Re: Installing certificate chain on Tomat

2010-04-10 Thread nowled.excite


Maybe you are getting the certificate myhost issued by CA X is not trusted, 
because you a fucking virus


-Original Message-
From: /U [uma...@comcast.net]
Date: 04/10/2010 12:02 AM
To: users@tomcat.apache.org
Subject: Re: Installing certificate chain on Tomat

Note: Original message sent as attachment---BeginMessage---

i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I have
private key (PEM), 
identity cert (PEM)  (CA X trusts myhost)
   and a cert chain file (PEM file) (entrust trusts CA X)

The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost


I have converted the private  key and identify cert into DER form
and have imported into /etc/keystore (tomcat's keystore).
I have imported the certificate chain PEM file into
${JAVA_HOME}/jre/lib/security/cacerts.

when I login to tomcat i get warning that certificate 
 myhost isused by CA X is not trrusted.

It seems like browser does not get full cert chain (entrust = CA X =
myhost).
what could I be doing wrong? pl help.

Regs,

/U
-- 
View this message in context: 
http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28199836.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

ICBieSBhcGF1
---End Message---

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: symbolic links deleted when restarting tomcat

2010-04-10 Thread Pid *
On 9 April 2010 22:16, Karin Moscovici karin.moscov...@correlix.com wrote:

 Thanks Chris. Indeed, my issue is different than the one you've described -
 The links are deleted from common/lib and server/lib, and their targets are
 unharmed.  I don't know of any other reason that could have possible cause
 the deletion. Thanks for the answer.


Is it happening regularly, or did it happen just once?

Can you examine the .bash_history of any users with access to this system to
see if it was an inadvertent human error?


p

On Sat, Apr 10, 2010 at 12:06 AM, Christopher Schultz 
 ch...@christopherschultz.net wrote:

  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
 
  Karin,
 
  On 4/9/2010 4:55 PM, Karin Moscovici wrote:
   I'm using tomcat 5.5 on Linux Centos. Today, after restarting tomcat,
 my
   application did not load. In the logs I found NoClassDefError on
   org.servlet.jsp.JspFactory class. It seems that the symbolic link to
   /usr/shar/java/jsp.jar that was under tomcat/common/lib simply
  dissappeared.
   When I added it using ln -s the problem was solved. This has happened
 to
  me
   once before with HttpServletRequest class and servlet-api.jar from
   tomcat/server/lib. Is this a known issue?
 
  The only issue I believe Tomcat has with symbolic links is when you have
  a symbolic link pointing from inside your webapp's deployment directory
  (say, webapps/mywebapp) and then you perform an undeploy operation:
  that will perform a recursive delete that ravages the target of the
  symlink.
 
  That has been fixed in recent versions: check the ChangeLog for details.
 
  It sounds like your issue is something different, though.
 
  I don't believe Tomcat deletes any files except those related to actual
  webapps. Are you sure there's no other way these links could have been
  deleted?
 
  You could make those files (and their parent directories) non-writable
  by the euid running Tomcat and see if you get any exceptions: that would
  produce a stack trace proving that Tomcat is trying to delete the file
  (when it probably shouldn't be).
 
  - -chris
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1.4.10 (MingW32)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
  iEYEARECAAYFAku/lsQACgkQ9CaO5/Lv0PAsFgCcCshvXNw9XgunBH5UU5vgK2iQ
  5qUAmwYM/5ElVOOXJtSm5KQL2QADVhuL
  =V0Vo
  -END PGP SIGNATURE-
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 




-- 

--
pidster.com


Re: Tomcat 5.4 exist?

2010-04-10 Thread Pid *
There is/was no Tomcat 5.4.
There was a 5.5.4, which is very, very old.

 http://archive.apache.org/dist/tomcat/tomcat-5/archive/

http://archive.apache.org/dist/tomcat/tomcat-5/archive/
p


2010/4/10 Sébastien Charland charland.sebast...@gmail.com

 Hi,

 I just want to know if there is a Tomcat version 5.4 and where I can find
 it. I checked on the archive but there is only 5.0.x and 5.5.x versions.
 Someone told me that he have a Tomcat 5.4 installed.

 thank you!

 Sébastien




-- 

--
pidster.com


Re: Tomcat 6 fresh install, will not startup,

2010-04-10 Thread Pid *
 Installed apache-tomcat-6.0.26 into
 folder C:\apache-tomcat-6.0.26\

 C:\apache-tomcat-6.0.26\bin
 catalina.bat version
 Using CATALINA_BASE:
 C:\apache-tomcat-6.0.26\
 Using CATALINA_HOME:
 C:\apache-tomcat-6.0.26\
 Using CATALINA_TMPDIR:
 C:\apache-tomcat-6.0.26\\temp


Those two slashes look suspicious to me.


 Using JRE_HOME:
 C:\Program Files\Java\jdk1.6.0_19\
 Using CLASSPATH:
 C:\apache-tomcat-6.0.26\\bin\bootstrap.jar


Also these two slashes.


 java.io.FileNotFoundException:

C:\apache-tomcat-6.0.26-Dcatalina.home=C:\apache-tomcat6.0.26\logs\catalina.2010-04-09.log


Can you confirm that the path actually does have the two inverted commas in
it?


p

Regards
 Robert J Wolf
 www.linkedin.com/in/robertwolftorontoEmail
 robert_wolf_toro...@yahoo.cacell Phone 416-953-7288


  __
 Looking for the perfect gift? Give the gift of Flickr!

 http://www.flickr.com/gift/




-- 

--
pidster.com


Re: Tomcat 6 fresh install, will not startup,

2010-04-10 Thread Pid *
Ignore my last, didn't see your last reply.

p


On 10 April 2010 10:03, Pid * p...@pidster.com wrote:


 Installed apache-tomcat-6.0.26 into
 folder C:\apache-tomcat-6.0.26\

 C:\apache-tomcat-6.0.26\bin
 catalina.bat version
 Using CATALINA_BASE:
 C:\apache-tomcat-6.0.26\
 Using CATALINA_HOME:
 C:\apache-tomcat-6.0.26\
 Using CATALINA_TMPDIR:
 C:\apache-tomcat-6.0.26\\temp


 Those two slashes look suspicious to me.


 Using JRE_HOME:
 C:\Program Files\Java\jdk1.6.0_19\
 Using CLASSPATH:
 C:\apache-tomcat-6.0.26\\bin\bootstrap.jar


 Also these two slashes.


 java.io.FileNotFoundException:


 C:\apache-tomcat-6.0.26-Dcatalina.home=C:\apache-tomcat6.0.26\logs\catalina.2010-04-09.log


 Can you confirm that the path actually does have the two inverted commas in
 it?


 p

 Regards
 Robert J Wolf
 www.linkedin.com/in/robertwolftorontoEmail
 robert_wolf_toro...@yahoo.cacell Phone 416-953-7288


  __
 Looking for the perfect gift? Give the gift of Flickr!

 http://www.flickr.com/gift/




 --

 --
 pidster.com




-- 

--
pidster.com


Re: Installing certificate chain on Tomat

2010-04-10 Thread Pid *
On 10 April 2010 08:58, nowled.excite now...@excite.com wrote:

 Maybe you are getting the certificate myhost issued by CA X is not trusted,
 because you a fucking virus


No need for that.

p

-Original Message-
 From: /U [uma...@comcast.net]
 Date: 04/10/2010 12:02 AM
 To: users@tomcat.apache.org
 Subject: Re: Installing certificate chain on Tomat

 Note: Original message sent as attachment

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 

--
pidster.com


Re: Tomcat 5.4 exist?

2010-04-10 Thread David Kerber

Pid * wrote:

There is/was no Tomcat 5.4.
There was a 5.5.4, which is very, very old.
  

And 5.0.4 which is even older.

D


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Installing certificate chain on Tomat

2010-04-10 Thread /U

hello Pid,

am i right in assuming that the identity certificate+private key is
installed
in  keystoreFile of the SSL connector (C:\keystore below) and the CA 
certificate chain is installed in jre/lib/security/cacerts?

 Connector port=443
   protocol=HTTP/1.1 SSLEnabled=true
   maxThreads=150 scheme=https secure=true
   clientAuth=false sslProtocol=TLS
   keystoreFile=C:\keystore keystorePass=changeit
 /


any assistance appreciated,

/U


-Original Message-
 From: /U [uma...@comcast.net]
 Date: 04/10/2010 12:02 AM
 To: users@tomcat.apache.org
 Subject: Re: Installing certificate chain on Tomat

 Note: Original message sent as attachment

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 

--
pidster.com



-- 
View this message in context: 
http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28202227.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Installing certificate chain on Tomat

2010-04-10 Thread Michael Dockery
i had to install my ca root certs in a keystore specificed/referenced by the 
truststorefile parameter
  NOT the keystorefile parm




From: /U uma...@comcast.net
To: users@tomcat.apache.org
Sent: Sat, April 10, 2010 10:07:47 AM
Subject: Re: Installing certificate chain on Tomat


hello Pid,

am i right in assuming that the identity certificate+private key is
installed
in  keystoreFile of the SSL connector (C:\keystore below) and the CA 
certificate chain is installed in jre/lib/security/cacerts?

 Connector port=443
   protocol=HTTP/1.1 SSLEnabled=true
   maxThreads=150 scheme=https secure=true
   clientAuth=false sslProtocol=TLS
   keystoreFile=C:\keystore keystorePass=changeit
 /


any assistance appreciated,

/U


-Original Message-
 From: /U [uma...@comcast.net]
 Date: 04/10/2010 12:02 AM
 To: users@tomcat.apache.org
 Subject: Re: Installing certificate chain on Tomat

 Note: Original message sent as attachment

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 

--
pidster.com



-- 
View this message in context: 
http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28202227.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


  

Re: Installing certificate chain on Tomat

2010-04-10 Thread Crypto Sal

 On 04/10/2010 12:01 AM, /U wrote:

i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I have
 private key (PEM),
 identity cert (PEM)  (CA X trusts myhost)
and a cert chain file (PEM file) (entrust trusts CA X)

The cert chain is: (entrust) === trusts ==  (CA X) == trusts ==  myhost


I have converted the private  key and identify cert into DER form
and have imported into /etc/keystore (tomcat's keystore).
I have imported the certificate chain PEM file into
${JAVA_HOME}/jre/lib/security/cacerts.

when I login to tomcat i get warning that certificate
  myhost isused by CA X is not trrusted.

It seems like browser does not get full cert chain (entrust =  CA X =
myhost).
what could I be doing wrong? pl help.

Regs,

/U


Hello,

You may want to take a look at Comodo's documentation for Tomcat.

https://support.comodo.com/index.php?_m=knowledgebase_a=viewarticlekbarticleid=1204

It shows how to easily install a trusted certificate for use with Tomcat 
(and most Java based Web Servers). I've used this documentation quite a 
few times and it has always been spot on.


You may want to view the contents of the keystore: keytool -v -list 
-keystore KEYSTORE_FILE; to see what is missing. Tomcat should have the 
Intermediate Cert(s) and the Entity/Domain Cert inside the keystore.


Hope this helps!






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Installing certificate chain on Tomat

2010-04-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

/U,

On 4/10/2010 12:01 AM, /U wrote:
 i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I have
 private key (PEM), 
 identity cert (PEM)  (CA X trusts myhost)
and a cert chain file (PEM file) (entrust trusts CA X)
 
 The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost
 
 I have converted the private  key and identify cert into DER form
 and have imported into /etc/keystore (tomcat's keystore).

Tomcat does not use /etc/keystore unless you tell it to do so. Can you
show us your server.xml, specifically your SSL Connector element?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvAtWgACgkQ9CaO5/Lv0PDQBgCgnPJP17/F6OI2UXPRaQ7xnKau
RTUAoLYShr4IVwKZJrOfyvZKGkGAvnUQ
=/uks
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Installing certificate chain on Tomat

2010-04-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

/U,

On 4/10/2010 10:07 AM, /U wrote:
 am i right in assuming that the identity certificate+private key is
 installed
 in  keystoreFile of the SSL connector (C:\keystore below) and the CA 
 certificate chain is installed in jre/lib/security/cacerts?
 
  Connector port=443
protocol=HTTP/1.1 SSLEnabled=true
maxThreads=150 scheme=https secure=true
clientAuth=false sslProtocol=TLS
keystoreFile=C:\keystore keystorePass=changeit
  /

Wait, last time you said /etc/keystore. Is this *NIX or Microsoft Windows?

If you have C:\keystore as your keystore, then the keystore file
should be in (you guessed it) C:\keystore

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvAtbsACgkQ9CaO5/Lv0PDXOACgodvxD9VWjn9tFRsDk+LLGlf3
IacAn0I58CRoEZ/R81Nf4wwvxeyfDxco
=n2Tx
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 6 fresh install, will not startup,

2010-04-10 Thread venkatesh kumar
On Sat, Apr 10, 2010 at 2:43 AM, Robert Wolf
robert_wolf_toro...@yahoo.cawrote:




 Did I fresh install and did not
 modify any of the files.

 Running on windows XP with service
 packs

 Using Sun’s
 java
 C:\apache-tomcat-6.0.26\bin
 java -version
 java version
 1.6.0_19
 Java(TM) SE Runtime
 Environment (build 1.6.0_19-b04)
 Java HotSpot(TM) Client VM
 (build 16.2-b04, mixed mode, sharing)

 Installed apache-tomcat-6.0.26 into
 folder C:\apache-tomcat-6.0.26\

 C:\apache-tomcat-6.0.26\bin
 catalina.bat version
 Using CATALINA_BASE:
 C:\apache-tomcat-6.0.26\
 Using CATALINA_HOME:
 C:\apache-tomcat-6.0.26\
 Using CATALINA_TMPDIR:
 C:\apache-tomcat-6.0.26\\temp
 Using JRE_HOME:
 C:\Program Files\Java\jdk1.6.0_19\
 Using CLASSPATH:
 C:\apache-tomcat-6.0.26\\bin\bootstrap.jar
 Server version: Apache
 Tomcat/6.0.26
 Server built:   March 9 2010
 1805
 Server number:
 6.0.26.0
 OS Name:Windows
 XP
 OS Version:
 5.1
 Architecture:
 x86
 JVM Version:
 1.6.0_19-b04
 JVM Vendor: Sun
 Microsystems Inc.

 Setup two environment
 variables:
 C:\apache-tomcat-6.0.26\bin
 echo %JAVA_HOME%
 C:\Program
 Files\Java\jdk1.6.0_19\

 C:\apache-tomcat-6.0.26\bin
 echo %CATALINA_HOME%
 C:\apache-tomcat-6.0.26\

 The problem is it is not creating
 the log file name properly
 Should
 be
 C:\apache-tomcat-6.0.26\logs\catalina.2010-04-09.log

 But it looks like this, which is
 wrong
 C:\apache-tomcat-6.0.26
 -Dcatalina.home=C:\apache-tomcat-6.0.26\logs\catalina.2010-04-09.log


 Try to startup and get the following
 error

 C:\apache-tomcat-6.0.26\bin
 catalina.bat run
 Using CATALINA_BASE:
 C:\apache-tomcat-6.0.26\
 Using CATALINA_HOME:
 C:\apache-tomcat-6.0.26\
 Using CATALINA_TMPDIR:
 C:\apache-tomcat-6.0.26\\temp
 Using JRE_HOME:
 C:\Program Files\Java\jdk1.6.0_19\
 Using CLASSPATH:
 C:\apache-tomcat-6.0.26\\bin\bootstrap.jar
 java.util.logging.ErrorManager:
 4
 java.io.FileNotFoundException:
 C:\apache-tomcat-6.0.26
 -Dcatalina.home=C:\apache-tomcat6.0.26\logs\catalina.2010-04-09.log
 (The filename, directory
 name, or volume label syntax is incorrect)
 at
 java.io.FileOutputStream.openAppend(Native Method)
 at
 java.io.FileOutputStream.init(FileOutputStream.java:177)
 at
 java.io.FileOutputStream.init(FileOutputStream.java:102)
 at
 org.apache.juli.FileHandler.openWriter(FileHandler.java:328)
 at
 org.apache.juli.FileHandler.init(FileHandler.java:65)
 at
 org.apache.juli.FileHandler.init(FileHandler.java:56)
 at
 sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
 Method)

 at

 sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
 at

 sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
 at
 java.lang.reflect.Constructor.newInstance(Constructor.java:513)
 at
 java.lang.Class.newInstance0(Class.java:355)
 at
 java.lang.Class.newInstance(Class.java:308)
 at

 org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:515)
 at

 org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:460)
 at

 org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:286)
 at
 java.util.logging.LogManager$2.run(LogManager.java:268)
 at
 java.security.AccessController.doPrivileged(Native
 Method)
 at

 java.util.logging.LogManager.readPrimordialConfiguration(LogManager.java:266)
 at
 java.util.logging.LogManager.getLogManager(LogManager.java:249)
 at
 java.util.logging.Logger.init(Logger.java:220)
 at
 java.util.logging.LogManager$RootLogger.init(LogManager.java:958)
 at
 java.util.logging.LogManager$RootLogger.init(LogManager.java:955)
 at
 java.util.logging.LogManager$1.run(LogManager.java:181)
 at
 java.security.AccessController.doPrivileged(Native
 Method)
 at
 java.util.logging.LogManager.clinit(LogManager.java:158)
 at
 java.util.logging.Logger.getLogger(Logger.java:273)
 at
 org.apache.juli.logging.DirectJDKLog.init(DirectJDKLog.java:71)
 at
 org.apache.juli.logging.DirectJDKLog.getInstance(DirectJDKLog.java:17
 8)
 at
 org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
 at
 org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
 at
 org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
 at
 org.apache.catalina.startup.Bootstrap.clinit(Bootstrap.java:55)
 java.util.logging.ErrorManager:
 4
 java.io.FileNotFoundException:
 C:\apache-tomcat-6.0.26
 -Dcatalina.home=C:\apache-tomcat-6.0.26\logs\localhost.2010-04-09.log (The
 filename, directory name, or
  volume label syntax is
 incorrect)
 at
 java.io.FileOutputStream.openAppend(Native Method)
 at
 java.io.FileOutputStream.init(FileOutputStream.java:177)
 at
 

Re: Installing certificate chain on Tomat

2010-04-10 Thread /U

Thank you Chris for your suggestion.

Here is my connector:

   Connector port=443 protocol=HTTP/1.1 SSLEnabled=true
   maxThreads=150 scheme=https secure=true
   clientAuth=false sslProtocol=TLS
   keystoreFile=/users/me/.keystore keystorePass=changeit
 /

I have received the following keys/certs from CA:
- file1: private key for myhost
- file2: identity certificate for myhost signed by CA1
- file3: certificate for CA1 signed by entrust

I installed private key (file1) and myhost cert (file2) into
/users/me/.keystore
using the ImportKey utility.
I installed the CA1's certificated into /users/me/.keystore using keytool.
My keytool lookslike this:
   $ keytool -list -keystore /users/me/.keystore 
   ...password...
   Keystore type: JKS
   Keystore provider: SUN

   Your keystore contains 2 entries

   CA1, Apr 10, 2010, trustedCertEntry,
   Certificate fingerprint (MD5):
2F:B3:00:F2:FA:12:7B:BD:82:95:70:05:99:12:17:DB:BE
   tomcat, Apr 10, 2010, PrivateKeyEntry, 
   Certificate fingerprint (MD5):
CD:D9:06:11:30:CD:C2:60:33:33:68:A2:30:5C:01:50
  $

I did not install any certificates into truststore
(jre/lib/security/cacerts).

When I connect browser to https://myhost, i get a cert error that
myhost is signed by CA1and cannot be trusted.
Browser show only one cert (for myhost) and not show the full
cert chain (myhost - CA1 and CA1 - entrust).
Why is the full cert chain not sent to browser.
Since entrust CA cert is in browser CA list, if tomcat send full cert
chain
to browser, it would be trusted.


Also, when I use openss client, I see that full cert chain is not sent:
   C:\  openssl s_client -connect myhost:443

   verify error:num=21:unable to verify the first certificate
   verify return:1
   ---
   Certificate chain
 0 s:/C=US/ST=YY/L=XX/O=myhost Inc./OU=IT/CN=myhost
 i:/C=US/O=CA1, Inc./OU=www.CA1.net is incorporated by reference/OU=...,
Inc./CN=CA1Certification Authority 

Why does this chain not have CA1-entrust certificate.
what i do wrong? should all CA certs be in truststore?

what is the defaulttruststore of tomcat? what is difference between
truststore and 
keystore. is it correct to say all CA certs be in truststore and private
key and identity cert
be in keystore?

many thanx,

/U


Christopher Schultz-2 wrote:
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 /U,
 
 On 4/10/2010 12:01 AM, /U wrote:
 i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I
 have
 private key (PEM), 
 identity cert (PEM)  (CA X trusts myhost)
and a cert chain file (PEM file) (entrust trusts CA X)
 
 The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost
 
 I have converted the private  key and identify cert into DER form
 and have imported into /etc/keystore (tomcat's keystore).
 
 Tomcat does not use /etc/keystore unless you tell it to do so. Can you
 show us your server.xml, specifically your SSL Connector element?
 
 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iEYEARECAAYFAkvAtWgACgkQ9CaO5/Lv0PDQBgCgnPJP17/F6OI2UXPRaQ7xnKau
 RTUAoLYShr4IVwKZJrOfyvZKGkGAvnUQ
 =/uks
 -END PGP SIGNATURE-
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

-- 
View this message in context: 
http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28204196.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Installing certificate chain on Tomat

2010-04-10 Thread /U

I tried this on different systems (*nix and XP) and hence the 
differences in my excerpts. but in each case, the connector
config correct refers to keystore. i am sorry i quoted different
configs - will stick to *nix from now on.

i am confused about one thing: whil keystore is explicitly specified 
in connector config, what about the truststore?

i assume truststore stores the trusted CA certs (as opposed to
private keys/identity cert). Is this correct?

Why does not connector config not refer to truststore config ?
Or is that by default become ${JAVA_HOME}/jre/lib/security/cacerts?

What is the relation/differences (as far as tomcat is concerned) between
keystore, truststore and {JAVA_HOME}/jre/lib/security/cacerts?

with sincere thanx!

/U



Christopher Schultz-2 wrote:
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 /U,
 
 On 4/10/2010 12:01 AM, /U wrote:
 i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I
 have
 private key (PEM), 
 identity cert (PEM)  (CA X trusts myhost)
and a cert chain file (PEM file) (entrust trusts CA X)
 
 The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost
 
 I have converted the private  key and identify cert into DER form
 and have imported into /etc/keystore (tomcat's keystore).
 
 Tomcat does not use /etc/keystore unless you tell it to do so. Can you
 show us your server.xml, specifically your SSL Connector element?
 
 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iEYEARECAAYFAkvAtWgACgkQ9CaO5/Lv0PDQBgCgnPJP17/F6OI2UXPRaQ7xnKau
 RTUAoLYShr4IVwKZJrOfyvZKGkGAvnUQ
 =/uks
 -END PGP SIGNATURE-
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

-- 
View this message in context: 
http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p2820.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat startup error

2010-04-10 Thread Bill Barker



Christopher Schultz ch...@christopherschultz.net wrote in message 
news:4bbf945e.4050...@christopherschultz.net...

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harry,

On 4/9/2010 2:01 PM, Harry Metske wrote:
you are using some piece of software (com.mypkg.packaging.*) that is 
calling

tomcat code.
It expects to find a method in org.apache.tomcat.util.IntrospectionUtils
that is no longer there in 6.0.26, which causes the NoSuchMethodError.
Basically your embedder does not support this version of Tomcat, you 
should

contact the vendor, they should do the recompile .


It's interesting that the Java Runtime throws a NoSuchMethodError since
the return type is not technically part of the method signature. I've
never considered this before, and it totally makes sense because the
return type really is an important part of the method. Just interesting
to note that the effective method signature is not the same as the
official one.

Another thing to note is that the Tomcat folks have made an unstable
change, here, by changing a public API. It would have been better to
create a method with a new signature and deprecated the old one, while
leaving it there.



The Tomcat developers have always considered this to be part of the internal 
API, not the public API.  This is true of most of the classes under the 
org.apache.tomcat package.



- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAku/lF4ACgkQ9CaO5/Lv0PCHaQCguLBWWaK6kp+md88Hxo3dGZ4z
itEAnjsMKVr6fWyJG44nbNJGFUKLDsU1
=ER++
-END PGP SIGNATURE-  




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org