Tomcat behind Apache reverse proxy
We develop an application that is heavily using different kind of web services (SOAP, Hessian) and only has few JSPs that are used with a browser. We bundle Tomcat (6.0.20) as server runtime. Some customers (with varying degree of experience) want to use this behind Apache HTTPD as reverse proxy and ask us for instructions. What would you recommend to describe in a general instruction document without knowing more details of the customers environment, mod_proxy_http or mod_proxy_ajp? (I think mod_jk is an option mostly for knowledgable customers who have specific reasons to consider it). I also try to keep the need for a customer to edit server.xml as a minimum, and put as much of the customizable values into catalina.properties. What is the effect of not setting proxyName and proxyPort on the connector in either case? Would that lead to invalid redirects? (Our application doesn't use ServletRequest#getServerName() or #getServerPort() directly.) With AJP, isn't that information also available in the protocol request and set automatically by the AJP connector? I also have an ideo for a (maybe dirty) hack: if I always put the proxyName and proxyPort attributes in server.xml, and use properties that expand to empty values by default, will this work in case there is no proxy in the setup? e.g. in server.xml: Connector proxyName=${proxy.name} proxyPort=${proxy.port} .../ and in catalina.properties: proxy.name= proxy.port= Thanks for any input Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Regarding Realm Authentication
Hi All, We are using Tomcat 5 on Linux OS. For validating userids available in Active Directory using LDAP, JNDI based realm is implemented using Realm tags in Tomcat's server.xml file and this authentication layer is provided for a particular WAR file available in webapps directory. Apart from this JNDI realm, we have to authenticate a dummy/test user which is not available in our Active Directory. Can we place the dummy/test user in tomcat-users.xml file and use it in parallel with the JNDI realm or some other way by which we can implement this. regards Razat
Re: Regarding Realm Authentication
Razat Gupta (razgupta) wrote: Hi All, We are using Tomcat 5 on Linux OS. For validating userids available in Active Directory using LDAP, JNDI based realm is implemented using Realm tags in Tomcat's server.xml file and this authentication layer is provided for a particular WAR file available in webapps directory. Apart from this JNDI realm, we have to authenticate a dummy/test user which is not available in our Active Directory. Can we place the dummy/test user in tomcat-users.xml file and use it in parallel with the JNDI realm or some other way by which we can implement this. Yes, if you upgrade to 6.0.20 and use the CombinedRealm. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat behind Apache reverse proxy
Rainer Frey wrote: Some customers (with varying degree of experience) want to use this behind Apache HTTPD as reverse proxy and ask us for instructions. What would you recommend to describe in a general instruction document without knowing more details of the customers environment, mod_proxy_http or mod_proxy_ajp? (I think mod_jk is an option mostly for knowledgable customers who have specific reasons to consider it). If the customer has done this before, whatever they are familiar with. If I had a free choice mod_proxy_http. What is the effect of not setting proxyName and proxyPort on the connector in either case? Would that lead to invalid redirects? (Our application doesn't use ServletRequest#getServerName() or #getServerPort() directly.) Potentially, yes. With AJP, isn't that information also available in the protocol request and set automatically by the AJP connector? I believe so. I also have an ideo for a (maybe dirty) hack: if I always put the proxyName and proxyPort attributes in server.xml, and use properties that expand to empty values by default, will this work in case there is no proxy in the setup? Have you tried it? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Regarding Realm Authentication
Hi Mark, Thanks for the reply. Earlier we used to have Tomcat 4 and Apache 1.3 integrated using mod_jk and we were doing this without using tomcat 6. I am a bit new to the system, so I am not sure what exact implementation has been done to achieve this in Tomcat 4 and Apache 1.3. Do u have any idea about how it is possible in Tomcat 4 and Apache 1.3. Regards Razat -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, August 11, 2009 2:08 PM To: Tomcat Users List Subject: Re: Regarding Realm Authentication Razat Gupta (razgupta) wrote: Hi All, We are using Tomcat 5 on Linux OS. For validating userids available in Active Directory using LDAP, JNDI based realm is implemented using Realm tags in Tomcat's server.xml file and this authentication layer is provided for a particular WAR file available in webapps directory. Apart from this JNDI realm, we have to authenticate a dummy/test user which is not available in our Active Directory. Can we place the dummy/test user in tomcat-users.xml file and use it in parallel with the JNDI realm or some other way by which we can implement this. Yes, if you upgrade to 6.0.20 and use the CombinedRealm. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding Realm Authentication
Razat Gupta (razgupta) wrote: Hi Mark, Thanks for the reply. Earlier we used to have Tomcat 4 and Apache 1.3 integrated using mod_jk and we were doing this without using tomcat 6. I am a bit new to the system, so I am not sure what exact implementation has been done to achieve this in Tomcat 4 and Apache 1.3. Do u have any idea about how it is possible in Tomcat 4 and Apache 1.3. None whatsoever. Anything that worked with 4.1.x should work with 5.5.x although if you are upgrading, I'm upgrade to 6.0.x rather than 5.5.x Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: avoiding ssl vulnerabilities in tomcat
Hello all, OK i will upgrade. But what all changes required to update to tomcat 5. what all changes reuired to upgrade to tomcat 4.1.40 --- On Mon, 10/8/09, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Caldarale, Charles R chuck.caldar...@unisys.com Subject: RE: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Monday, 10 August, 2009, 7:10 PM From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in] Subject: Re: avoiding ssl vulnerabilities in tomcat Is there any patch provided so that i can still use the same version 4.1.24 itself. No, you *must* upgrade. Your reluctance to do so borders on the ridiculous. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php
Context elements not applied since version 6.0.20
Hi all, After upgrading from tomcat 6.0.18 to 6.0.20 , elements in $CATALINA_BASE/conf/context.xml or in $CATALINA_BASE/conf/[enginename]/[hostname]/context.xml.default are no longer available (loaded) for the webapps. According to the documentation and the behavior until 6.0.18, they should be loaded for all the webapps (or for de webapps of that host) I tested it with resourcelinks, transaction and environment elements. Tested on VISTA and REDHAT. Example : Environment name=jx.host.code value=host001 type=java.lang.String override=true / ResourceLink name=mail global=mail/Session type=javax.mail.Session / ResourceLink name=db global=jdbc/dev1 type=javax.sql.DataSource / Transaction factory=com.atomikos.icatch.jta.UserTransactionFactory / My question : is this a bug or should I now specify something somewhere to get the behaviour I want back? (When I put the elements in each applications .xml in $CATALINA_BASE/conf/[enginename]/[hostname]/application.xml everything works again) Kind Regards, Wim
Re: avoiding ssl vulnerabilities in tomcat
sunil chandran wrote: Hello all, OK i will upgrade. But what all changes required to update to tomcat 5. what all changes reuired to upgrade to tomcat 4.1.40 You may as well do the job properly and upgrade to 6.0.20. For you app? No changes should be required. For your Tomcat configuration? Start with the clean configuration provided with 6.0.20 and add any modifications you need. Be aware that the config has changed in particular: - the Logger element is no longer used - Resource configuration has changed See the docs for the details. Mark --- On Mon, 10/8/09, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Caldarale, Charles R chuck.caldar...@unisys.com Subject: RE: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Monday, 10 August, 2009, 7:10 PM From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in] Subject: Re: avoiding ssl vulnerabilities in tomcat Is there any patch provided so that i can still use the same version 4.1.24 itself. No, you *must* upgrade. Your reluctance to do so borders on the ridiculous. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context elements not applied since version 6.0.20
GOOSSENS Wim wrote: Hi all, After upgrading from tomcat 6.0.18 to 6.0.20 , elements in $CATALINA_BASE/conf/context.xml or in $CATALINA_BASE/conf/[enginename]/[hostname]/context.xml.default are no longer available (loaded) for the webapps. According to the documentation and the behavior until 6.0.18, they should be loaded for all the webapps (or for de webapps of that host) I tested it with resourcelinks, transaction and environment elements. Tested on VISTA and REDHAT. Example : Environment name=jx.host.code value=host001 type=java.lang.String override=true / ResourceLink name=mail global=mail/Session type=javax.mail.Session / ResourceLink name=db global=jdbc/dev1 type=javax.sql.DataSource / Transaction factory=com.atomikos.icatch.jta.UserTransactionFactory / My question : is this a bug or should I now specify something somewhere to get the behaviour I want back? You've already ready raised a bug for this. https://issues.apache.org/bugzilla/show_bug.cgi?id=47516 Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Context elements not applied since version 6.0.20
Yes, but I was wondering if maybe there was a parameter I missed. Something similar to deployXML. I understand there is nothing like that. I should have asked it here before posting the bug report. Thanks for helping. Regards Wim -Oorspronkelijk bericht- Van: Mark Thomas [mailto:ma...@apache.org] Verzonden: dinsdag 11 augustus 2009 13:35 Aan: Tomcat Users List Onderwerp: Re: Context elements not applied since version 6.0.20 GOOSSENS Wim wrote: Hi all, After upgrading from tomcat 6.0.18 to 6.0.20 , elements in $CATALINA_BASE/conf/context.xml or in $CATALINA_BASE/conf/[enginename]/[hostname]/context.xml.default are no longer available (loaded) for the webapps. According to the documentation and the behavior until 6.0.18, they should be loaded for all the webapps (or for de webapps of that host) I tested it with resourcelinks, transaction and environment elements. Tested on VISTA and REDHAT. Example : Environment name=jx.host.code value=host001 type=java.lang.String override=true / ResourceLink name=mail global=mail/Session type=javax.mail.Session / ResourceLink name=db global=jdbc/dev1 type=javax.sql.DataSource / Transaction factory=com.atomikos.icatch.jta.UserTransactionFactory / My question : is this a bug or should I now specify something somewhere to get the behaviour I want back? You've already ready raised a bug for this. https://issues.apache.org/bugzilla/show_bug.cgi?id=47516 Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Can a connector be nested in a context?
Thanks very much Mark. I cannot find where I read this now. Either it's already been fixed or..I just can't find it. George -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, August 10, 2009 4:58 PM To: Tomcat Users List Subject: Re: Can a connector be nested in a context? Payne, George (ghp5h) wrote: I've been unable to get this to work (nesting a connector in a context), though I cannot find a definitive answer about whether it SHOULD be possible or not. The docs say the container element is usually an Engine, but don't say if the other options include a context or not. The docs should say *only* and engine. Can you point me at where the docs say usually and I'll get it fixed. The purpose to all of this is I have some apps which need to be authenticated by apache httpd, and some which need to be authenticated by tomcat, necessitating different connector settings. To do this, do I have to have two copies of tomcat running or can I just make the connectors context specific? You'd need to configure two engines. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat behind Apache reverse proxy
On Tuesday 11 August 2009 10:40:48 Mark Thomas wrote: Rainer Frey wrote: Some customers (with varying degree of experience) want to use this behind Apache HTTPD as reverse proxy and ask us for instructions. What would you recommend to describe in a general instruction document without knowing more details of the customers environment, mod_proxy_http or mod_proxy_ajp? (I think mod_jk is an option mostly for knowledgable customers who have specific reasons to consider it). If the customer has done this before, whatever they are familiar with. If I had a free choice mod_proxy_http. Thanks for this input. Do you have any technical reasons, or is it more about maturity of the module? With AJP, isn't that information also available in the protocol request and set automatically by the AJP connector? I believe so. I tried, and it works. Does it make sense to set these attributes at all on an APR connector then? I also have an idea for a (maybe dirty) hack: if I always put the proxyName and proxyPort attributes in server.xml, and use properties that expand to empty values by default, will this work in case there is no proxy in the setup? Have you tried it? I did now, and it does work. I noticed that property expansion in server.xml seems not to be documented at all. Is this intentionally left out, or just missing? Also, properties from catalina.properties and from Java System Properties are expanded, but it seems that catalina.properties takes precedence. I find this surprising, because system properties are in my perception more dynamic and runtime/individual start specific than values in a config file. Is this intentional behavior? If not, should I report a bug? Mark Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat behind Apache reverse proxy
On Tuesday 11 August 2009 15:37:54 Rainer Frey wrote: Also, properties from catalina.properties and from Java System Properties are expanded, but it seems that catalina.properties takes precedence. I find this surprising, because system properties are in my perception more dynamic and runtime/individual start specific than values in a config file. Is this intentional behavior? If not, should I report a bug? Out of curiosity: does anyone know where in the source the expansion of catalina.properties in server.xml is implemented? Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6 shutdown hangs server when using JDK 6.0_15
Thanks Filip for the reply, but as I said in my original post, this is running on a virtual machine, so hardware isn't a factor. In addition, this only started when I began using JDK 6 instead of 5, and only continues to happen if I use JDK 6. If I use 5, there's no problem. I will test this on another VM and a non-VM system to see if they behave the same way, but I would still appreciate more input if it's available. Thanks in advance! -Original Message- From: Filip Hanik - Dev Lists [mailto:devli...@hanik.com] Sent: Monday, August 10, 2009 4:22 PM To: Tomcat Users List Subject: Re: Tomcat 6 shutdown hangs server when using JDK 6.0_15 if you entire server dies, then it sounds more hardware related, could be software triggered, but no, tomcat shouldn't kill your system :) Filip On 08/10/2009 02:57 PM, Dan Denton wrote: Hello all. I'm running an RHEL 4 server on a VMware VM hosting tomcat 6, using JDK 6.0_15. When I attempt to shutdown any tomcat instance, the entire server (VM) hangs and has to be rebooted. Even out of the box tomcat installations cause this. When I use JDK 5.0, this doesn't happen. The tomcat instance logs don't show anything useful. I've attempted to use jstack and pstack to get a trace of the process during shutdown, but the server dies before anything useful is logged. Has this happened to anyone else out there? Google yields lots of tomcat hung hits, but nothing about the OS hanging in response to a shutdown. Any help on this is greatly appreciated! Dan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat load balancing
Hello folks, I have 2 resource hungry processes that need to run on 2 separate tomcats. I have setup mod_jk to load balance between the 2 tomcats, but sometimes they end up on the same one. Is there a way to guarantee they run on separate tomcats? Is there an option to do load based load balancing? THanks, Chetan
Re: Tomcat behind Apache reverse proxy
Rainer Frey wrote: On Tuesday 11 August 2009 10:40:48 Mark Thomas wrote: Rainer Frey wrote: Some customers (with varying degree of experience) want to use this behind Apache HTTPD as reverse proxy and ask us for instructions. What would you recommend to describe in a general instruction document without knowing more details of the customers environment, mod_proxy_http or mod_proxy_ajp? (I think mod_jk is an option mostly for knowledgable customers who have specific reasons to consider it). If the customer has done this before, whatever they are familiar with. If I had a free choice mod_proxy_http. Thanks for this input. Do you have any technical reasons, or is it more about maturity of the module? Only that mod_proxy_* should be more familiar to httpd admins and mod_proxy_http is more mature than mod_proxy_ajp. With AJP, isn't that information also available in the protocol request and set automatically by the AJP connector? I believe so. I tried, and it works. Does it make sense to set these attributes at all on an APR connector then? Usually not. I also have an idea for a (maybe dirty) hack: if I always put the proxyName and proxyPort attributes in server.xml, and use properties that expand to empty values by default, will this work in case there is no proxy in the setup? Have you tried it? I did now, and it does work. I noticed that property expansion in server.xml seems not to be documented at all. Is this intentionally left out, or just missing? Missing. Also, properties from catalina.properties and from Java System Properties are expanded, but it seems that catalina.properties takes precedence. I find this surprising, because system properties are in my perception more dynamic and runtime/individual start specific than values in a config file. Is this intentional behavior? If not, should I report a bug? It isn't documented so there can't be a bug :) Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat behind Apache reverse proxy
Rainer Frey (Inxmail GmbH) wrote: On Tuesday 11 August 2009 15:37:54 Rainer Frey wrote: Also, properties from catalina.properties and from Java System Properties are expanded, but it seems that catalina.properties takes precedence. I find this surprising, because system properties are in my perception more dynamic and runtime/individual start specific than values in a config file. Is this intentional behavior? If not, should I report a bug? Out of curiosity: does anyone know where in the source the expansion of catalina.properties in server.xml is implemented? org.apache.tomcat.util.IntorspectionUtils.replaceProperties() Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: slight problem with Tomcat and Httpd working together.
Chris, My thanks to you and Chuck for clarifying that. The reason that I set up httpd on the machine is for PHP and other possible languages. I was trying to be a little more future thinking, however, since PHP is no longer an option for these guys, I'll just nix the httpd server and move back into a solid tomcat install. Moving onto the APR questions I have and SSL. Let me ask this. Does anyone have / use gmail? If so, next time you log in, watch what happens. You log in via SSL, yet when you view everything else your in standard HTML. I downloaded the APR for Tomcat. Dumb question, is there already a binary distribution someplace? If not, what do I use to compile them? I read something about a Win32 Developer Studio? It looks like I might need Visual Studio, which I can do, but is there a way to do this in Eclipse? P.S. I ditched Apache 2.2 for now. I just moved my old server.xml into the conf directory and stopped the httpd service.
TR: pb redeploy with Tomcat 5.5.24
---English version Hello, I encounter a problem when I redeploy my WAR with Tomcat. One of the used libraries throws an error when I try to redeploy my WAR. For information, I dont have the sources of this library. To around that I have to stop and start again Tomcat. Thats very strange because I have no problem with Tomcat 5.0 or Tomcat 5.5.4. The file server.xml is the same for Tomcat 5.5.4 and Tomcat 5.5.23. I dont understand why there is a difference between redeploy a WAR with Tomcat 5.5.4 and Tomcat 5.5.23. Is somebody having an explanation? Moreover can somebody explain to me whats happens when Tomcat redeploys a WAR? Thanks in advanced for your help. Best regards, J. MEVEL -Version française --- Bonjour, Jai un souci quand jessaie de redéployer mon WAR avec Tomcat 5.5.23. Un message derreur propre à une des librairies que jutilise et dont je nai pas le code source, saffiche quand je fais un redeploy de mon WAR avec Tomcat 5.5.23. Du coup je suis obligée darrêter Tomcat et de le redémarrer pour que mon WAR se déploie correctement. Par contre je nai aucun problème avec Tomcat 5.0 ou Tomcat 5.5.4. Le server.xml de Tomcat 5.5.23 est le même que celui de Tomcat 5.5.4. Est-ce que quelquun aurait une idée sur lorigine du problème car je suis à court didée ? Que ce passe-t-il quand Tomcat redéploye un WAR ? Quy a-t-il comme différence entre Tomcat 5.5.4 et Tomcat 5.5.23 qui pourrait expliquer ce comportement différent ? Merci par avance pour votre aide. Cordialement, J. MEVEL
RE: slight problem with Tomcat and Httpd working together.
From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. I downloaded the APR for Tomcat. Dumb question, is there already a binary distribution someplace? For Windows, yes; it's in the docs: http://tomcat.apache.org/native-doc/ The 32- and 64-bit DLLs are here: http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/ - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: slight problem with Tomcat and Httpd working together.
Even better, I got what I was looking for. Where do I put the DLL that I want to use? in wondows or in what tomcat directory? On Tue, Aug 11, 2009 at 10:27 AM, Josh Gooding josh.good...@gmail.comwrote: Chris, My thanks to you and Chuck for clarifying that. The reason that I set up httpd on the machine is for PHP and other possible languages. I was trying to be a little more future thinking, however, since PHP is no longer an option for these guys, I'll just nix the httpd server and move back into a solid tomcat install. Moving onto the APR questions I have and SSL. Let me ask this. Does anyone have / use gmail? If so, next time you log in, watch what happens. You log in via SSL, yet when you view everything else your in standard HTML. I downloaded the APR for Tomcat. Dumb question, is there already a binary distribution someplace? If not, what do I use to compile them? I read something about a Win32 Developer Studio? It looks like I might need Visual Studio, which I can do, but is there a way to do this in Eclipse? P.S. I ditched Apache 2.2 for now. I just moved my old server.xml into the conf directory and stopped the httpd service.
RE: slight problem with Tomcat and Httpd working together.
From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. Where do I put the DLL that I want to use? In Tomcat's bin directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TR: pb redeploy with Tomcat 5.5.24
Hi, 1. What is the exact error being thrown? (copy paste the stack trace, if any) 2. Are you using Tomcat 5.5.23? Can you switch to fresh version of tomcat (6.0.20)? It is probably more stable and with less bugs. If you can't reproduce the problem on the latest version, that probably means that the bug is fixed, and that developers shouldn't spend time on it any more. BTW, you are mentioning version 5.5.4. That version does not exists. Latest version from 5.5 branch is 5.5.27. 3. What operating system are you using? If you are using windows, please take a look at http://tomcat.apache.org/tomcat-5.5-doc/config/context.html search for antiJARLocking and antiResourceLocking parameters. Regards, Ognjen support-disserto wrote: ---English version Hello, I encounter a problem when I redeploy my WAR with Tomcat. One of the used libraries throws an error when I try to redeploy my WAR. For information, I don’t have the sources of this library. To around that I have to stop and start again Tomcat. That’s very strange because I have no problem with Tomcat 5.0 or Tomcat 5.5.4. The file server.xml is the same for Tomcat 5.5.4 and Tomcat 5.5.23. I don’t understand why there is a difference between redeploy a WAR with Tomcat 5.5.4 and Tomcat 5.5.23. Is somebody having an explanation? Moreover can somebody explain to me what’s happens when Tomcat redeploys a WAR? Thanks in advanced for your help. Best regards, J. MEVEL -Version française --- Bonjour, J’ai un souci quand j’essaie de redéployer mon WAR avec Tomcat 5.5.23. Un message d’erreur propre à une des librairies que j’utilise et dont je n’ai pas le code source, s’affiche quand je fais un redeploy de mon WAR avec Tomcat 5.5.23. Du coup je suis obligée d’arrêter Tomcat et de le redémarrer pour que mon WAR se déploie correctement. Par contre je n’ai aucun problème avec Tomcat 5.0 ou Tomcat 5.5.4. Le server.xml de Tomcat 5.5.23 est le même que celui de Tomcat 5.5.4. Est-ce que quelqu’un aurait une idée sur l’origine du problème car je suis à court d’idée ? Que ce passe-t-il quand Tomcat redéploye un WAR ? Qu’y a-t-il comme différence entre Tomcat 5.5.4 et Tomcat 5.5.23 qui pourrait expliquer ce comportement différent ? Merci par avance pour votre aide. Cordialement, J. MEVEL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat behind Apache reverse proxy
On Tuesday 11 August 2009 16:10:07 Mark Thomas wrote: Rainer Frey wrote: [...] Mark, thanks for your patient help with my questions. I really appreciate this. Also, properties from catalina.properties and from Java System Properties are expanded, but it seems that catalina.properties takes precedence. I find this surprising, because system properties are in my perception more dynamic and runtime/individual start specific than values in a config file. Is this intentional behavior? If not, should I report a bug? It isn't documented so there can't be a bug :) Touch. That is indeed right ;-) But seriously, how is it intended to work? I saw that in CatalinaProperties.loadProperties(), all properties from catalina.properties are added to the system properties, overwriting any previous values. This could be easily fixed. I'd write a patch myself if desired. Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat behind Apache reverse proxy
Rainer Frey wrote: On Tuesday 11 August 2009 16:10:07 Mark Thomas wrote: Rainer Frey wrote: [...] Mark, thanks for your patient help with my questions. I really appreciate this. Also, properties from catalina.properties and from Java System Properties are expanded, but it seems that catalina.properties takes precedence. I find this surprising, because system properties are in my perception more dynamic and runtime/individual start specific than values in a config file. Is this intentional behavior? If not, should I report a bug? It isn't documented so there can't be a bug :) Touch. That is indeed right ;-) But seriously, how is it intended to work? I saw that in CatalinaProperties.loadProperties(), all properties from catalina.properties are added to the system properties, overwriting any previous values. This could be easily fixed. I'd write a patch myself if desired. Changing this at this stage is probably a bad idea. It is bound to break something for someone. I'd go with a documentation patch to add the current behaviour to the docs. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is encryption of AJP traffic between Apache and Tomcat possible out of the box?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim, On 8/10/2009 8:15 PM, Tim Funk wrote: An ssh tunnel is also easy too. (but can also open other security holes depending on how its deployed and the requirements) ssh tunnels also have the possibility of going down. If you want to use an ssh tunnel, then you have to make arrangements for it to stay open all the time, even when the network flakes out and the connection needs to be re-established. You might want to look into something like rstunnel or autossh for that. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqBgXgACgkQ9CaO5/Lv0PCiwQCcDduul1xJNBoRfpDblwXezI8u HeUAoIdUdAAx2B/I2EAWTl/s9qdBIErZ =Fa0S -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: slight problem with Tomcat and Httpd working together.
NVM chuck, I believe it's in the native docs. I looked at the link right after you posted. I couldn't find the native link on apaches site. T/Y sir On Tue, Aug 11, 2009 at 10:46 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. I downloaded the APR for Tomcat. Dumb question, is there already a binary distribution someplace? For Windows, yes; it's in the docs: http://tomcat.apache.org/native-doc/ The 32- and 64-bit DLLs are here: http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/ - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: slight problem with Tomcat and Httpd working together.
HEY!!! It's in there and working. Aug 11, 2009 10:58:47 AM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.14. Aug 11, 2009 10:58:47 AM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [false], sendfile [true], accept filters [false], random [true]. Now if I have an SSL cert from Geo-trust / Verisign / whatever, do I still have to install OpenSSL? It's currently residing in the path, I'm just going to read up in the docs and see what the next steps to do are. Thank you guys So much. I really appreciate all of your help. On Tue, Aug 11, 2009 at 10:51 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. Where do I put the DLL that I want to use? In Tomcat's bin directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: TR: pb redeploy with Tomcat 5.5.24
Hello, 1) Here is the exact error : [ERROR] vxml - 1-aXRnb21zLWFzMDFvLmlwcDkzLmN2ZjsxMjQ2MDI4ODk5NjA0OzAuMzA2ODg3MzM4ODIwMzE5MT Y= 8:--Uncaught Exception-- class javax.servlet.ServletException :: Problems during license check: license unreadable servlets.vxml.VxmlAbstractServlet.service(Unknown Source) servlets.vxml.VxmlAbstractServlet.service(Unknown Source) servlets.vxml.VxmlGlobalServletService.service(VxmlGlobalServletService.java :212) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:269) org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:188) org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:213) org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:174) org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127 ) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117 ) org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :108) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200) org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773) org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java :895) org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:689) java.lang.Thread.run(Thread.java:595) 2 ) Sorry for writting Tomcat 5.5.4. In fact it was Tomcat 5.5.04. Ive already tried with Tomcat 6 but Ive got the same problem. 3)Im using windows and Ill try with the antiJARLocking and antiResourceLocking parameters. Anywhere thank you for your answer, J. MEVEL -Message d'origine- De : Ognjen Blagojevic [mailto:ogn...@etf.bg.ac.rs] Envoyé : mardi 11 août 2009 16:52 À : Tomcat Users List Objet : Re: TR: pb redeploy with Tomcat 5.5.24 Hi, 1. What is the exact error being thrown? (copy paste the stack trace, if any) 2. Are you using Tomcat 5.5.23? Can you switch to fresh version of tomcat (6.0.20)? It is probably more stable and with less bugs. If you can't reproduce the problem on the latest version, that probably means that the bug is fixed, and that developers shouldn't spend time on it any more. BTW, you are mentioning version 5.5.4. That version does not exists. Latest version from 5.5 branch is 5.5.27. 3. What operating system are you using? If you are using windows, please take a look at http://tomcat.apache.org/tomcat-5.5-doc/config/context.html search for antiJARLocking and antiResourceLocking parameters. Regards, Ognjen support-disserto wrote: ---English version Hello, I encounter a problem when I redeploy my WAR with Tomcat. One of the used libraries throws an error when I try to redeploy my WAR. For information, I dont have the sources of this library. To around that I have to stop and start again Tomcat. Thats very strange because I have no problem with Tomcat 5.0 or Tomcat 5.5.4. The file server.xml is the same for Tomcat 5.5.4 and Tomcat 5.5.23. I dont understand why there is a difference between redeploy a WAR with Tomcat 5.5.4 and Tomcat 5.5.23. Is somebody having an explanation? Moreover can somebody explain to me whats happens when Tomcat redeploys a WAR? Thanks in advanced for your help. Best regards, J. MEVEL -Version française --- Bonjour, Jai un souci quand jessaie de redéployer mon WAR avec Tomcat 5.5.23. Un message derreur propre à une des librairies que jutilise et dont je nai pas le code source, saffiche quand je fais un redeploy de mon WAR avec Tomcat 5.5.23. Du coup je suis obligée darrêter Tomcat et de le redémarrer pour que mon WAR se déploie correctement. Par contre je nai aucun problème avec Tomcat 5.0 ou Tomcat 5.5.4. Le server.xml de Tomcat 5.5.23 est le même que celui de Tomcat 5.5.4. Est-ce que quelquun aurait une idée sur lorigine du problème car je suis à court didée ? Que ce passe-t-il quand Tomcat redéploye un WAR ? Quy a-t-il comme différence entre Tomcat 5.5.4 et Tomcat 5.5.23 qui pourrait expliquer ce comportement différent ? Merci par avance pour votre aide. Cordialement,
RE: slight problem with Tomcat and Httpd working together.
From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. HEY!!! It's in there and working. Congratulations. INFO: Loaded APR based Apache Tomcat Native library 1.1.14. That version is out of date; the current one is here: http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/ Now if I have an SSL cert from Geo-trust / Verisign / whatever, do I still have to install OpenSSL? No, it's built into tcnative-1.dll, so you've already got it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TR: pb redeploy with Tomcat 5.5.24
support-disserto wrote: Hello, 1) Here is the exact error : [ERROR] vxml - 1-aXRnb21zLWFzMDFvLmlwcDkzLmN2ZjsxMjQ2MDI4ODk5NjA0OzAuMzA2ODg3MzM4ODIwMzE5MT Y= 8:--Uncaught Exception-- class javax.servlet.ServletException :: Problems during license check: license unreadable That doesn't really look like anything to do with Tomcat per se, does it ? Should you not rather get in touch with the supplier of that WAR, and ask them what could cause the above exception ? Probably, some class in that war-file is trying to read some file containing the license key, and it may be looking in some place that is only valid with some version(s) of Tomcat. But without knowing what it is looking for and where, all anyone can do here is make wild guesses. Maybe you just forgot to copy the license key file where it belongs ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6 shutdown hangs server when using JDK 6.0_15
I have tested this on another server, and this time not a VM, which I think rules out issues with it being a virtual machine. The entire server hung immediately after issuing a shutdown to tomcat. To summarize, this issue only seems to come about when using a tomcat 6 instance while running JDL 6.0_15 and does not occur when using a version 5 release of JDK. This occurs when shutting down the canned instance, or any other webapp such as artifactory. I'm using the tomcat out-of-the-box tomcat instance in the archive from apache.org, and the version of java was installed using the jdk-6u15-linux-i586.bin binary file obtained from java.com. I have no trouble actually accessing the tomcat instance after startup. The server OS in question is RHEL 4. Sorry to be a pest, but I'd really appreciate any input from the community on this. I could always use JDK 5, but my developers would like to use 6 and I don't see a logical reason why such a major release would have so much negative impact on tomcat 6, or the host OS. Thanks again... Hello all. I'm running an RHEL 4 server on a VMware VM hosting tomcat 6, using JDK 6.0_15. When I attempt to shutdown any tomcat instance, the entire server (VM) hangs and has to be rebooted. Even out of the box tomcat installations cause this. When I use JDK 5.0, this doesn't happen. The tomcat instance logs don't show anything useful. I've attempted to use jstack and pstack to get a trace of the process during shutdown, but the server dies before anything useful is logged. Has this happened to anyone else out there? Google yields lots of tomcat hung hits, but nothing about the OS hanging in response to a shutdown. Any help on this is greatly appreciated! Dan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6 shutdown hangs server when using JDK 6.0_15
Send reply to: Tomcat Users List users@tomcat.apache.org From: Dan Denton dden...@remitpro.com To: Tomcat Users List users@tomcat.apache.org Date sent: Tue, 11 Aug 2009 08:51:46 -0500 Subject:RE: Tomcat 6 shutdown hangs server when using JDK 6.0_15 Thanks Filip for the reply, but as I said in my original post, this is running on a virtual machine, so hardware isn't a factor. In addition, this only started when I began using JDK 6 instead of 5, and only continues to happen if I use JDK 6. If I use 5, there's no problem. I will test this on another VM and a non-VM system to see if they behave the same way, but I would still appreciate more input if it's available. Perhaps you should upgrade the vmware app and jdk 6 to update 16. I've run centos 5 under vmware desktop 6.5 with jdk 6 (forgot exact version) and tomcat 6 (again don't remember exact version) and it ran just fine. Also there is still a slight possibility it could be a hardware issue such as bad RAM, try a ram test program like memtest86. -Steve O. Thanks in advance! -Original Message- From: Filip Hanik - Dev Lists [mailto:devli...@hanik.com] Sent: Monday, August 10, 2009 4:22 PM To: Tomcat Users List Subject: Re: Tomcat 6 shutdown hangs server when using JDK 6.0_15 if you entire server dies, then it sounds more hardware related, could be software triggered, but no, tomcat shouldn't kill your system :) Filip On 08/10/2009 02:57 PM, Dan Denton wrote: Hello all. I'm running an RHEL 4 server on a VMware VM hosting tomcat 6, using JDK 6.0_15. When I attempt to shutdown any tomcat instance, the entire server (VM) hangs and has to be rebooted. Even out of the box tomcat installations cause this. When I use JDK 5.0, this doesn't happen. The tomcat instance logs don't show anything useful. I've attempted to use jstack and pstack to get a trace of the process during shutdown, but the server dies before anything useful is logged. Has this happened to anyone else out there? Google yields lots of tomcat hung hits, but nothing about the OS hanging in response to a shutdown. Any help on this is greatly appreciated! Dan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6 shutdown hangs server when using JDK 6.0_15
From: Dan Denton [mailto:dden...@remitpro.com] Subject: RE: Tomcat 6 shutdown hangs server when using JDK 6.0_15 I'm using the tomcat out-of-the-box tomcat instance in the archive from apache.org, and the version of java was installed using the jdk-6u15- linux-i586.bin binary file obtained from java.com. I have no trouble actually accessing the tomcat instance after startup. The server OS in question is RHEL 4. Since there are many, many people using Tomcat 6 on a variety of systems with JDK 6u15, it's likely something unique with your RHEL 4 installation. Try JDK 6u16 and/or check on an RH list. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: slight problem with Tomcat and Httpd working together.
Excellent, and just for the record, for those who read this on the archives, be SURE you get the correct version of the binaries for your version of Tomcat (32-bit / 64 bit). Tomcat is running on a dual core opteron (64-bit production server) and has been modified to run with the 64 bit tomcat6.exe and tomcat6w.exe, however it will not recognize the 32-bit library as I expected. Everything is running very smoothly now. I modded the Host to move the sites onto the data drive. So instead of installing and uploading files to the 20GB partition, they all upload to the 500GB partition. Now the only thing I have to do is grab the Geo-trust cert and configure to use. I thank you so much for all the help you've given me so far. I do have one more question however. I've been reading this O'Reilly book and the docs @ tomcat and I am having some trouble understanding what the docBase is. I understand what the appBase is but I don't understand why the docBase and appBase cannot be the same declaration or why it is recommended that anything in your appBase shouldn't start with the same string that is defined in your docBase. I have my docBase set to ROOT on the data drive and the appBase is just defined as drive:/webapps/ It seems to work, just a little confusing not knowing why I am configuring the docBase when there is really no clear concise This is what the docBase is, does, and means that I can find. Can you point me to a good resource for reading up on what the docBase is? On Tue, Aug 11, 2009 at 11:28 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. HEY!!! It's in there and working. Congratulations. INFO: Loaded APR based Apache Tomcat Native library 1.1.14. That version is out of date; the current one is here: http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/ Now if I have an SSL cert from Geo-trust / Verisign / whatever, do I still have to install OpenSSL? No, it's built into tcnative-1.dll, so you've already got it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to define a Realm as a global resource and use it as a ResourceLink?
You can also use a Context element in conf/Catalina/[host]/[appName].xml, which will override the one in the webapp's META-INF/context.xml file. This allows a site administrator to control the container-supplied resources - including the realm - that the webapp will use. Good point. Hadn't considered that. Thanks, Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re: Trouble configuring LDAP authentication
Geofrey Rainey geofrey.rai...@tvnz.co.nz wrote in message news:fcff2ec7a020964fbc98b17f17a88ac4018ba...@akvxch01.tvnzad.tvnz.co.nz... I remember the big issue I faced regarding the JNDIRealm auth were the parameters in my Realm definition, there was one line that once added Everything started working, I think it was either referrals or userSearch=(sAMAccountName={0}) - which I recall were both necessary in my instance, or one of the role|usersubtree ones. I found the following link invaluable in configuring my server, it's a must read: http://www.jspwiki.org/wiki/ActiveDirectoryIntegration Regarding logging, I found this tutorial quite helpful: http://wiki.apache.org/tomcat/Logging_Tutorial Thanks for the links and the feedback. Several hours of reading docs online, source code, pulling hair and of randomly trying things, I finally realized that I had to enable the TRACE level of debugging at the container level to get the debugging out. Unfortunately, doing that means having to put the realm defn in the actual context, or there is way too much noise generated at a higher level. But it did finally give me the logging information I needed. Finally, with some additional help, I discovered that the pwd storage mechanism in the LDAP server didn't match what Tomcat was expecting, so I had to drop the userPassword parameter in the Realm defn, which makes Tomcat validate the user/pwd by trying a simple bind to the LDAP server using the user's username/pwd instead of retreiving the user's object and checking the pwd itself. Finally, everything seems to work. Several hours later. Thanks again, Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to define a Realm as a global resource and use it as a ResourceLink?
Pooling Resources: you might want to try other AppServers such as GF and Weblogic for either pooling and/or persistence provider support (as specified by J2EE Connector Architecture) https://glassfish.dev.java.net/javaee5/integration-tech/glassfish_connpooling.html Identity and Security: Identity and security (authentication and authorization) would be handled by Sun Java System Directory Server to authenticate and authorize users, as well as enforce access control policies across all communities, applications, and services on a global basis. http://forums.sun.com/forum.jspa?forumID=761start=0 here is a tutorial on creating,modifying and viewing acls for your Directory Server http://docs.sun.com/app/docs/doc/820-2763/bcalc GF Mailing List: GF has an active userlist at us...@glassfish.dev.java.net Thanks for the idea Marty. Whereas I have considered other AppServers in the past, I/we don't really have the time or inclination at this point to look outside of Tomcat. But will definitely keep it in mind for future expansion possibilities. Thanks! Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to define a Realm as a global resource and use it as a ResourceLink?
Martin Gainty mgai...@hotmail.com wrote in message news:blu142-w7c108f09ee2529b84ca6eae...@phx.gbl... server.xml should contain this JNDIRealm specification defined globally Realm className=org.apache.catalina.realm.JNDIRealm !-- The LDAP Address of your DC -- connectionURL=ldap://dc1.domain.local:389; !-- Account information to access the Directory -- connectionName=tom...@domain connectionPassword=AReallyLongPassword !-- Where should Tomcat look for users -- userBase=OU=users,OU=mydomain,DC=DOMAIN,DC=local userSearch=(sAMAccountName={0}) userSubtree=true userRoleName=memberOf !-- Where should tomcat look for groups -- roleBase=OU=groups,OU=mydomain,DC=DOMAIN,DC=local roleSubtree=true roleName=cn roleSearch=(member={0}) !-- Debug Level -- debug=99 / Ironically, although I have seen several examples with debug=99, I found absolutely nothing in the documentation or in the source code that indicates that debug does anything at all in the Realm configuration. In fact, according to the docs, it isn't even a valid property. Thanks, Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: slight problem with Tomcat and Httpd working together.
From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: slight problem with Tomcat and Httpd working together. be SURE you get the correct version of the binaries for your version of Tomcat (32-bit / 64 bit). Tomcat itself is pure Java, so it is neither 32- nor 64-bit sensitive. The JVM you run Tomcat on *is* 32- or 64-bit specific, however. I am having some trouble understanding what the docBase is. The docBase attribute of Context is the deployment location of an individual webapp. I understand what the appBase is Perhaps you don't; the appBase attribute of a Host is the /default/ deployment directory for its webapps; individual webapps are typically located *under* the appBase directory. I don't understand why the docBase and appBase cannot be the same declaration Because they are quite different; appBase points to the directory under which a *collection* of webapps resides, docBase points to an *individual* webapp. why it is recommended that anything in your appBase shouldn't start with the same string that is defined in your docBase. I haven't read the O'Reilly book so I don't know if it contains confusing or irrelevant information. The real point here is that you can easily get double deployments if you start putting in values for docBase; it's normally not used these days. I have my docBase set to ROOT on the data drive and the appBase is just defined as drive:/webapps/ You seem not to be aware that one can have many webapps running under one instance of Tomcat; ROOT is simply the default one. Note that if your Context element is in your webapp's META-INF/context.xml file, it is illegal to set the docBase (or path) attributes. The docBase attribute should only be used when the webapp is located *outside* of the Host appBase directory, and the Context element is in conf/Catalina/[host]/[appName].xml. there is really no clear concise This is what the docBase is, does, and means that I can find. To quote from the Tomcat doc: The Document Base (also known as the Context Root) directory for this web application, or the pathname to the web application archive file (if this web application is being executed directly from the WAR file). You may specify an absolute pathname for this directory or WAR file, or a pathname that is relative to the appBase directory of the owning Host. The value of this field must not be set when the Context is configured using a META-INF/context.xml file as it will be inferred by the automatic deployment process. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to define a Realm as a global resource and use it as a ResourceLink?
JAAS handles all authentications and authorisation thru plugins such as Oracle Internet Directory LDAP they also have a nice admin interface so you can visually see all the plugins drop a line when you're ready to switch *gruss* Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. To: users@tomcat.apache.org From: ebe...@hotmail.com Subject: Re: How to define a Realm as a global resource and use it as a ResourceLink? Date: Tue, 11 Aug 2009 14:54:31 -0400 Pooling Resources: you might want to try other AppServers such as GF and Weblogic for either pooling and/or persistence provider support (as specified by J2EE Connector Architecture) https://glassfish.dev.java.net/javaee5/integration-tech/glassfish_connpooling.html Identity and Security: Identity and security (authentication and authorization) would be handled by Sun Java System Directory Server to authenticate and authorize users, as well as enforce access control policies across all communities, applications, and services on a global basis. http://forums.sun.com/forum.jspa?forumID=761start=0 here is a tutorial on creating,modifying and viewing acls for your Directory Server http://docs.sun.com/app/docs/doc/820-2763/bcalc GF Mailing List: GF has an active userlist at us...@glassfish.dev.java.net Thanks for the idea Marty. Whereas I have considered other AppServers in the past, I/we don't really have the time or inclination at this point to look outside of Tomcat. But will definitely keep it in mind for future expansion possibilities. Thanks! Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Get back to school stuff for them and cashback for you. http://www.bing.com/cashback?form=MSHYCBpubl=WLHMTAGcrea=TEXT_MSHYCB_BackToSchool_Cashback_BTSCashback_1x1
Re: Need some SSL Config help.
ok back to the topic at hand here. I have removed httpd from my server, installed APR, and have gotten my cert file from my hosting company. it is in pfx format. Now I found some information on the net: http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html It was saying that I can just use the pfx file with tomcat 5.5, so I put the file in my $CATALINA_HOME directory just as a test, modified my server.xml file to accept SSL: *Connector protocol=HTTP/1.1 port=443 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=C:/Program Files/[*]/apache-tomcat-6.0.18/[*].com.pfx keystorePass=[*] keystoreType=pkcs12 clientAuth=false sslProtocol=TLS /* *and blamo I get these exceptions:* *Aug 11, 2009 4:13:50 PM org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:684) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107) at org.apache.catalina.connector.Connector.initialize(Connector.java:1058) at org.apache.catalina.core.StandardService.initialize(StandardService.java:677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:530) at org.apache.catalina.startup.Catalina.load(Catalina.java:550) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) Aug 11, 2009 4:13:50 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception: No Certificate file specified or invalid file format at org.apache.catalina.connector.Connector.initialize(Connector.java:1060) at org.apache.catalina.core.StandardService.initialize(StandardService.java:677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:530) at org.apache.catalina.startup.Catalina.load(Catalina.java:550) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) * *and these to boot says it cannot bind to port 443 (or 8443 either)* *Aug 11, 2009 4:13:51 PM org.apache.coyote.http11.Http11AprProtocol start SEVERE: Error starting endpoint java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:612) at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:717) at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137) at org.apache.catalina.connector.Connector.start(Connector.java:1131) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Aug 11, 2009 4:13:51 PM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. at org.apache.catalina.connector.Connector.start(Connector.java:1138) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at
Re: Log4j vs JULI configuration discrepancy
Mark Thomas ma...@apache.org wrote in message news:4a7c9110.50...@apache.org... Eric B. wrote: Hi, In catalina.properties, modify the following entry as shown: common.loader=${catalina.base}/lib,${catalina.home}/lib,${catalina.home}/lib/*.jar then you can place log4j.properties in CATALINA_BASE/lib I switched the common.loader as you suggested above, and indeed the log4j.properties file is now found in the ${catalina.base}/lib directory. So a good start. Now, however, I am running into a configuration discrepancy between logging.properties and the equiv log4j.properties/log4j.xml. I was having trouble with getting the log4j.properties to mirror the logging.properties, so I swtiched to log4j.xml, but am running into the same problem: My webapp uses log4j to log data to stdout. When using Juli (in the default configuration), everything that is displayed in stdout is logged to catalina.out. However, when I switch to log4j, this doesn't seem to be the case; only data that is logged by tomcat is logged to my catalina.out; anything my webapp is logging to stdout isn't captured in the file. Original logging.properties (edited non relevant portions for brevity - but is the default logging.properties file) handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler .handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler # Handler specific properties. # Describes specific configuration info for Handlers. 1catalina.org.apache.juli.FileHandler.level = FINE 1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs 1catalina.org.apache.juli.FileHandler.prefix = catalina. java.util.logging.ConsoleHandler.level = FINE java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter So - from that, I read that everything (ie: .handlers) is logged to 1catalina and ConsoleHandler. So far so good. I tried to replicate this in a log4j.properties/xml with the following log4j.xml: ?xml version=1.0 encoding=UTF-8 ? !DOCTYPE log4j:configuration SYSTEM log4j.dtd log4j:configuration xmlns:log4j='http://jakarta.apache.org/log4j/' appender name=STDOUT class=org.apache.log4j.ConsoleAppender layout class=org.apache.log4j.PatternLayout param name=ConversionPattern value=%d{ISO8601} %-5p %c{5} - %m%n / /layout /appender !-- stdout logger to catalina.log file -- appender name=CatalinaLog class=org.apache.log4j.DailyRollingFileAppender param name=file value=${catalina.base}/logs/catalina.log / param name=append value=true / layout class=org.apache.log4j.PatternLayout param name=ConversionPattern value=%d{ISO8601} %-5p %c{5} - %m%n / /layout /appender !-- Default logger for the entire system -- root level value=INFO / appender-ref ref=STDOUT / appender-ref ref=CatalinaLog / /root /log4j:configuration However, I'm not getting the same response. I would have thought that the log4j's root logger was the equi of the . logger with juli. Howver, like I said, I don't get any of the webapp's stdout logging routed to my CatalinaLog appender/file. Am I missing something obvious here? Is there a way to mirror juli's logging with log4j? Thanks, Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re: Re: Trouble configuring LDAP authentication
Interesting. My configuration uses the latter - by doing a bind, getting the user object, and comparing it locally. Thanks. -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric B. Sent: Wednesday, 12 August 2009 7:03 a.m. To: users@tomcat.apache.org Subject: Re: Re: Trouble configuring LDAP authentication Geofrey Rainey geofrey.rai...@tvnz.co.nz wrote in message news:fcff2ec7a020964fbc98b17f17a88ac4018ba...@akvxch01.tvnzad.tvnz.co.nz ... I remember the big issue I faced regarding the JNDIRealm auth were the parameters in my Realm definition, there was one line that once added Everything started working, I think it was either referrals or userSearch=(sAMAccountName={0}) - which I recall were both necessary in my instance, or one of the role|usersubtree ones. I found the following link invaluable in configuring my server, it's a must read: http://www.jspwiki.org/wiki/ActiveDirectoryIntegration Regarding logging, I found this tutorial quite helpful: http://wiki.apache.org/tomcat/Logging_Tutorial Thanks for the links and the feedback. Several hours of reading docs online, source code, pulling hair and of randomly trying things, I finally realized that I had to enable the TRACE level of debugging at the container level to get the debugging out. Unfortunately, doing that means having to put the realm defn in the actual context, or there is way too much noise generated at a higher level. But it did finally give me the logging information I needed. Finally, with some additional help, I discovered that the pwd storage mechanism in the LDAP server didn't match what Tomcat was expecting, so I had to drop the userPassword parameter in the Realm defn, which makes Tomcat validate the user/pwd by trying a simple bind to the LDAP server using the user's username/pwd instead of retreiving the user's object and checking the pwd itself. Finally, everything seems to work. Several hours later. Thanks again, Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org == For more information on the Television New Zealand Group, visit us online at tvnz.co.nz == CAUTION: This e-mail and any attachment(s) contain information that is intended to be read only by the named recipient(s). This information is not to be used or stored by any other person and/or organisation. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Setting Context Path in Tomcat
How do one go about setting tomcat in this kind of environment? I have 3 war files, app1.war, app2.war, app3.war I want to setup tomcat so all three webapps are under the same folder/directory/group. http://www.clienthost.com/group1/app1/index.jsp http://www.clienthost.com/group1/app2/index.jsp http://www.clienthost.com/group1/app3/index.jsp If I drop the war files in the default webapps folder, I can only access the application with the following URLs: http://www.clienthost.com/app1/index.jsp http://www.clienthost.com/app2/index.jsp http://www.clienthost.com/app3/index.jsp I tried to set the Context path to /group1/app1 but it doesn't work either. Any idea? -- View this message in context: http://www.nabble.com/Setting-Context-Path-in-Tomcat-tp24927313p24927313.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Setting Context Path in Tomcat
From: carbotex [mailto:carbo...@gmail.com] Subject: Setting Context Path in Tomcat How do one go about setting tomcat in this kind of environment? First by telling us what version of Tomcat you're using. Since you didn't bother to do that, I'll base the response on 6.0.20. http://www.clienthost.com/group1/app1/index.jsp http://www.clienthost.com/group1/app2/index.jsp http://www.clienthost.com/group1/app3/index.jsp Change the names of the .war files to group1#app1.war, group1#app2.war, and group1#app3.war, and place them in the webapps directory. I tried to set the Context path to /group1/app1 but it doesn't work either. The path attribute for a Context element is not allowed in most situations in any reasonably recent version of Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Log4j vs JULI configuration discrepancy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric, On 8/11/2009 5:25 PM, Eric B. wrote: My webapp uses log4j to log data to stdout. When using Juli (in the default configuration), everything that is displayed in stdout is logged to catalina.out. However, when I switch to log4j, this doesn't seem to be the case; only data that is logged by tomcat is logged to my catalina.out; anything my webapp is logging to stdout isn't captured in the file. How many log4j.jar files od you have, and where are they? The behavior you describe sounds like your webapp has its own copy of log4j.jar AND log4j.properties which are being used for the webapp instead of the globally-loaded log4j classes and log4j.properties file. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqCI8cACgkQ9CaO5/Lv0PAarwCgwyKHyNLOVafnv5G7e/1MWmUF WqgAoLrSh5jCfYJEPRh2nYp/2Kry1nMl =wD/H -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Log4j vs JULI configuration discrepancy
Christopher Schultz ch...@christopherschultz.net wrote in message news:4a8223c7.1030...@christopherschultz.net... My webapp uses log4j to log data to stdout. When using Juli (in the default configuration), everything that is displayed in stdout is logged to catalina.out. However, when I switch to log4j, this doesn't seem to be the case; only data that is logged by tomcat is logged to my catalina.out; anything my webapp is logging to stdout isn't captured in the file. How many log4j.jar files od you have, and where are they? The behavior you describe sounds like your webapp has its own copy of log4j.jar AND log4j.properties which are being used for the webapp instead of the globally-loaded log4j classes and log4j.properties file. Yes - that's exactly the case. The webapp has its own self-contained log4j.jar and log4j.xml. I assumed that might be part of the cause, however I don't understand why when using Juli anything that webapp's log4j logs to Stdout gets logged to a file, however, when using log4j with tomcat this behaviour isn't replicated. Is there a reason for that? Thanks, Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Log4j vs JULI configuration discrepancy
From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric B. Subject: Re: Log4j vs JULI configuration discrepancy I don't understand why when using Juli anything that webapp's log4j logs to Stdout gets logged to a file, however, when using log4j with tomcat this behaviour isn't replicated. Note that catalina.out isn't actually being logged to; the Tomcat startup script simply redirects stdout and stderr to this file. I don't know what happens to System.out and System.err when log4j is in the game. Are you using swallowOutput in your Context element? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need some SSL Config help.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 8/11/2009 4:47 PM, Josh Gooding wrote: ok back to the topic at hand here. I have removed httpd from my server, installed APR, and have gotten my cert file from my hosting company. it is in pfx format. Now I found some information on the net: http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html It was saying that I can just use the pfx file with tomcat 5.5, so I put the file in my $CATALINA_HOME directory just as a test, modified my server.xml file to accept SSL: *Connector protocol=HTTP/1.1 port=443 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=C:/Program Files/[*]/apache-tomcat-6.0.18/[*].com.pfx keystorePass=[*] keystoreType=pkcs12 clientAuth=false sslProtocol=TLS /* *and blamo I get these exceptions:* Not surprising. Read the documentation for the APR connector: http://tomcat.apache.org/tomcat-5.5-doc/apr.html Specifically, search for the term certificate. First of all, your SSL configuration is completely wrong for use with APR. You don't use keystoreFile, keystorePass, and keystoreType. Even if you did, telling Java that the keystore is actually a PKCS12 keystore while providing it is a PFX-encoded SSL certificate should have tipped you off that something was amiss. If you were previously following the standard SSL documentation (http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html), you should have seen this note at the top of the file: IMPORTANT NOTE: This Howto refers to usage of JSSE. When using APR, Tomcat will use OpenSSL, which uses a different configuration. What you want is SSLCertificateFile and friends. SSLCertificateFile is documented to only accept certificates in PEM format. Check out this page for some tricks to converting your certificate files using openssl: http://eoc.eu-eela.eu/doku.php?id=manipulate_your_certificate There is also a Java tool that can do thing like this called Portecle (http://portecle.sourceforge.net/) if you don't have openssl handy. *and these to boot says it cannot bind to port 443 (or 8443 either)* *Aug 11, 2009 4:13:51 PM org.apache.coyote.http11.Http11AprProtocol start SEVERE: Error starting endpoint java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. Do you have multiple Connector elements specified? If so, check all the port numbers. If not, make sure that Tomcat isn't already running. If it's not, make sure Apache httpd isn't running :) Finally, make sure IIS isn't running or using those ports. So it looks like I cannot use a pfx file with tomcat 6.0.18. You should be able to, just not with the APR connector because openssl doesn't grok PKCS12/PFX. Am I able to use the pfx file with tomcat 6? Yes, just not with the APR connector. The socket bind issue I have no clue, it looks like something is already running on port 443, but that is impossible. Really? Try running 'netstat' to find out who is bound to port 443 (or 8443). I only have the tomcat server running, IIS is disabled and httpd has been removed from the system completely. I also tried port 8443 but I am getting the same error message. netstat -a -b -n -o | find 443 (make sure you're an administrator or you'll get no output) Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqCKokACgkQ9CaO5/Lv0PBBxACgjcVaS2sdKa7COzdKnSbAAHun gl0AnRaKPC30C+und74r7tFKuN63OOmq =QIJp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org