL PROTECTED] Betreff: Re: Tomcat with SSL I believe that you can't use IBM's JSSE with the HttpConnector. You have to use the CoyoteConnector. Hiemer, Bernhard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Tomcat-Users, I found out, that my problem depends on the configuration of the security providers in the java.security file. (On my machine is installed jsse from IBM and Sun). If the configuration is security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.jsse.JSSEProvider security.provider.3=com.sun.net.ssl.internal.ssl.Provider I get the following Exception Catalina.start: LifecycleException: null.open: java.security.NoSuchAlgorithmException: Class com.ibm.jsse.ba configured for SSLContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) at org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) ... In the other case, when the configuration-file looks like security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.ibm.jsse.JSSEProvider this error message occurs: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError The relevant part of the server.xml file is: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS keystoreFile=C:\Programme\IBM\WebSphere Studio\Application Developer\v5.1\runtimes\base_v5\java\jre\lib\security\test keystorePass=changeit / /Connector In the first case it looks like the two different jsse implementations cause the problem. But how to configure it right? Can anyone give me any suggestions? Thanks Bernhard -Ursprüngliche Nachricht- Von: Hiemer, Bernhard Gesendet: Freitag, 16. April 2004 08:00 An: '[EMAIL PROTECTED]' Betreff: Tomcat with SSL Hi at all! I´m trying to configure my Tomcat-Standalone for SSL-Support. I use Win XP, JRE 1.3.1 and JSSE 1.0.3_02. The Tomcat-Versions I tried are 4.1.30 and 5.0.19. I worked along the HOW-TO on the Jakarta-Website: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html BUT I receive the following error on startup of Tomcat: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError I have already tried the Options -Xmx512m -Xms128m to give the VM more memory. What´s to do now? Thanks in advance for each little help! Bernhard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat with SSL
It looks like you are using WebSphere and may be getting tangled up in IBM's version of Sun's JSSE. I ran into a similar problem on an IBM iSeries server and posted my eventual soultion here: http://www-106.ibm.com/developerworks/forums/dw_thread.jsp?forum=178thread=26188message=2377519cat=10q=%22IBM+JSSE%22+%2B%22iSeries%22#2377519 (Let me know if the link doesn't work) If you are not on the iSeries then the important point of the initial part about the provider is to have the IBM provider com.ibm.jsse.IBMJSSEProvider in front of Sun's provider. The rest should apply without any change. Note the inclusion of algorithm=IbmX509 in the server.xml HTTPS connector tag. It's case sensitive which can be tricky. I hope this helps! Jason --- Hiemer, Bernhard [EMAIL PROTECTED] wrote: Thanks for your reply! I configured my server.xml like this: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=C:\Programme\IBM\WebSphere Studio\Application Developer\v5.1\runtimes\base_v5\java\jre\lib\security\test keystorePass=changeit / /Connector But there are the same effects ... -Ursprüngliche Nachricht- Von: Bill Barker [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 22. April 2004 08:38 An: [EMAIL PROTECTED] Betreff: Re: Tomcat with SSL I believe that you can't use IBM's JSSE with the HttpConnector. You have to use the CoyoteConnector. Hiemer, Bernhard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Tomcat-Users, I found out, that my problem depends on the configuration of the security providers in the java.security file. (On my machine is installed jsse from IBM and Sun). If the configuration is security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.jsse.JSSEProvider security.provider.3=com.sun.net.ssl.internal.ssl.Provider I get the following Exception Catalina.start: LifecycleException: null.open: java.security.NoSuchAlgorithmException: Class com.ibm.jsse.ba configured for SSLContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) at org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) ... In the other case, when the configuration-file looks like security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.ibm.jsse.JSSEProvider this error message occurs: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError The relevant part of the server.xml file is: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS keystoreFile=C:\Programme\IBM\WebSphere Studio\Application Developer\v5.1\runtimes\base_v5\java\jre\lib\security\test keystorePass=changeit / /Connector In the first case it looks like the two different jsse implementations cause the problem. But how to configure it right? Can anyone give me any suggestions? Thanks Bernhard -Ursprüngliche Nachricht- Von: Hiemer, Bernhard Gesendet: Freitag, 16. April 2004 08:00 An: '[EMAIL PROTECTED]' Betreff: Tomcat with SSL Hi at all! I´m trying to configure my Tomcat-Standalone for SSL-Support. I use Win XP, JRE 1.3.1 and JSSE 1.0.3_02. The Tomcat-Versions I tried are 4.1.30 and 5.0.19. I worked along the HOW-TO on the Jakarta-Website: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html BUT I receive the following error on startup of Tomcat: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError I have already tried the Options -Xmx512m -Xms128m to give the VM more memory. What´s to do now? Thanks in advance for each little help! Bernhard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25¢ http://photos.yahoo.com/ph/print_splash
Re: Tomcat with SSL
Hi Tomcat-Users, I found out, that my problem depends on the configuration of the security providers in the java.security file. (On my machine is installed jsse from IBM and Sun). If the configuration is security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.jsse.JSSEProvider security.provider.3=com.sun.net.ssl.internal.ssl.Provider I get the following Exception Catalina.start: LifecycleException: null.open: java.security.NoSuchAlgorithmException: Class com.ibm.jsse.ba configured for SSLContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) at org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocContext not a SSLContext at com.sun.net.ssl.SunJSSE_b.a(DashoA6275) at com.sun.net.ssl.SSLContext.getInstance(DashoA6275) ... In the other case, when the configuration-file looks like security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.ibm.jsse.JSSEProvider this error message occurs: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError The relevant part of the server.xml file is: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS keystoreFile=C:\Programme\IBM\WebSphere Studio\Application Developer\v5.1\runtimes\base_v5\java\jre\lib\security\test keystorePass=changeit / /Connector In the first case it looks like the two different jsse implementations cause the problem. But how to configure it right? Can anyone give me any suggestions? Thanks Bernhard -Ursprüngliche Nachricht- Von: Hiemer, Bernhard Gesendet: Freitag, 16. April 2004 08:00 An: '[EMAIL PROTECTED]' Betreff: Tomcat with SSL Hi at all! I´m trying to configure my Tomcat-Standalone for SSL-Support. I use Win XP, JRE 1.3.1 and JSSE 1.0.3_02. The Tomcat-Versions I tried are 4.1.30 and 5.0.19. I worked along the HOW-TO on the Jakarta-Website: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html BUT I receive the following error on startup of Tomcat: java.lang.reflect.InvocationTargetException: java.lang.OutOfMemoryError I have already tried the Options -Xmx512m -Xms128m to give the VM more memory. What´s to do now? Thanks in advance for each little help! Bernhard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Hi again, Now that the VeriSign Global Server ID Intermediate Root cert has expired I have to replace the Intermediate Root cert on the server. There is an example on how to replace the cert on an apache server on their website (and that works fine), but no instructions how to replace it on an standalone tomcat server. It seems that the only way to solve this problem is to get a new cert from VeriSign. The german support-team had no problem to give me a new one for free because they think that the expiration is their problem, so they do anything to help the customer! To get a new cert just follow the instructions written down in the tomcat documentation (generate key, csr, get csr-response, import response). Thx again for your replies! Joern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Jörn Böckenkamp wrote: It IS easy when you're using a self-signed cert, but I have to use one from VeriSign and I don't think that I can regenerate the VeriSign cert with a new date :-) Did you try importing the new certificate directly into the user's keystore? For example, if you run the service as root , you'll have to remove the old certificate and import the new one into /.keystore (in UNIX of course) with alias 'tomcat'. I'd recommend you backup the keystore file before you make any changes to it. Also, restart the server after you make the change, so TC starts up with the new certificate. HTH, -- Ankur - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Hi Yan, Now that the VeriSign Global Server ID Intermediate Root cert has expired I have to replace the Intermediate Root cert on the server. There is an example on how to replace the cert on an apache server on their website (and that works fine), but no instructions how to replace it on an standalone tomcat server. Hi, what i did for my local machine(TOMCAT-STANDALONE) was regenerate the certificate with a new date and everything worked fine. it's supposed to be easy. It IS easy when you're using a self-signed cert, but I have to use one from VeriSign and I don't think that I can regenerate the VeriSign cert with a new date :-) JB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Oh I see. You got a new one from them, installed for apache OK, but having trouble install it on Tomcat-StandAlone. Well, since you paid for it, you might as well ask them to see if they can give you any support:). Oh, I did a man keytool, it seems that you can import a certificate. What happens if you do that? -Yan -Original Message- From: Jörn Böckenkamp [mailto:[EMAIL PROTECTED] Sent: Friday, February 27, 2004 5:41 AM To: Tomcat Users List Subject: Re: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root Hi Yan, Now that the VeriSign Global Server ID Intermediate Root cert has expired I have to replace the Intermediate Root cert on the server. There is an example on how to replace the cert on an apache server on their website (and that works fine), but no instructions how to replace it on an standalone tomcat server. Hi, what i did for my local machine(TOMCAT-STANDALONE) was regenerate the certificate with a new date and everything worked fine. it's supposed to be easy. It IS easy when you're using a self-signed cert, but I have to use one from VeriSign and I don't think that I can regenerate the VeriSign cert with a new date :-) JB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root
Hi, what i did for my local machine(TOMCAT-STANDALONE) was regenerate the certificate with a new date and everything worked fine. it's supposed to be easy. i forgot what i did with the params actually. well, i don't have to worry about it for another 10 years on my local machine now:). -yan -Original Message- From: Jörn Böckenkamp [mailto:[EMAIL PROTECTED] Sent: Thursday, February 26, 2004 5:53 AM To: [EMAIL PROTECTED] Subject: Tomcat and SSL: problem with expiration of VeriSign Global Server ID Intermediate Root Hi there, I'm using Tomcat standalone with SSL and a VeriSign certificate on SUN Solaris 9 and Linux (debian 3.0, 2.4.25). Now that the VeriSign Global Server ID Intermediate Root cert has expired I have to replace the Intermediate Root cert on the server. There is an example on how to replace the cert on an apache server on their website (and that works fine), but no instructions how to replace it on an standalone tomcat server. I don't want users to have to install the new Intermediate Root cert into their Internet Explorer or other browser ... Does anybody now how to solve that? I have already read these pages: https://www.verisign.com/support/site/caReplacement.html http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.html http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html Thx in advance, Joern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat und SSL
Unless you've resolved the issue recently, both URIs come up fine for me. Tested on Mozilla 1.6b and IE 6.0 Lars Schreiber wrote: Hi thanks for help and for confidene to my english knowledge :-) in order that you understand my problem.. i have prepared a link for you https://test.extremewebs.de:8443/test/StatusServlet if im use the link over the mod_jk2 he works fine https://test.extremewebs.de/test/StatusServlet but here ist the problem, as soon as put html form tags or links etc to my servlet the server response a information about unsecure parts on my website. i dont have find any good solution to work with apache and tomcat together someone dont work if anybody here to explain me step to step how to setup a apache with ssl and a conector to tomcat with ssl ? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat und SSL
I never done that myself. But it would surprise me if the tomcat website at http://jakarta.apache.org doesn't have good documentation on it. Adam On 01/24/2004 07:49 PM Lars Schreiber wrote: Hi thanks for help and for confidene to my english knowledge :-) in order that you understand my problem.. i have prepared a link for you https://test.extremewebs.de:8443/test/StatusServlet if im use the link over the mod_jk2 he works fine https://test.extremewebs.de/test/StatusServlet but here ist the problem, as soon as put html form tags or links etc to my servlet the server response a information about unsecure parts on my website. i dont have find any good solution to work with apache and tomcat together someone dont work if anybody here to explain me step to step how to setup a apache with ssl and a conector to tomcat with ssl ? Thanks - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Saturday, January 24, 2004 5:07 PM Subject: Re: Tomcat und SSL Hi Lars, just try it - there's often /really/ bad English on the list, and people still understand. As long as you keep it simple! Anyway, what you want to do is just connect via HTTPS, correct? And you say, your browser gives the message choose a certificate? I don't understand why you see that. I have never seen this message. Which browser? What URL do you type in? Is it https://localhost:8443/ Did you double check your server.xml config? Adam On 01/24/2004 02:53 PM Lars Schreiber wrote: -- i know that is an english mailinglist but if im try to describe my problem in english i dont think that anybody unstand me -- Hallo Ich habe mit hier eine Tomcat Installation mit SSL Unterstuetzung und einen .keytsore erzeugt und zwar nach diesem Verfahren keytool -genkey -v -keyalg RSA -alias tomcat -keypass changeit -storepass changeit -dname CN=Jens Mander, OU=-, O=-, L=Aachen, S=NRW, C=DE das passwort trage ich noch in den SSL Connector ein und starte den Tomcat neu daraufhin lade ich meine gewuenschte seite ueber port 8443 per Browser kommt die Aufforderung ich soll ein Zertifikat aussuchen ?!?!!? ich hab aber keins .. demnach waehle ich keins aus die seite baut sich daraufhin nicht auf und der vorgang bricht ab was habe ich falsch gemacht ? kann mir irgendjemand hier helfen ? Danke -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat with SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Freitag, 23. Januar 2004 18:49 schrieb Ralf Schneider: Hi, I want to try out SSL connections with Tomcat 5.0.16. I followed the instructions in the docs and generated a certificate with keytool which is stored under /root/.keystore and uncommented the SSL connector in server.xml: Sorry, the server is behind a firewall and I had to enable port 8443 first. After that, everything worked fine. Ralf. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAEpTD7YyyfykA0YkRAoRnAJ9Lb1Ei4MvrhOdvP7LRb5xknvPlmwCgjcEa mGqCaljrinV//2eqPo4PnB4= =Mk/v -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat und SSL
Hi Lars, just try it - there's often /really/ bad English on the list, and people still understand. As long as you keep it simple! Anyway, what you want to do is just connect via HTTPS, correct? And you say, your browser gives the message choose a certificate? I don't understand why you see that. I have never seen this message. Which browser? What URL do you type in? Is it https://localhost:8443/ Did you double check your server.xml config? Adam On 01/24/2004 02:53 PM Lars Schreiber wrote: -- i know that is an english mailinglist but if im try to describe my problem in english i dont think that anybody unstand me -- Hallo Ich habe mit hier eine Tomcat Installation mit SSL Unterstuetzung und einen .keytsore erzeugt und zwar nach diesem Verfahren keytool -genkey -v -keyalg RSA -alias tomcat -keypass changeit -storepass changeit -dname CN=Jens Mander, OU=-, O=-, L=Aachen, S=NRW, C=DE das passwort trage ich noch in den SSL Connector ein und starte den Tomcat neu daraufhin lade ich meine gewuenschte seite ueber port 8443 per Browser kommt die Aufforderung ich soll ein Zertifikat aussuchen ?!?!!? ich hab aber keins .. demnach waehle ich keins aus die seite baut sich daraufhin nicht auf und der vorgang bricht ab was habe ich falsch gemacht ? kann mir irgendjemand hier helfen ? Danke -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat und SSL
Hi thanks for help and for confidene to my english knowledge :-) in order that you understand my problem.. i have prepared a link for you https://test.extremewebs.de:8443/test/StatusServlet if im use the link over the mod_jk2 he works fine https://test.extremewebs.de/test/StatusServlet but here ist the problem, as soon as put html form tags or links etc to my servlet the server response a information about unsecure parts on my website. i dont have find any good solution to work with apache and tomcat together someone dont work if anybody here to explain me step to step how to setup a apache with ssl and a conector to tomcat with ssl ? Thanks - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Saturday, January 24, 2004 5:07 PM Subject: Re: Tomcat und SSL Hi Lars, just try it - there's often /really/ bad English on the list, and people still understand. As long as you keep it simple! Anyway, what you want to do is just connect via HTTPS, correct? And you say, your browser gives the message choose a certificate? I don't understand why you see that. I have never seen this message. Which browser? What URL do you type in? Is it https://localhost:8443/ Did you double check your server.xml config? Adam On 01/24/2004 02:53 PM Lars Schreiber wrote: -- i know that is an english mailinglist but if im try to describe my problem in english i dont think that anybody unstand me -- Hallo Ich habe mit hier eine Tomcat Installation mit SSL Unterstuetzung und einen .keytsore erzeugt und zwar nach diesem Verfahren keytool -genkey -v -keyalg RSA -alias tomcat -keypass changeit -storepass changeit -dname CN=Jens Mander, OU=-, O=-, L=Aachen, S=NRW, C=DE das passwort trage ich noch in den SSL Connector ein und starte den Tomcat neu daraufhin lade ich meine gewuenschte seite ueber port 8443 per Browser kommt die Aufforderung ich soll ein Zertifikat aussuchen ?!?!!? ich hab aber keins .. demnach waehle ich keins aus die seite baut sich daraufhin nicht auf und der vorgang bricht ab was habe ich falsch gemacht ? kann mir irgendjemand hier helfen ? Danke -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat / Apache / SSl
Software: Apache - 2.0.48 Tomcat - 4.1.29 OpenSSL - 0.9.6l [engine] 04 Nov 2003 Hi, I am trying to encrypt all data being transmitted from the client pc to the webserver, and also from the webserver to tomcat. I have only been working on tomcat for a couple of months but have experience on WebSphere. I have enabled ssl on both apache and on tomcat, and both are accessible directly: apache: https://host tomcat: https://host:8443 When I try set up a connector from apache to tomcat using port 8443 i get an Internal Server Error and the follwoing errors in the mod_jk log: [jk_ajp_common.c (661)]: In jk_endpoint_t::ajp_connect_to_endpoint, connected sd = 16 [jk_ajp_common.c (693)]: sending to ajp13 #358 [jk_ajp_common.c (966)]: ajp_send_request 2: request body to send 0 - request body to resend 0 [jk_ajp_common.c (755)]: ajp_connection_tcp_get_message: Error - Wrong message format 0x1503 [jk_ajp_common.c (1137)]: Error reading reply from tomcat. Tomcat is down or network problems. [jk_ajp_common.c (1290)]: ERROR: Receiving from tomcat failed, recoverable operation. err=2 [jk_ajp_common.c (1309)]: sending request to tomcat failed in send loop. err=2 [jk_ajp_common.c (1318)]: Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. Failed errno = 0 [jk_ajp_common.c (1529)]: Into jk_endpoint_t::done, closing connection 0 [jk_ajp_common.c (605)]: In jk_endpoint_t::ajp_close_endpoint Apache to Tomcat using the ajp13 connector over port 8009 works fine but I have a requirement to encrypt all data. Any ideas? Thanks, John Configs: --- Tomcat configs ## server.xml ... Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=true protocol=TLS / /Connector ... ## workers.properties workers.tomcat_home=/usr/jakarta-tomcat-4.1.29/ workers.java_home=/usr/java/j2sdk1.4.1_03/bin/java ps=/ worker.list=bob worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=bob worker.bob.port=8443 worker.bob.host=10.0.0.10 worker.bob.type=ajp13 worker.bob.lbfactor=1 --- Apache configs ## httpd.conf ... LoadModule jk_module modules/mod_jk.so JkWorkersFile /usr/jakarta-tomcat-4.1.29/conf/workers.properties JkLogFile /usr/httpd-2.0.48/logs/mod_jk-log JkLogLevel debug JkMount / bob JkMount /* bob ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat / Apache / SSl
You will use the same connector over port 8009. No additional connector needed over any other port. In your ssl.conf for apache, you will create a VirtualHost entry very much like the one that's in your httpd.conf file. In there you will do your JkMount declaratives, etc. BTW, I use 0.9.7c openssl because that one is patched for a vulnearability. Just thought I'd mention it eventhough you list yours as Nov 4, which probably means the patch was backported. Oscar http://daydream.stanford.edu/tomcat/install_web_services.html On Tue, 13 Jan 2004 [EMAIL PROTECTED] wrote: Software: Apache - 2.0.48 Tomcat - 4.1.29 OpenSSL - 0.9.6l [engine] 04 Nov 2003 Hi, I am trying to encrypt all data being transmitted from the client pc to the webserver, and also from the webserver to tomcat. I have only been working on tomcat for a couple of months but have experience on WebSphere. I have enabled ssl on both apache and on tomcat, and both are accessible directly: apache: https://host tomcat: https://host:8443 When I try set up a connector from apache to tomcat using port 8443 i get an Internal Server Error and the follwoing errors in the mod_jk log: [jk_ajp_common.c (661)]: In jk_endpoint_t::ajp_connect_to_endpoint, connected sd = 16 [jk_ajp_common.c (693)]: sending to ajp13 #358 [jk_ajp_common.c (966)]: ajp_send_request 2: request body to send 0 - request body to resend 0 [jk_ajp_common.c (755)]: ajp_connection_tcp_get_message: Error - Wrong message format 0x1503 [jk_ajp_common.c (1137)]: Error reading reply from tomcat. Tomcat is down or network problems. [jk_ajp_common.c (1290)]: ERROR: Receiving from tomcat failed, recoverable operation. err=2 [jk_ajp_common.c (1309)]: sending request to tomcat failed in send loop. err=2 [jk_ajp_common.c (1318)]: Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. Failed errno = 0 [jk_ajp_common.c (1529)]: Into jk_endpoint_t::done, closing connection 0 [jk_ajp_common.c (605)]: In jk_endpoint_t::ajp_close_endpoint Apache to Tomcat using the ajp13 connector over port 8009 works fine but I have a requirement to encrypt all data. Any ideas? Thanks, John Configs: --- Tomcat configs ## server.xml ... Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=true protocol=TLS / /Connector ... ## workers.properties workers.tomcat_home=/usr/jakarta-tomcat-4.1.29/ workers.java_home=/usr/java/j2sdk1.4.1_03/bin/java ps=/ worker.list=bob worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=bob worker.bob.port=8443 worker.bob.host=10.0.0.10 worker.bob.type=ajp13 worker.bob.lbfactor=1 --- Apache configs ## httpd.conf ... LoadModule jk_module modules/mod_jk.so JkWorkersFile /usr/jakarta-tomcat-4.1.29/conf/workers.properties JkLogFile /usr/httpd-2.0.48/logs/mod_jk-log JkLogLevel debug JkMount / bob JkMount /* bob ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 SSL Configuration
On Mon, 2004-01-12 at 21:39, Brian Boyle wrote: Hi! Can someone please tell me how to configure SSL for tomcat 5. There seems to be difference in the server.xml file from previous versions of tomcat so I am unsure of what to edit or add to it. i have this in my server.xml: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/etc/tomcat5/tomcat.keystore keystorePass=secret / hope this does help, cheers, martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5 SSL Configuration
I found very good instructions in both the Documentation section of the Tomcat site, and in the server.xml file itself. Look there. Make sure you use JDK 1.4.2_03 or higher (problem with expired CA certificate in previous versions). -Original Message- From: ext Brian Boyle [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 2:39 PM To: [EMAIL PROTECTED] Subject: Tomcat 5 SSL Configuration Hi! Can someone please tell me how to configure SSL for tomcat 5. There seems to be difference in the server.xml file from previous versions of tomcat so I am unsure of what to edit or add to it. Hope someone can help. Thanks, Brian _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SSL
Usually this means that you don't have your JkMount statements in your SSL VirtualHost (as well as the normal VirtualHost). Jeremy Whitlock [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Tomcat List, I currently have the following setup: Apache 2.0.48 + SSL (OpenSSL 0.9.7c) Tomcat 5.0.16 mod_jk 1.2 I can successfully access any page served by Apache over https but if I try to connect to Tomcat over SSL, it doesn't work. Now, I've read the docs located at: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html and it mentions two that if Tomcat is the standalone server, it could have SSL configured by un-commenting the SSL HTTP/1.1 Connector but if you are using Tomcat as a JSP/Servlet Container behind another server, you should configure the primary web server to handle the SSL connections from users. How would one do this? If I go to: https://localhost https://localhost/ everything works fine but if I go to: https://localhost/manager I get the 500 Internal Server Error error from Apache. What must I do to get Tomcat's connections from Apache to be SSL encrypted? Thanks, Jeremy Whitlock --- MCP/MCSA IT Manager for Star Precision, Inc. Phone: (970) 535-4795 Metro: (303) 926-0559 Fax: (970) 535-0780 Metro Fax: (303) 926-8557 http://www.starprecision.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4 + ssl + client authentication
Client cert verification is done against the TrustStore, not the KeyStore. Tomcat 5 has some improvements for this. Tomcat 4 is still a bit limited. I have no idea what is goin wrong. Can someone tell me how to make this work? Assuming that you don't want to just import the signing cert into cacerts (see the JSSE docs for how to do this), then you need to have something like: CATALINA_OPTS=-Djavax.net.ssl.trustStore=/path/to/my/truststore -Djavax.net .ssl.trustStorePassword=myTrustStorePassword At the moment, your TrustStore file has to be in the same format as your KeyStore file (a nasty limitation that I haven't gotten around to fixing :). Yep, done that. Yesterday after sending this mail I was able to get it to work authenticating using the imported client key in Mozilla and putting the signed client key in this truststore. So it is working now using Mozilla (nice). So now I found out there is a keyStore property as well (stupid me), and I was able to authenticate using my Java client against the server (nice again). If someone is interested in the code, this is the client part (just for testing): System.setProperty(javax.net.ssl.trustStore, f:/client.keystore); System.setProperty(javax.net.ssl.keyStore, f:/client.keystore); System.setProperty(javax.net.ssl.keyStorePassword,changeit); HttpClient httpclient = new HttpClient(); Protocol myhttps = new Protocol( https, new StrictSSLProtocolSocketFactory(false), 8443); httpclient.getHostConfiguration().setHost(myhost, 8443, myhttps); GetMethod httpget = new GetMethod(/); httpclient.executeMethod(httpget); with StrictSSLProtocolSocketFactory the same code as the sample code you can download from the Apache/HTTPClient site. One question though ... suppose the client keyStore has different keys, how can one tell to the code to use key A or key B (for the moment there's only one key in this keyStore). Using mozilla it is simple, he just asks which key to use. Thank you for your help. regards, Kenneth _ Mis onze Back To School special niet! http://www.msn.be/backtoschool - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4 + ssl + client authentication
Kenneth Westelinck [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, I've been searching the internet for 2 days now and still haven't found a solution for my problem. I am trying to set up a Tomcat 4 server running in HTTPS mode, contacted by a client written in Java. The client is using HTTPClient from apache. I have done everything the document at http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html describes. If I disable client authentication in the tomcat config, the client is able to comunicate with the server. If I enable the authentication the client aborts with the following exception: java.net.SocketException: Software caused connection abort: JVM_recv in socket input stream read at java.net.SocketInputStream.socketRead0(Native Method) ... I enabled all possible debugging on the Tomcat server and this is part of what I found in the console: Thread-10, WRITE: SSL v3.1 Handshake, length = 625 Thread-10, READ: SSL v3.1 Handshake, length = 141 *** Certificate chain *** Thread-10, SEND SSL v3.1 ALERT: fatal, description = bad_certificate Thread-10, WRITE: SSL v3.1 Alert, length = 2 The client's certificate cannot be bad. It was signed with the server's key and it's in the server's keystore. Client cert verification is done against the TrustStore, not the KeyStore. Tomcat 5 has some improvements for this. Tomcat 4 is still a bit limited. I have no idea what is goin wrong. Can someone tell me how to make this work? Assuming that you don't want to just import the signing cert into cacerts (see the JSSE docs for how to do this), then you need to have something like: CATALINA_OPTS=-Djavax.net.ssl.trustStore=/path/to/my/truststore -Djavax.net .ssl.trustStorePassword=myTrustStorePassword At the moment, your TrustStore file has to be in the same format as your KeyStore file (a nasty limitation that I haven't gotten around to fixing :). MTIA regards, Kenneth _ Op zoek naar makkelijk recept? http://www.msn.be/culinair - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 3.3, SSL and short handshake
Yuriy Stul [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I have Tomcat 3.3 with activated SSL. Everything works fine (HTTP, HTTPS). A problem is: when user connects with server via Microsoft Internet Explorer then Tomcat throws exception (SSL socket, socket was closed) but continues to work. I think I found problem - IE does two handshakes - usual (long and full), then closes socket and does short handshake (it is normally according to SSL protocol). In Tomcat 4.0.4 I didn't see this problem. My question is how to prevent output of this exception in Tomcat 3.3? The best way is probably to use the CoyoteConnector2 from Tomcat 3.3.2-dev (aka nightly). This has the best SSL support in the Tomcat 3 line (it's basically the same as the Tomcat 4.1.x code). Thanks in advance. = Yuriy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Apache + SSL
You can use mod_rewrite in Apache. It's been a while but I believe something such as this in your httpd.conf should do the trick: RewriteEngine On RewriteRule ^/securecontext(.*) https://servername/securecontext$1 [R] I may be off a bit, so check the docs at: http://httpd.apache.org/docs/mod/mod_rewrite.html or this helpful guide: http://www.engelschall.com/pw/apache/rewriteguide/ On Tue, 2003-09-23 at 12:04, Robert D. Abernethy IV wrote: I have apache set up to redirect requests for a specific context to Tomcat. I am curious if there is a way to force all requests to that context to be redirected through SSL. http://servername/securecontext -- https://servername/sercurecontext http://servername/everythingelse -- http://servername/everythingelse Is this something I set up in workers2.properties or httpd.conf? Can anyone point me at a decent tutorial? Thanks. Rob Abernethy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sean Bruton [EMAIL PROTECTED] Senior Engineer Network Services NeoSpire, Inc.www.neospire.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
I tried that with mixed results. I was able to use mod_rewrite to redirect non-Tomcat contexts, but was unable to redirect what I wanted. Does apache process the mod_jk stuff first? It looks like it is seeing securecontext and passing it to Tomcat before it gets to the rewrite rules. Here's my results using mod_rewrite (foo is a directory in the web server root, while secure context is a Tomcat webapp). http://servername/* - http://servername/* http://servername/foo - https://servername/foo http://servername/securecontext - http://servername/securecontext Rob Abernethy -Original Message- From: Sean Bruton [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 2:07 PM To: Tomcat Users List Subject: Re: Tomcat + Apache + SSL You can use mod_rewrite in Apache. It's been a while but I believe something such as this in your httpd.conf should do the trick: RewriteEngine On RewriteRule ^/securecontext(.*) https://servername/securecontext$1 [R] I may be off a bit, so check the docs at: http://httpd.apache.org/docs/mod/mod_rewrite.html or this helpful guide: http://www.engelschall.com/pw/apache/rewriteguide/ On Tue, 2003-09-23 at 12:04, Robert D. Abernethy IV wrote: I have apache set up to redirect requests for a specific context to Tomcat. I am curious if there is a way to force all requests to that context to be redirected through SSL. http://servername/securecontext -- https://servername/sercurecontext http://servername/everythingelse -- http://servername/everythingelse Is this something I set up in workers2.properties or httpd.conf? Can anyone point me at a decent tutorial? Thanks. Rob Abernethy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sean Bruton [EMAIL PROTECTED] Senior Engineer Network Services NeoSpire, Inc.www.neospire.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Apache + SSL
Where is Tim when you need him ;-). http://jakarta.apache.org/tomcat/faq/security.html#https Robert D. Abernethy IV [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have apache set up to redirect requests for a specific context to Tomcat. I am curious if there is a way to force all requests to that context to be redirected through SSL. http://servername/securecontext -- https://servername/sercurecontext http://servername/everythingelse -- http://servername/everythingelse Is this something I set up in workers2.properties or httpd.conf? Can anyone point me at a decent tutorial? Thanks. Rob Abernethy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat apache SSL
My first guess is that you are running a version 4.1.27. If so, you should see all sorts of errors in your Tomcat logs telling you what didn't work. If you want to know why earlier version don't work, search the archives or bugzilla. Elif Akten [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, I use apache web server and for jsp files I configureted tomcat. I try to make SSL connection with client authentication. I configureted apache and did nothing with tomcat (should I do??), it works, asks me for client certificate and verifys it. Everything looks fine but when I try to get client certificate from servlet it returns null, anybody knows ? Please Help Elif _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat IBM SSL Provider
I am still having trouble trying to use Tomcat with the IBM JVM 1.4 on AIX. I took the 4.1.26 jsse package and replaced to tomcat-util 4.1.24 jsse package files. I was running everything with 4.1.24 except for the 4.1.26 jsse package. When I brought Tomcat up I received some reflection error. I then just decide to use the tomcat-util.jar 4.1.26 with Tomcat 4.1.24. This seems to work better however I receive a SunX509 algorithm not found IO error. I have the Sun JSSE jars in my Tomcat Server lib and I entered them into the java.security file. I also had algorithm=IbmX509 set in the right place in my server.xml file. Tomcat seems to want to use SunX509 no matter what. I would greatly appreciate any help someone could give regarding this issue. Tim -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 11:40 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat IBM SSL Provider 4.1.26 is currently in it's evaluation period to determine what it's stability rating will be. The official release is likely to be the end of the week, or early next week. In the mean time, it is currently living at http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.26-alpha/, for anyone that wants to help out in the evaluation. Don't be scared off by the alpha label: That's just what it gets called until the evaluation period is over. McClure, Timothy J(IndSys, GE Interlogix) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] We are using what I thought was the lastest 4.1.24. I did not see an option for download 4.1.26 on the jakarta web page. Tim -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 11:09 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat IBM SSL Provider It mostly works in 4.1.26 (you still need the JSSE jar, but Tomcat won't use it). It should work completely in 4.1.27. If you are impatient, you can always grap the CVS code from jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse and compile it. To work with the IBM JVM, you also need to remember to set 'alogrithm=IbmX509' in the SocketFactory element in server.xml. McClure, Timothy J(IndSys, GE Interlogix) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am running Tomcat on AIX using JVM 1.4. When Tomcat comes up with SSL enabled it is looking for the Sun provider. I copied the Sun JSSE 1.3 jar into the Tomcat lib and this error went away. However I am having problems because I generated the certificate using the AIX keytool which used the IBM provider. This causes and IO Exception because the Sun provider is trying to use the certificate created by the IBM provider. The bottom line is how do I get Tomcat to use IBM as it's SSL provider Tim McClure [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 4.1.24 ssl with ibm jdk 1.4
With 4.1.26 you should be able to use IBM's 1.4 JVM with the jsse jar in server/lib. It will work without the jsee jar anywhere on the machine in 4.1.27. If you need it before then, you can grab the source files from the CVS and compile the fixed version yourself. Francois Lascelles [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I use tomcat 4.1.24 on a linux box and cannot get ssl going with ibm jvm 1.4. I DID set the algorithm=IbmX509 in the Factory element of server.xml and I also tried to copy jsse jars to server/lib directory but I always end up getting the following error message. NoClassDefFound : sun/security/provider/Sun At org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactor y(JSSEImplementation.java 90) -fl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat IBM SSL Provider
We are using what I thought was the lastest 4.1.24. I did not see an option for download 4.1.26 on the jakarta web page. Tim -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 11:09 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat IBM SSL Provider It mostly works in 4.1.26 (you still need the JSSE jar, but Tomcat won't use it). It should work completely in 4.1.27. If you are impatient, you can always grap the CVS code from jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse and compile it. To work with the IBM JVM, you also need to remember to set 'alogrithm=IbmX509' in the SocketFactory element in server.xml. McClure, Timothy J(IndSys, GE Interlogix) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am running Tomcat on AIX using JVM 1.4. When Tomcat comes up with SSL enabled it is looking for the Sun provider. I copied the Sun JSSE 1.3 jar into the Tomcat lib and this error went away. However I am having problems because I generated the certificate using the AIX keytool which used the IBM provider. This causes and IO Exception because the Sun provider is trying to use the certificate created by the IBM provider. The bottom line is how do I get Tomcat to use IBM as it's SSL provider Tim McClure [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat IBM SSL Provider
4.1.26 is currently in it's evaluation period to determine what it's stability rating will be. The official release is likely to be the end of the week, or early next week. In the mean time, it is currently living at http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.26-alpha/, for anyone that wants to help out in the evaluation. Don't be scared off by the alpha label: That's just what it gets called until the evaluation period is over. McClure, Timothy J(IndSys, GE Interlogix) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] We are using what I thought was the lastest 4.1.24. I did not see an option for download 4.1.26 on the jakarta web page. Tim -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 11:09 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat IBM SSL Provider It mostly works in 4.1.26 (you still need the JSSE jar, but Tomcat won't use it). It should work completely in 4.1.27. If you are impatient, you can always grap the CVS code from jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse and compile it. To work with the IBM JVM, you also need to remember to set 'alogrithm=IbmX509' in the SocketFactory element in server.xml. McClure, Timothy J(IndSys, GE Interlogix) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am running Tomcat on AIX using JVM 1.4. When Tomcat comes up with SSL enabled it is looking for the Sun provider. I copied the Sun JSSE 1.3 jar into the Tomcat lib and this error went away. However I am having problems because I generated the certificate using the AIX keytool which used the IBM provider. This causes and IO Exception because the Sun provider is trying to use the certificate created by the IBM provider. The bottom line is how do I get Tomcat to use IBM as it's SSL provider Tim McClure [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat IBM SSL Provider
It mostly works in 4.1.26 (you still need the JSSE jar, but Tomcat won't use it). It should work completely in 4.1.27. If you are impatient, you can always grap the CVS code from jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse and compile it. To work with the IBM JVM, you also need to remember to set 'alogrithm=IbmX509' in the SocketFactory element in server.xml. McClure, Timothy J(IndSys, GE Interlogix) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am running Tomcat on AIX using JVM 1.4. When Tomcat comes up with SSL enabled it is looking for the Sun provider. I copied the Sun JSSE 1.3 jar into the Tomcat lib and this error went away. However I am having problems because I generated the certificate using the AIX keytool which used the IBM provider. This causes and IO Exception because the Sun provider is trying to use the certificate created by the IBM provider. The bottom line is how do I get Tomcat to use IBM as it's SSL provider Tim McClure [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat 4.1.12 ssl connector stop responding
I know there was a bug with the coyote connector for tomcat 4.1.12 as I configured with apache. I upgraded to 4.1.18 and I have had no problems. -Original Message- From: ing.Marco Baiguera [mailto:[EMAIL PROTECTED]] Sent: Tue, February 04, 2003 5:09 AM To: [EMAIL PROTECTED] Subject: tomcat 4.1.12 ssl connector stop responding i'm using tomcat 4.1.12 on jdsk 1.4.0 as a standalone server with coyote http 1.1 connector having http (8080) connector accessible from internal lan only and https (8443) accessible from external hosts (natted to port 443) after two-three days tomcat stops responding on the https connector (runs ok on http) without any exception or log trace. any hint? follows my connector configuration. what about useURIValidationHack (can't find any documentation on this) ? thank you Connector className=org.apache.coyote.tomcat4.CoyoteConnector acceptCount=10 bufferSize=2048 connectionTimeout=6 debug=0 enableLookups=false maxProcessors=10 minProcessors=5 port=8443 protocolHandlerClassName=org.apache.coyote.http11.Http11Protocol proxyPort=0 redirectPort=8443 scheme=https secure=true tcpNoDelay=true useURIValidationHack=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false keystoreFile=/var/tomcat4/.keystore keystorePass=*** keystoreType=JKS protocol=TLS randomFile=/var/tomcat4/random.pem rootFile=/var/tomcat4/root.pem/ /Connector --- Ing. Marco Baiguera Web Application Designer T.C.TELECENTRAL s.r.l. Via Fura, 10 25122 Brescia - Italy Tel +39 030 3510711 Int + 39 030 3510816 NB. Nel rispetto della legge sulla privacy è fatto divieto di includere il presente indirizzo email in CC, Forwards e Mailing list senza previa autorizzazione. In caso di violazione della suddetta richiesta sarete perseguiti legalmente. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4 - SSL - Client Authentication
Have you checked the permissions to the directory where your keystore is held? The process running the webserver must of course be able to read the keystore. - CB Shiva.Devaguptapu wrote: Hi, I am using Tomcat 4 on a linux system. I am trying to enable SSL with client authentication enabled. I want the client to be the Internet Explorer, running on Win2K, my desktop. I found the following steps on the net and tried. * Create keys on the server * Create the certificate on the server * Uncomment the required part in the server.xml of Tomcat * Enter appropriate values for the attributes in server.xml as : Connector className=org.apache.catalina.connector.http.HttpConnector port=8453 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory keystoreFile=/home/shiva/tomcat/keystore/server.keystore keystorePass=changeit clientAuth=true protocol=TLS/ /Connector * Create keys on the client * Create the certificate on the client * Import the cliet certificate on the server * Import the client certificate into Internet Explorer Now I started tomcat and I tried to access from the IE, the URL https://192.168.200.12:8453 - then the Client Authentication dialog box appears without any certificates in the list, as a result I cannot select any certificate, and if I click on OK button, it says page cannot be displayed. I also tried importing the client certificate into $JAVA_HOME/jre/lib/security/cacerts on the serverand even that did not solve the problem and even I tried importing the server certificate on the client side into $JAVA_HOME/jre/lib/security/cacerts and into IE as well and even after the problem is not solved. I am including all the commands I used to perform the above steps. Can anyone help me out in getting this done. Thanks in advance, Shiva. = Commnands used = ***For generating server keys on Linux*** keytool -genkey -alias tomcat-sv \ -keyalg RSA -keypass changeit \ -storepass changeit \ -keystore $CATALINA_HOME/keystore/server.keystore ***this keystore directory is created by me*** --- ***For generating server cetificate on Linux*** keytool -export -alias tomcat-sv \ -storepass changeit \ -file server.cer \ -keystore $CATALINA_HOME/keystore/server.keystore --- ***For generating client keys on Win2K*** keytool -genkey -alias tomcat-cl ^ -keyalg RSA -keypass changeit ^ -storepass changeit ^ -keystore C:\ssltest\mykeystore\client.keystore --- ***For generating client cetificate on Win2K*** keytool -export -alias tomcat-cl ^ -storepass changeit ^ -file C:\ssltest\client.cer ^ -keystore C:\ssltest\mykeystore\client.keystore --- ***For importing the client certificate on the server*** keytool -import -v -trustcacerts \ -alias tomcat -file client.cer \ -keypass changeit \ -storepass changeit \ -keystore /home/lotto/lotto/utilities/tomcat/keystore/server.keystore = -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- . . . / This Cabinet is formd of Gold / And Pearl Crystal shining bright And within it opens into a World / . . . Another England there I saw / Another London with its Tower Another Thames other Hills / And another pleasant Surrey Bower . . . - from The Crystal Cabinet, a poem by William Blake. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4 - SSL - Client Authentication
Yes. Read and write as well. -Original Message- From: Christopher Mark Balz [mailto:[EMAIL PROTECTED]] Sent: Monday, January 20, 2003 2:58 PM To: Tomcat Users List Subject: Re: Tomcat 4 - SSL - Client Authentication Have you checked the permissions to the directory where your keystore is held? The process running the webserver must of course be able to read the keystore. - CB Shiva.Devaguptapu wrote: Hi, I am using Tomcat 4 on a linux system. I am trying to enable SSL with client authentication enabled. I want the client to be the Internet Explorer, running on Win2K, my desktop. I found the following steps on the net and tried. * Create keys on the server * Create the certificate on the server * Uncomment the required part in the server.xml of Tomcat * Enter appropriate values for the attributes in server.xml as : Connector className=org.apache.catalina.connector.http.HttpConnector port=8453 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory keystoreFile=/home/shiva/tomcat/keystore/server.keystore keystorePass=changeit clientAuth=true protocol=TLS/ /Connector * Create keys on the client * Create the certificate on the client * Import the cliet certificate on the server * Import the client certificate into Internet Explorer Now I started tomcat and I tried to access from the IE, the URL https://192.168.200.12:8453 - then the Client Authentication dialog box appears without any certificates in the list, as a result I cannot select any certificate, and if I click on OK button, it says page cannot be displayed. I also tried importing the client certificate into $JAVA_HOME/jre/lib/security/cacerts on the serverand even that did not solve the problem and even I tried importing the server certificate on the client side into $JAVA_HOME/jre/lib/security/cacerts and into IE as well and even after the problem is not solved. I am including all the commands I used to perform the above steps. Can anyone help me out in getting this done. Thanks in advance, Shiva. = Commnands used = ***For generating server keys on Linux*** keytool -genkey -alias tomcat-sv \ -keyalg RSA -keypass changeit \ -storepass changeit \ -keystore $CATALINA_HOME/keystore/server.keystore ***this keystore directory is created by me*** --- ***For generating server cetificate on Linux*** keytool -export -alias tomcat-sv \ -storepass changeit \ -file server.cer \ -keystore $CATALINA_HOME/keystore/server.keystore --- ***For generating client keys on Win2K*** keytool -genkey -alias tomcat-cl ^ -keyalg RSA -keypass changeit ^ -storepass changeit ^ -keystore C:\ssltest\mykeystore\client.keystore --- ***For generating client cetificate on Win2K*** keytool -export -alias tomcat-cl ^ -storepass changeit ^ -file C:\ssltest\client.cer ^ -keystore C:\ssltest\mykeystore\client.keystore --- ***For importing the client certificate on the server*** keytool -import -v -trustcacerts \ -alias tomcat -file client.cer \ -keypass changeit \ -storepass changeit \ -keystore /home/lotto/lotto/utilities/tomcat/keystore/server.keystore = -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- . . . / This Cabinet is formd of Gold / And Pearl Crystal shining bright And within it opens into a World / . . . Another England there I saw / Another London with its Tower Another Thames other Hills / And another pleasant Surrey Bower . . . - from The Crystal Cabinet, a poem by William Blake. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat standalone + SSL.
I think i've been schooled in this already, so please disregard this unless still want to comment on it... Thanks again and sorry for this post, but it was made one minute before I was kindly informed by Milt Epstein that there is no way of doing what i ask here... On Fri, 2002-12-06 at 16:48, Alexander Wallace wrote: Hello there... I have asked this question before but maybe with the wrong subject, so here i try again. I have a web app that needs to use SSL at one point, but not from the beginning. Now i understand tat once i start using SSL i need to stay in that mode, and that is fine. My problem is that when i'm in https mode, i need to get from the session some objects that were put there when the app was using http mode. I asumme this is becouse tomcat is creating a new session and encrypting it's id when https is used. But how can i have access to those objects? Has anyone experienced this situation? How did you fix it? Thanks in advance. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat and SSL
So I have added: auth-constraint role-name*/role-name /auth-constraint to the web.xml file's security constraint tags. But still I get nothing. As I watch the logs below: 2002-12-02 16:18:33 Authenticator[/a/b/c]: Security checking request GET /a/b/c/index.jsp 2002-12-02 16:18:33 Authenticator[/a/b/d]: Not subject to any constraint 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapping contextPath='/a/b/c' with requestURI='/a/b/c/index.jsp' and relativeURI='/index.jsp' 2002-12-02 16:18:33 StandardContext[/a/b/c]: Decoded relativeURI='/index.jsp' 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapped to servlet 'jsp' with servlet path '/index.jsp' and path info 'null' and update=true I can't help but wonder if it's not simply the url-pattern. I am not sure why my url-pattern (/a/b/c/*) is not matching /a/b/c/index.jsp? Is it trying to match the requestURI or the relativeURI? Or something else? My Context path: Context path=/a/b/c docBase=/usr/local/webapps/a/b/c debug=1 priviledged=true/ is /a/b/c, so maybe it's only trying to match the relative URI. Anyone know? Jay -Original Message- From: Jay Wright [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 10:04 AM To: '[EMAIL PROTECTED]' Subject: Tomcat and SSL I am trying to configure a tomcat (4.1.12 on solaris) webserver to redirect a web app to a secure site. I'm attempting to configure this through web.xml, but I haven't found any valuable documentation. I have added: security-constraint web-resource-collection web-resource-nameSome Name/web-resource-name url-pattern/a/b/c/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint to the web.xml file, though it is unclear to me how this works. I have also configured tomcat with a certificate and set up the SSL Connector as per apache's documentation. SSL works, but the problem is that I can reach any of my web apps through either http or https. In my configuration above, the web-resource-name maps to nothing. Is this just a friendly name or should it map to a resource in my servlet configuration? Thanks, Jay -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat and SSL
On Mon, 2 Dec 2002, Jay Wright wrote: Date: Mon, 2 Dec 2002 16:32:56 -0800 From: Jay Wright [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Subject: RE: Tomcat and SSL So I have added: auth-constraint role-name*/role-name /auth-constraint to the web.xml file's security constraint tags. But still I get nothing. As I watch the logs below: 2002-12-02 16:18:33 Authenticator[/a/b/c]: Security checking request GET /a/b/c/index.jsp 2002-12-02 16:18:33 Authenticator[/a/b/d]: Not subject to any constraint 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapping contextPath='/a/b/c' with requestURI='/a/b/c/index.jsp' and relativeURI='/index.jsp' 2002-12-02 16:18:33 StandardContext[/a/b/c]: Decoded relativeURI='/index.jsp' 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapped to servlet 'jsp' with servlet path '/index.jsp' and path info 'null' and update=true I can't help but wonder if it's not simply the url-pattern. I am not sure why my url-pattern (/a/b/c/*) is not matching /a/b/c/index.jsp? Is it trying to match the requestURI or the relativeURI? Or something else? My Context path: Context path=/a/b/c docBase=/usr/local/webapps/a/b/c debug=1 priviledged=true/ is /a/b/c, so maybe it's only trying to match the relative URI. Paths specified in url-pattern elements are *always* relative to the context path. If you really want every URL in your webapp to be protected, use a URL pattern of /* instead of /a/b/c/*. Anyone know? Jay Craig -Original Message- From: Jay Wright [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 10:04 AM To: '[EMAIL PROTECTED]' Subject: Tomcat and SSL I am trying to configure a tomcat (4.1.12 on solaris) webserver to redirect a web app to a secure site. I'm attempting to configure this through web.xml, but I haven't found any valuable documentation. I have added: security-constraint web-resource-collection web-resource-nameSome Name/web-resource-name url-pattern/a/b/c/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint to the web.xml file, though it is unclear to me how this works. I have also configured tomcat with a certificate and set up the SSL Connector as per apache's documentation. SSL works, but the problem is that I can reach any of my web apps through either http or https. In my configuration above, the web-resource-name maps to nothing. Is this just a friendly name or should it map to a resource in my servlet configuration? Thanks, Jay -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat and SSL
-Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 5:24 PM To: Tomcat Users List Subject: RE: Tomcat and SSL On Mon, 2 Dec 2002, Jay Wright wrote: Date: Mon, 2 Dec 2002 16:32:56 -0800 From: Jay Wright [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Subject: RE: Tomcat and SSL So I have added: auth-constraint role-name*/role-name /auth-constraint to the web.xml file's security constraint tags. But still I get nothing. As I watch the logs below: 2002-12-02 16:18:33 Authenticator[/a/b/c]: Security checking request GET /a/b/c/index.jsp 2002-12-02 16:18:33 Authenticator[/a/b/d]: Not subject to any constraint 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapping contextPath='/a/b/c' with requestURI='/a/b/c/index.jsp' and relativeURI='/index.jsp' 2002-12-02 16:18:33 StandardContext[/a/b/c]: Decoded relativeURI='/index.jsp' 2002-12-02 16:18:33 StandardContext[/a/b/c]: Mapped to servlet 'jsp' with servlet path '/index.jsp' and path info 'null' and update=true I can't help but wonder if it's not simply the url-pattern. I am not sure why my url-pattern (/a/b/c/*) is not matching /a/b/c/index.jsp? Is it trying to match the requestURI or the relativeURI? Or something else? My Context path: Context path=/a/b/c docBase=/usr/local/webapps/a/b/c debug=1 priviledged=true/ is /a/b/c, so maybe it's only trying to match the relative URI. Paths specified in url-pattern elements are *always* relative to the context path. If you really want every URL in your webapp to be protected, use a URL pattern of /* instead of /a/b/c/*. Thanks for clarifying, it's beginning to make sense now. As a side note: wouldn't doing a url pattern of /* match all webapps and not just this one? I'll have to extend the relative uri to include some pattern matchable string. My other question is with auth-constraint. It's my current understanding that I can't simply enforce SSL use with a CONFIDENTIAL transport-gaurantee in user-data-constraint. That I actually need a realm defined, even though I want ALL visitors to be subjected to a SSL redirect if they try to access the webapp. Is there anyway around this? Thanks Anyone know? Jay Craig -Original Message- From: Jay Wright [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 10:04 AM To: '[EMAIL PROTECTED]' Subject: Tomcat and SSL I am trying to configure a tomcat (4.1.12 on solaris) webserver to redirect a web app to a secure site. I'm attempting to configure this through web.xml, but I haven't found any valuable documentation. I have added: security-constraint web-resource-collection web-resource-nameSome Name/web-resource-name url-pattern/a/b/c/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint to the web.xml file, though it is unclear to me how this works. I have also configured tomcat with a certificate and set up the SSL Connector as per apache's documentation. SSL works, but the problem is that I can reach any of my web apps through either http or https. In my configuration above, the web-resource-name maps to nothing. Is this just a friendly name or should it map to a resource in my servlet configuration? Thanks, Jay -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat and SSL
On Mon, 2 Dec 2002, Jay Wright wrote: Paths specified in url-pattern elements are *always* relative to the context path. If you really want every URL in your webapp to be protected, use a URL pattern of /* instead of /a/b/c/*. Thanks for clarifying, it's beginning to make sense now. As a side note: wouldn't doing a url pattern of /* match all webapps. No! It is matched against the part of the request URL *after* the context path. That is what context relative means. and not just this one? I'll have to extend the relative uri to include some pattern matchable string. My other question is with auth-constraint. It's my current understanding that I can't simply enforce SSL use with a CONFIDENTIAL transport-gaurantee in user-data-constraint. That I actually need a realm defined, even though I want ALL visitors to be subjected to a SSL redirect if they try to access the webapp. Is there anyway around this? I just answered a question on this topic, and gave an example security-constraint that required SSL only for context-relative paths that start with /foo or /bar. As long as you do not have an auth-constraint element, no login will be required -- only the automatic redirect to SSL if the user accesses one of these URLs. If you want the transfer to SSL *and* authentication, then you need both an auth-constraint and a transport-guarantee. Thanks Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat and SSL
2 questions below: -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 5:43 PM To: Tomcat Users List Subject: RE: Tomcat and SSL On Mon, 2 Dec 2002, Jay Wright wrote: Paths specified in url-pattern elements are *always* relative to the context path. If you really want every URL in your webapp to be protected, use a URL pattern of /* instead of /a/b/c/*. Thanks for clarifying, it's beginning to make sense now. As a side note: wouldn't doing a url pattern of /* match all webapps. No! It is matched against the part of the request URL *after* the context path. That is what context relative means. 1. I'm not sure I understand how it would know which context to match against. Couldn't it be /a/b/c or /d or /e/f? There's nothing context specific in security-constraint. and not just this one? I'll have to extend the relative uri to include some pattern matchable string. My other question is with auth-constraint. It's my current understanding that I can't simply enforce SSL use with a CONFIDENTIAL transport-gaurantee in user-data-constraint. That I actually need a realm defined, even though I want ALL visitors to be subjected to a SSL redirect if they try to access the webapp. Is there anyway around this? I just answered a question on this topic, and gave an example security-constraint that required SSL only for context-relative paths that start with /foo or /bar. As long as you do not have an auth-constraint element, no login will be required -- only the automatic redirect to SSL if the user accesses one of these URLs. If you want the transfer to SSL *and* authentication, then you need both an auth-constraint and a transport-guarantee. 2. When I do this I recieve the following errors: 2002-12-02 17:17:27 Authenticator[/a/b/c]: Security checking request GET /a/b/c/index.jsp 2002-12-02 17:17:27 Authenticator[/a/b/c]: Subject to constraint SecurityConstraint[Gait] 2002-12-02 17:17:27 Authenticator[/a/b/c]: Calling checkUserData() 2002-12-02 17:17:27 Authenticator[/a/b/c]: Failed checkUserData() test Do I have a misconfiguration elsewhere? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat and SSL
On Mon, 2 Dec 2002, Jay Wright wrote: Date: Mon, 2 Dec 2002 17:52:14 -0800 From: Jay Wright [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Subject: RE: Tomcat and SSL 2 questions below: -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 5:43 PM To: Tomcat Users List Subject: RE: Tomcat and SSL On Mon, 2 Dec 2002, Jay Wright wrote: Paths specified in url-pattern elements are *always* relative to the context path. If you really want every URL in your webapp to be protected, use a URL pattern of /* instead of /a/b/c/*. Thanks for clarifying, it's beginning to make sense now. As a side note: wouldn't doing a url pattern of /* match all webapps. No! It is matched against the part of the request URL *after* the context path. That is what context relative means. 1. I'm not sure I understand how it would know which context to match against. Couldn't it be /a/b/c or /d or /e/f? There's nothing context specific in security-constraint. The design goal of web.xml files is that you can deploy the same webapp under *any* context path and it should work, with no changes to any of the context relative paths inside the webapp. The *first* thing Tomcat does is decides which webapp a request is for, based on matching the beginning of the request URI against the context paths of all available contexts. The *second* thing Tomcat does is strips off the context path and matches the remainder against security constraints (and servlet mappings, which work exactly the same way). and not just this one? I'll have to extend the relative uri to include some pattern matchable string. My other question is with auth-constraint. It's my current understanding that I can't simply enforce SSL use with a CONFIDENTIAL transport-gaurantee in user-data-constraint. That I actually need a realm defined, even though I want ALL visitors to be subjected to a SSL redirect if they try to access the webapp. Is there anyway around this? I just answered a question on this topic, and gave an example security-constraint that required SSL only for context-relative paths that start with /foo or /bar. As long as you do not have an auth-constraint element, no login will be required -- only the automatic redirect to SSL if the user accesses one of these URLs. If you want the transfer to SSL *and* authentication, then you need both an auth-constraint and a transport-guarantee. 2. When I do this I recieve the following errors: 2002-12-02 17:17:27 Authenticator[/a/b/c]: Security checking request GET /a/b/c/index.jsp 2002-12-02 17:17:27 Authenticator[/a/b/c]: Subject to constraint SecurityConstraint[Gait] 2002-12-02 17:17:27 Authenticator[/a/b/c]: Calling checkUserData() 2002-12-02 17:17:27 Authenticator[/a/b/c]: Failed checkUserData() test Four things to review: * Set the debug level to at least 2 to get the most detailed possible messages. I would expect to see additional stuff between Calling checkUserData() and Failed checkUserData() test that isn't there in your log. * You've got an SSL connector set up and running, right? Otherwise, there's not going to be anywhere to redirect to. * In the Connector element for the non-SSL connector, there is an attribute redirectPort which is the port number (on the same server) that nonSSL-SSL redirects should go to. It defaults to 8443, and *must* match whatever you've set your SSL connector to. * Check the other log files in $CATALINA_HOME/logs for other possible exceptions that oculd be related. If you're using Tomcat behind Apache, I don't have a clue whether this works at all; my experience is only with Tomcat standalone. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat-Apache SSL
Nope. The communication between Apache and Tomcat happens on a connector, like JK or JK2. The default JK port is 8009. The communication between Apache and Tomcat via JK or JK2 is not encrypted. John -Original Message- From: Richard Johnstone [mailto:Richard.Johnstone;appleyard-contracts.co.uk] Sent: Thursday, November 07, 2002 10:10 AM To: [EMAIL PROTECTED] Subject: Tomcat-Apache SSL After reading the installing SSL doc for tomcat it says you don't need it on Tomcat, just have it on apache and you are ok. I have an apache SSL port (443) and this is working ok. I have my tomcat application on 8080, also works ok. What I don't understand is the link between these 2. Do I have to set the apache SSL port to be 8080? If so, will it not ignore the tomcat conf and use the apche stuff instead (as it seemed to when I tried it) -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL
On Thu, 7 Nov 2002, Richard Johnstone wrote: After reading the installing SSL doc for tomcat it says you don't need it on Tomcat, just have it on apache and you are ok. I have an apache SSL port (443) and this is working ok. I have my tomcat application on 8080, also works ok. What I don't understand is the link between these 2. Do I have to set the apache SSL port to be 8080? If so, will it not ignore the tomcat conf and use the apche stuff instead (as it seemed to when I tried it) You need to understand the difference between running Tomcat standalone and integrated with a web server (such as Apache). In the former case, Tomcat standalone, Tomcat handles everything, including fielding the request and returning the response (including any SSL processing -- e.g. decryption or encryption -- if enabled). 8080 is the default port for Tomcat standalone, but without SSL. Tomcat standalone can do SSL, you just need to enable it in server.xml (you may have to install some additional libraries). The default port for that is 8443. Tomcat standalone is totally independent from any other web server. In the latter case, Tomcat integrated with a web server, the web server handles fielding the request and returning the response, but inbetween it passes the request to Tomcat for processing. This is done via a connector such as JK or JK2. You can enable/disable these connectors in server.xml. If you do it this way, you set up SSL on the web server only, not on Tomcat -- the internal communication between the web server and Tomcat is not encrypted. So you have to decide how you want things set up. If you don't want Tomcat standalone, disable the relevant connector(s) in server.xml. Then you need to set up one of the web server connectors; this is done partly in server.xml, but you also need to get the appropriate connector module binary and configure that for your web server. If you do want Tomcat standalone, but with SSL, enable the relevant connector in server.xml. (Also, would that be SSL only, or both non-SSL and SSL.) Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL - Extension Question
[reply] You need to understand the difference between running Tomcat standalone and integrated with a web server (such as Apache). .. [snip] [/reply] Knowing all this, is there a way for a servlet to reliably know whether Apache is currently replying to http or https? The Apache connector portion works perfectly using two different IP addresses and IP#1 being non-secure, while IP#2 is secure. I'm having a bit of difficulty with 'response.sendRedirect([relativeURL])' where one application contains both secure and non-secure content. I've seen this question asked in several threads, but haven't seen a definitive answer. - 'servletRequest.isSecure()' (okay, an extension of...) doesn't work because the traffic between Apache and Tomcat isn't encrypted. 'isSecure()' _always_ returns false, since the traffic it's receiving isn't encrypted. - I've tried using 'request.getRequestURL()' to dynamically decide whether the traffic is secure: i.e. http://server/directory/referringpage.jsp == not secure so a relativeURL to newpage.jsp will work; http://server:443/directory/referringpage.jsp == secure so I parse out the server name, append 'https', and use an initial parameter for the port (in this case an empty string - but it could be ':8443'). The problem is that 'getRequestURL' indicates where the request came _from_, so a redirect from a secure page to a non-secure page fails. - Currently I put the fully qualified URL for both http and https in an initial parameter in web.xml, then I just append that to my URL in a redirect. At least I can move code to a new server without recompiling the whole mess. The problem is that I don't want to depend on the code knowing whether it is forwarding to a secure page. Has anyone found a better way to do this? === Chris Parker Programmer/Analyst Health Care Services Division California Youth Authority -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
RE: Tomcat-Apache SSL - Extension Question
This came up a week or so ago. Check here for a very comprehensive reply from Milt Epstein. In short, isSecure is exactly the method you should use, and it does know if the original request is SSL or not. If it is always returning 'false', something else is going on. http://marc.theaimsgroup.com/?l=tomcat-userm=103608496529118w=2 John -Original Message- From: Chris Parker [mailto:cparker;cya.ca.gov] Sent: Thursday, November 07, 2002 12:21 PM To: Tomcat Users List Subject: Re: Tomcat-Apache SSL - Extension Question [reply] You need to understand the difference between running Tomcat standalone and integrated with a web server (such as Apache). .. [snip] [/reply] Knowing all this, is there a way for a servlet to reliably know whether Apache is currently replying to http or https? The Apache connector portion works perfectly using two different IP addresses and IP#1 being non-secure, while IP#2 is secure. I'm having a bit of difficulty with 'response.sendRedirect([relativeURL])' where one application contains both secure and non-secure content. I've seen this question asked in several threads, but haven't seen a definitive answer. - 'servletRequest.isSecure()' (okay, an extension of...) doesn't work because the traffic between Apache and Tomcat isn't encrypted. 'isSecure()' _always_ returns false, since the traffic it's receiving isn't encrypted. - I've tried using 'request.getRequestURL()' to dynamically decide whether the traffic is secure: i.e. http://server/directory/referringpage.jsp == not secure so a relativeURL to newpage.jsp will work; http://server:443/directory/referringpage.jsp == secure so I parse out the server name, append 'https', and use an initial parameter for the port (in this case an empty string - but it could be ':8443'). The problem is that 'getRequestURL' indicates where the request came _from_, so a redirect from a secure page to a non-secure page fails. - Currently I put the fully qualified URL for both http and https in an initial parameter in web.xml, then I just append that to my URL in a redirect. At least I can move code to a new server without recompiling the whole mess. The problem is that I don't want to depend on the code knowing whether it is forwarding to a secure page. Has anyone found a better way to do this? === Chris Parker Programmer/Analyst Health Care Services Division California Youth Authority -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL - Extension Question
This came up a week or so ago. Check here for a very comprehensive reply from Milt Epstein. In short, isSecure is exactly the method you should use, and it does know if the original request is SSL or not. If it is always returning 'false', something else is going on. http://marc.theaimsgroup.com/?l=tomcat-userm=103608496529118w=2 John Thanks John, somehow I missed that reply - and thanks Milt for providing it. On my server SnoopServlet replies that isSecure() = false - even though it's true. I thought this was a limitation of Apache-Tomcat, not a problem with my configuration. Now that I know I'm not looking for the impossible, I'll investigate and post when I have a solution... Thanks again. -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL - Extension Question
On Thu, 7 Nov 2002, Chris Parker wrote: This came up a week or so ago. Check here for a very comprehensive reply from Milt Epstein. In short, isSecure is exactly the method you should use, and it does know if the original request is SSL or not. If it is always returning 'false', something else is going on. http://marc.theaimsgroup.com/?l=tomcat-userm=103608496529118w=2 John Thanks John, somehow I missed that reply - and thanks Milt for providing it. On my server SnoopServlet replies that isSecure() = false - even though it's true. I thought this was a limitation of Apache-Tomcat, not a problem with my configuration. Now that I know I'm not looking for the impossible, I'll investigate and post when I have a solution... Just a couple of things to add: 1. I suspect, but don't know for sure, that isSecure() (and getScheme()) should work correctly even with forwards/redirects as well. Of course, if you found that isSecure() doesn't work with basic https, as apparently is the case above, the problem is not restricted to forwards/redirects. 2. Some other people reported this mis-behavior, and at least one person said/suggested that it's a bug with the Coyote AJP connector. Which connector are you using? If it's the Coyote AJP connector, that adds confirmation to this possibility. I don't know that it's yet been fixed, or that there's a workaround, other than using the Ajp13Connector. Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL - Extension Question
Just a couple of things to add: 1. I suspect, but don't know for sure, that isSecure() (and getScheme()) should work correctly even with forwards/redirects as well. Of course, if you found that isSecure() doesn't work with basic https, as apparently is the case above, the problem is not restricted to forwards/redirects. Haven't had a chance to test this yet, only got 'isSecure()' working a few minutes ago - although I also suspect it would work just fine. I'll post more info regarding this when I have an answer though. 2. Some other people reported this mis-behavior, and at least one person said/suggested that it's a bug with the Coyote AJP connector. Which connector are you using? If it's the Coyote AJP connector, that adds confirmation to this possibility. I don't know that it's yet been fixed, or that there's a workaround, other than using the Ajp13Connector. It appears that the Coyote AJP connector _does_ have a bug. Up until a few minutes ago, I was using the connector that is enabled by default in Tomcat 4.1.12 - namely 'org.apache.coyote.tomcat4.CoyoteConnector'. I'm using pretty much the default 'server.xml' with just enough changes to make my particular environment work - it's still a development box... Just a minute ago I commented out the default connector and added a section for the 'org.apache.ajp.tomcat4.Ajp13Connector' connector, and suddenly isSecure() started reflecting reality. Note: I used the information from http://www.tek-tips.com/gfaqs.cfm/pid/877/fid/1815 as a 'HowTo'. FWIW, I don't even _have_ a 'clientAuth' section - it doesn't appear to affect this issue. One additional thing I noticed, 'JMX MBeans' pukes when Tomcat starts with the CoyoteConnector commented out, and the Ajp13Connector enabled. It seems there isn't a 'ManagedBean' in the Ajp13Connector. I don't curretnly use MBeans anyhow, so I commented this out also. I'll post more about how to do all this once I have connected all the dots. === Chris Parker Programmer/Analyst Health Care Services Division California Youth Authority -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat with SSL and Client certificate
Frédéric LE MAISTRE wrote: are you sure of the syntax? Because startup -Djavax.net.debug=all didn't do anything try: -Djavax.net.debug=ssl (to see all sll related stuff) or: -Djavax.net.debug=help (to see your options) - Original Message - From: Wolfgang Stein [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 17, 2002 9:40 AM Subject: Re: Tomcat with SSL and Client certificate Start Tomcat with the additional option -Djavax.net.debug=all and watch the console. Although you will get a lot of output, it might help you in identifying the problem. Good luck, Wolfgang Stein -Original Message- From: Frédéric LE MAISTRE [mailto:be.info;lafon.fr] Sent: Thursday, October 17, 2002 8:39 AM To: Tomcat Users List Subject: Tomcat with SSL and Client certificate I made an SSL connection between Tomcat server and IE client. It seems to work, but by the way Tomcat get an exception : Handshake failed javax.net.ssl.SSLException: error while writing to socket , although the client certificate is well recognized and SSL is enabled. Somebody knows whats wrong? Thanks Fredd -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat with SSL and Client certificate
Start Tomcat with the additional option -Djavax.net.debug=all and watch the console. Although you will get a lot of output, it might help you in identifying the problem. Good luck, Wolfgang Stein -Original Message- From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 17, 2002 8:39 AM To: Tomcat Users List Subject: Tomcat with SSL and Client certificate I made an SSL connection between Tomcat server and IE client. It seems to work, but by the way Tomcat get an exception : Handshake failed javax.net.ssl.SSLException: error while writing to socket , although the client certificate is well recognized and SSL is enabled. Somebody knows whats wrong? Thanks Fredd -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat with SSL and Client certificate
are you sure of the syntax? Because startup -Djavax.net.debug=all didn't do anything - Original Message - From: Wolfgang Stein [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 17, 2002 9:40 AM Subject: Re: Tomcat with SSL and Client certificate Start Tomcat with the additional option -Djavax.net.debug=all and watch the console. Although you will get a lot of output, it might help you in identifying the problem. Good luck, Wolfgang Stein -Original Message- From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 17, 2002 8:39 AM To: Tomcat Users List Subject: Tomcat with SSL and Client certificate I made an SSL connection between Tomcat server and IE client. It seems to work, but by the way Tomcat get an exception : Handshake failed javax.net.ssl.SSLException: error while writing to socket , although the client certificate is well recognized and SSL is enabled. Somebody knows whats wrong? Thanks Fredd -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat with SSL and Client certificate
No i am not. It was a while ago when i used the option successfully for debugging SSL on Tomcat 3.2.X. at least. Not sure whether i were running on jdk 1.3 or 1.2 It triggered a lot of output about the SSL-handshake into the WinNT console window. Don't have the Catalina startup scripts at hand, but you might try setting the option in ctatlina.bat resp. in the environment var CATALINA_OPTS or so. Cheers, Wolfgang Stein -Original Message- From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 17, 2002 9:45 AM To: Tomcat Users List Subject: Re: Tomcat with SSL and Client certificate are you sure of the syntax? Because startup -Djavax.net.debug=all didn't do anything - Original Message - From: Wolfgang Stein [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 17, 2002 9:40 AM Subject: Re: Tomcat with SSL and Client certificate Start Tomcat with the additional option -Djavax.net.debug=all and watch the console. Although you will get a lot of output, it might help you in identifying the problem. Good luck, Wolfgang Stein -Original Message- From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 17, 2002 8:39 AM To: Tomcat Users List Subject: Tomcat with SSL and Client certificate I made an SSL connection between Tomcat server and IE client. It seems to work, but by the way Tomcat get an exception : Handshake failed javax.net.ssl.SSLException: error while writing to socket , although the client certificate is well recognized and SSL is enabled. Somebody knows whats wrong? Thanks Fredd -- -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat/IIS SSL
Hello, I don't have any experience using SSL, but I have been reading up on it on the web. On the Apache website for Tomcat, it says that if you are using tomcat with another server (I'm using IIS) you should implement SSL in IIS rather than tomcat. I went on the Microsoft site to read up on implementing it on IIS and I couldn't find a simple way to implement a self-signed certificate. Does anyone know of a simple way to implement this? Is it possible to use the java keytool to generate the key and use it in IIS? How would IIS locate this key after it has been created? Fawaz -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat-Apache-SSL problem
Assuming you're using VirtualHost, do you specify the right JkMount paths in VirtualHost sections in your Apache that serve the secure port? d. haixi liu wrote: Hello, I am having a problem accessing my webapps using https protocol. My server conf is: Tomcat 4.0.5 + Apache 1.3.26 + mod_jk 1.2 + mod_ssl https works if I access static pages like https://myhost/manual/index.html, but does not work with my webapp (https://myhost/mywebapp/index.jsp). However, http works with my webapp (http://myhost/mywebapp/index.jsp). I tried mod_jk.so compiled by myself and the one from jakarta website (http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.0/bin/linux/i386/mod_jk-1.3-eapi.so) with mod_ssl, neither worked. Could someone give me a hint of what's going on, and how to fix this? Thanks a lot Haixi _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- David Mossakowski [EMAIL PROTECTED] Instinet Corporation 212.310.7275 Disclaimer This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and/or CONFIDENTIAL or both. This email is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this email is not an intended recipient, you have received this email in error and any review, dissemination, distribution or copying is strictly prohibited. If you have received this email in error, please notify the sender immediately by return mail and permanently deleting the copy you received. Thank you. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat-Apache-SSL problem
David, No, I did not. I am using the auto config file generated by Tomcat from $CATALINA_HOME/conf/jk/workers.properties. In my http.conf, I just have this line: Include /usr/local/tomcat/conf/auto/mod_jk.conf I think that's the reason why the http works but https doesn't work. I looked at the VirtualHost _default_:443 portion of my http.conf, but don't know how to add those paths in there. I tried to paste the content of my $CATALINA_HOME/conf/auto/mod_jk.conf into the virtualhost directory, but it did not work. Would you please give me several simple sample lines? Thanks a lot Assuming you're using VirtualHost, do you specify the right JkMount paths in VirtualHost sections in your Apache that serve the secure port? _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat-Apache-SSL problem
Got it to work. Thanks From: haixi liu [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Tomcat-Apache-SSL problem Date: Fri, 04 Oct 2002 17:25:20 + David, No, I did not. I am using the auto config file generated by Tomcat from $CATALINA_HOME/conf/jk/workers.properties. In my http.conf, I just have this line: Include /usr/local/tomcat/conf/auto/mod_jk.conf I think that's the reason why the http works but https doesn't work. I looked at the VirtualHost _default_:443 portion of my http.conf, but don't know how to add those paths in there. I tried to paste the content of my $CATALINA_HOME/conf/auto/mod_jk.conf into the virtualhost directory, but it did not work. Would you please give me several simple sample lines? Thanks a lot Assuming you're using VirtualHost, do you specify the right JkMount paths in VirtualHost sections in your Apache that serve the secure port? _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat 4.1.12: SSL warnings in catalina.out
William Lee wrote: I've set up a standalone 4.1.12 Tomcat instance using SSL connection. When I looked into the catalina.out in the log directory, I realized that there are some warning lines in there that are pretty annoying. The lines are like: [WARN] Http11Processor - -Exception getting SSL attributes javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated I assume it's trying to do client authentication and failed (??). However, I have set the clientAuth=false in the the server.xml file. Why do I sill get a warning? It happens each time the browser hits the page too, so I think this is going to be a problem (where the catalina.out will get big with all the lines of messages). Is there a way to get rid of them? Hi William, Please have a look at the message Remy sent on Saturday. From: Remy Maucherat [EMAIL PROTECTED] Organization: ASF User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Users List [EMAIL PROTECTED] Subject: Re: Upgrade to Tomcat 4.1.12 - WARNING: Exception getting SSL attributes Regards, -- Francisco -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.0 - SSL DOES NOT WORK!
Or post a HOWTO for the archives. John -Original Message- From: micael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 25, 2002 1:37 AM To: Tomcat Users List Subject: RE: Tomcat 4.0 - SSL DOES NOT WORK! Now, to pay back everyone for all that help, you should answer the next person that asks with all your coding. RIght? At 04:00 PM 9/24/2002 -0700, you wrote: Alright, For anyone out there considering using SSL with Tomcat4 Standalone, I just wanted to append this thread to let everyone know that ... it DOES work afterall! :) Thanks to Ian and Martin for convincing me it is possible. It turns out that our configuration was right all along and my SysAdmin just needed to restart the server after opening up the port for SSL. I dunno something with the firewall and opening up that port. And now it works just fine. So yes, Tomcat SSL works just fine. :) Cheers. Neal -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.0 - SSL DOES NOT WORK!
Sure, Anyone who want to see my config file is welcome to. Just drop me an email. :) Neal -Original Message- From: micael [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 10:37 PM To: Tomcat Users List Subject: RE: Tomcat 4.0 - SSL DOES NOT WORK! Now, to pay back everyone for all that help, you should answer the next person that asks with all your coding. RIght? At 04:00 PM 9/24/2002 -0700, you wrote: Alright, For anyone out there considering using SSL with Tomcat4 Standalone, I just wanted to append this thread to let everyone know that ... it DOES work afterall! :) Thanks to Ian and Martin for convincing me it is possible. It turns out that our configuration was right all along and my SysAdmin just needed to restart the server after opening up the port for SSL. I dunno something with the firewall and opening up that port. And now it works just fine. So yes, Tomcat SSL works just fine. :) Cheers. Neal -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat 4.0 - SSL DOES NOT WORK!
neal wrote: Thanks but this is actually specific to tomcat 3. The configuration for Tomcat 4 is a bit different. :( Some good overall SSL info though. I'll pass this to the SysAdmin to see if this tips him off to anything. Thanks. Neal Hi Neal, I'm using 4.0.4b3 with SSL working fine. Other than setting up web.xml (below), the only issues were (i) downloading JSSE and installing it as a standard extension (ie in the /lib/ext directory under Java's home. (ii) generating a self-signed cert with keytool (I don't have a Thawte cert) I did try to upgrade to 4.1.10, but I couldn't get the Coyote connector to work for me, so I've stayed with 4.0.4. Do you get any errors logged when you try using https ? Set debug to 9 and see what you get. Hope this helps - SSL DOES work - really! Martin extract from web.xml --- !-- Define an SSL HTTP/1.1 Connector on port 443 -- Connector className=org.apache.catalina.connector.http.HttpConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=80 acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false keystoreFile=/Users/martin/.keystore keystorePass=mypassword protocol=TLS / /Connector -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat 4.0 - SSL DOES NOT WORK!
Hi All. Don't know whether I should butt in on this thread. Due to security reaosns, we use OpenSSL instead of telnet. As Mr Ian pointed out, this is restricted to USA only - has been for a long time. Ergo : use OpenSSL ? Ian McFarland wrote: The reason was license restrictions on the redistribution of the libraries. Someone from the team can speak more authoritatively on this, but basically, the security extensions (JSSE, et al.) are strictly export controlled, so just packaging them in with Tomcat wasn't possible, even though they could be freely downloaded from Sun. And I think I spoke in haste, (and under the influence of the pain killers they gave me for my wisdom tooth extraction today. Ouch!) It was 3.x that you needed to recompile yourself. Starting with Tomcat 4, you needed to install the JSSE library, but the binary is smart enough not to break if it's missing. Hmm... Sorry about the confusion. In any case, I assure you SSL works. I use it with Tomcat 4.0 and 4.1, and I used it with 3.2 and 3.3 before that (where I had to recompile it myself.) What errors are you getting? -Ian On Monday, September 23, 2002, at 06:32 PM, neal wrote: REALLY?!?!?! You actually have to build it yourself?!?! Oh my gosh! Why on earth would they do that? That's a very interesting tip though. I'll look into version 4.1. Perhaps that's the easiest solution. Thanks. Neal -Original Message- From: Ian McFarland [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 4:14 PM To: Tomcat Users List Cc: neal Subject: Re: Tomcat 4.0 - SSL DOES NOT WORK! Did you build it yourself, with the necessary libraries on the classpath? 4.0 doesn't support SSL out of the box; you have to compile it with the libraries on the classpath, and I forget what else. I've done it before, and it worked fine for me. Finding the docs on how to do it was the hard part. I count it working for me as a proof that it does work. ;-) 4.1 works with SSL out of the box, so you might want to try that. -Ian On Monday, September 23, 2002, at 04:00 PM, neal wrote: Alright, Two solid days of troubleshooting between myself, a system admin, and a technical guy from Thawte and we've following the directions explicitly and tweaked everything we can think to tweak. I think I am ready to declare that... SSL DOES NOT WORK WITH TOMCAT 4.0 ... unless someone can prove me wrong?!?!?! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.0 - SSL DOES NOT WORK!
Alright, For anyone out there considering using SSL with Tomcat4 Standalone, I just wanted to append this thread to let everyone know that ... it DOES work afterall! :) Thanks to Ian and Martin for convincing me it is possible. It turns out that our configuration was right all along and my SysAdmin just needed to restart the server after opening up the port for SSL. I dunno something with the firewall and opening up that port. And now it works just fine. So yes, Tomcat SSL works just fine. :) Cheers. Neal -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.0 - SSL DOES NOT WORK!
Now, to pay back everyone for all that help, you should answer the next person that asks with all your coding. RIght? At 04:00 PM 9/24/2002 -0700, you wrote: Alright, For anyone out there considering using SSL with Tomcat4 Standalone, I just wanted to append this thread to let everyone know that ... it DOES work afterall! :) Thanks to Ian and Martin for convincing me it is possible. It turns out that our configuration was right all along and my SysAdmin just needed to restart the server after opening up the port for SSL. I dunno something with the firewall and opening up that port. And now it works just fine. So yes, Tomcat SSL works just fine. :) Cheers. Neal -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat 4.0 - SSL DOES NOT WORK!
Did you build it yourself, with the necessary libraries on the classpath? 4.0 doesn't support SSL out of the box; you have to compile it with the libraries on the classpath, and I forget what else. I've done it before, and it worked fine for me. Finding the docs on how to do it was the hard part. I count it working for me as a proof that it does work. ;-) 4.1 works with SSL out of the box, so you might want to try that. -Ian On Monday, September 23, 2002, at 04:00 PM, neal wrote: Alright, Two solid days of troubleshooting between myself, a system admin, and a technical guy from Thawte and we've following the directions explicitly and tweaked everything we can think to tweak. I think I am ready to declare that... SSL DOES NOT WORK WITH TOMCAT 4.0 ... unless someone can prove me wrong?!?!?! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat 4.0 - SSL DOES NOT WORK!
http://www.mnu.edu/tomcat/tomcat-ssl-howto.html At 04:00 PM 9/23/2002 -0700, you wrote: Alright, Two solid days of troubleshooting between myself, a system admin, and a technical guy from Thawte and we've following the directions explicitly and tweaked everything we can think to tweak. I think I am ready to declare that... SSL DOES NOT WORK WITH TOMCAT 4.0 ... unless someone can prove me wrong?!?!?! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.0 - SSL DOES NOT WORK!
REALLY?!?!?! You actually have to build it yourself?!?! Oh my gosh! Why on earth would they do that? That's a very interesting tip though. I'll look into version 4.1. Perhaps that's the easiest solution. Thanks. Neal -Original Message- From: Ian McFarland [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 4:14 PM To: Tomcat Users List Cc: neal Subject: Re: Tomcat 4.0 - SSL DOES NOT WORK! Did you build it yourself, with the necessary libraries on the classpath? 4.0 doesn't support SSL out of the box; you have to compile it with the libraries on the classpath, and I forget what else. I've done it before, and it worked fine for me. Finding the docs on how to do it was the hard part. I count it working for me as a proof that it does work. ;-) 4.1 works with SSL out of the box, so you might want to try that. -Ian On Monday, September 23, 2002, at 04:00 PM, neal wrote: Alright, Two solid days of troubleshooting between myself, a system admin, and a technical guy from Thawte and we've following the directions explicitly and tweaked everything we can think to tweak. I think I am ready to declare that... SSL DOES NOT WORK WITH TOMCAT 4.0 ... unless someone can prove me wrong?!?!?! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.0 - SSL DOES NOT WORK!
Ian, Are you sure that 4.1 does support SSL out of the box? Is there some documentation on that? Its not that I don't trust you ... rather, my SysAdmin isn't going to be too happy about having to re-install and will probably want some solid evidence before doing it. Thanks. Neal -Original Message- From: Ian McFarland [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 4:14 PM To: Tomcat Users List Cc: neal Subject: Re: Tomcat 4.0 - SSL DOES NOT WORK! Did you build it yourself, with the necessary libraries on the classpath? 4.0 doesn't support SSL out of the box; you have to compile it with the libraries on the classpath, and I forget what else. I've done it before, and it worked fine for me. Finding the docs on how to do it was the hard part. I count it working for me as a proof that it does work. ;-) 4.1 works with SSL out of the box, so you might want to try that. -Ian On Monday, September 23, 2002, at 04:00 PM, neal wrote: Alright, Two solid days of troubleshooting between myself, a system admin, and a technical guy from Thawte and we've following the directions explicitly and tweaked everything we can think to tweak. I think I am ready to declare that... SSL DOES NOT WORK WITH TOMCAT 4.0 ... unless someone can prove me wrong?!?!?! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.0 - SSL DOES NOT WORK!
Thanks but this is actually specific to tomcat 3. The configuration for Tomcat 4 is a bit different. :( Some good overall SSL info though. I'll pass this to the SysAdmin to see if this tips him off to anything. Thanks. Neal -Original Message- From: micael [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 4:31 PM To: Tomcat Users List Subject: Re: Tomcat 4.0 - SSL DOES NOT WORK! http://www.mnu.edu/tomcat/tomcat-ssl-howto.html At 04:00 PM 9/23/2002 -0700, you wrote: Alright, Two solid days of troubleshooting between myself, a system admin, and a technical guy from Thawte and we've following the directions explicitly and tweaked everything we can think to tweak. I think I am ready to declare that... SSL DOES NOT WORK WITH TOMCAT 4.0 ... unless someone can prove me wrong?!?!?! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.0 - SSL DOES NOT WORK!
Look here for SSL how to for 4.1 http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html neal [EMAIL PROTECTED] 09/23/2002 06:30 PM Please respond to Tomcat Users List To: Tomcat Users List [EMAIL PROTECTED] cc: Subject:RE: Tomcat 4.0 - SSL DOES NOT WORK! Thanks but this is actually specific to tomcat 3. The configuration for Tomcat 4 is a bit different. :( Some good overall SSL info though. I'll pass this to the SysAdmin to see if this tips him off to anything. Thanks. Neal -Original Message- From: micael [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 4:31 PM To: Tomcat Users List Subject: Re: Tomcat 4.0 - SSL DOES NOT WORK! http://www.mnu.edu/tomcat/tomcat-ssl-howto.html At 04:00 PM 9/23/2002 -0700, you wrote: Alright, Two solid days of troubleshooting between myself, a system admin, and a technical guy from Thawte and we've following the directions explicitly and tweaked everything we can think to tweak. I think I am ready to declare that... SSL DOES NOT WORK WITH TOMCAT 4.0 ... unless someone can prove me wrong?!?!?! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat 4.0 - SSL DOES NOT WORK!
The reason was license restrictions on the redistribution of the libraries. Someone from the team can speak more authoritatively on this, but basically, the security extensions (JSSE, et al.) are strictly export controlled, so just packaging them in with Tomcat wasn't possible, even though they could be freely downloaded from Sun. And I think I spoke in haste, (and under the influence of the pain killers they gave me for my wisdom tooth extraction today. Ouch!) It was 3.x that you needed to recompile yourself. Starting with Tomcat 4, you needed to install the JSSE library, but the binary is smart enough not to break if it's missing. Hmm... Sorry about the confusion. In any case, I assure you SSL works. I use it with Tomcat 4.0 and 4.1, and I used it with 3.2 and 3.3 before that (where I had to recompile it myself.) What errors are you getting? -Ian On Monday, September 23, 2002, at 06:32 PM, neal wrote: REALLY?!?!?! You actually have to build it yourself?!?! Oh my gosh! Why on earth would they do that? That's a very interesting tip though. I'll look into version 4.1. Perhaps that's the easiest solution. Thanks. Neal -Original Message- From: Ian McFarland [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 4:14 PM To: Tomcat Users List Cc: neal Subject: Re: Tomcat 4.0 - SSL DOES NOT WORK! Did you build it yourself, with the necessary libraries on the classpath? 4.0 doesn't support SSL out of the box; you have to compile it with the libraries on the classpath, and I forget what else. I've done it before, and it worked fine for me. Finding the docs on how to do it was the hard part. I count it working for me as a proof that it does work. ;-) 4.1 works with SSL out of the box, so you might want to try that. -Ian On Monday, September 23, 2002, at 04:00 PM, neal wrote: Alright, Two solid days of troubleshooting between myself, a system admin, and a technical guy from Thawte and we've following the directions explicitly and tweaked everything we can think to tweak. I think I am ready to declare that... SSL DOES NOT WORK WITH TOMCAT 4.0 ... unless someone can prove me wrong?!?!?! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]