Re: SSL Certificate Renewal

Nitin On 13.6.2019. 07.37, Nitin Kadam wrote: I have apache tomcat server running with publicly signed SSL certificate configured in server.xml, the same certificate is expiring in next week, I need steps to the to renew of same. *Server OS: Windows 2012 R2* *Apache Tomcat/8.5.38* 1. How to

Re: Fwd: Tomcat question

Zahi, On 30.4.2018. 11:09, Zahi Fail wrote: curl -X POST \ http://localhost:8080/userManagement/rest/Traffic/users2 \ -H 'Authorization: Basic dG9tY2F0OnMzY3JldA==' \ -H 'Cache-Control: no-cache' \ -H 'Content-Type: application/json' \ -H 'Postman-Token:

Re: Fwd: Tomcat question

Zahi, On 25.4.2018. 13:19, zahi.f...@gmail.com wrote: I configured in my conf\server.xml file the realm as below: Ok, so the configuration looks fine. You said you are using Postman to send the request. Can you paste the `curl` command that the postman can generate for you just to check if

Re: Tomcat question

Zahi, On 23.4.2018. 16:38, Zahi Fail wrote: > This is the following code from my web.xml file: ... > *and in the tomcat-user.xml i have updated the code as below: * ... You need to configure appropriate realm. Did you do that? You can do it in your webapp's context.xml, or in server.xml file,

Re: Facing issue while configuring SSL

Román, On 15.7.2016 5:01, Román Valoria wrote: The SSL Certificate was created using the wrong FQDN, which meant that the hostname to IP address resolution done by the browser was failing. The telnet command was done using the wrong FQDN, while openssl using localhost. On top of that, since the

Re: Facing issue while configuring SSL

Devendra, On 14.7.2016 10:38, Devendra Sengar wrote: But the tomcat server is started without any error but won't able to open the home page of tomcat giving the error like: This site can’t be reached The webpage at *https://:8443/* might be temporarily down or it may have moved permanently to

Re: Need help setting up SSL on Tomcat 8

Sean, On 13.7.2016 21:56, Sean Son wrote: Thank you for your answer guys. Is there anywhere in the Tomcat config files that I would need to specify the DNS name? Like in Apache we would specify the DNS name in a Virtualhost. Take a look at context xml, attribute "name" in Host element [1],

Re: Need help setting up SSL on Tomcat 8

Sean, On 12.7.2016 14:49, Sean Son wrote: Hello thank you for your response. I am currently only accessing the server using IP address only. We do not have a DNS record set up for the server as of yet. It will be something like webapp.example.com Once there is a DNS record in place, and you

Re: Need help setting up SSL on Tomcat 8

On 11.7.2016 16:29, Sean Son wrote: Here is the certificate path: - Go Daddy Root Certificate Authority - G2 - Go Daddy Secure Certificate Authority - G2 - *.example.com That looks Ok. Did you, perhaps, tried to access server on subdomain of example.com?

Re: Need help setting up SSL on Tomcat 8

On 7.7.2016 23:17, Daniel Savard wrote: Certificate Error There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID). Looks like adding the keyAlias to the connector did not fix anything unfortunately. Did you examined the received certificate in the browser.

Re: Need help setting up SSL on Tomcat 8

Sean, On 5.7.2016 17:14, Sean Son wrote: Hello Daniel and all Here is the output.. the full output http://pastebin.com/AQckw6ig Keytool output indicates that there are two entries in keystore: 1. Entry with alias "root", created Jun 16, 2016, which is intermediate certificate for Go

Re: Source IP filtering on some URLs before Container-managed authentication

Andre, On 20.11.2015 17:44, André Warnier (tomcat) wrote: Well, you can use a lot more conditions in urlrewrite filter, such as a client IP + URL patterns + lots more. And you can combine them using the type="next". Your original post said "My webapp have a set of resources, let's call that

Re: Source IP filtering on some URLs before Container-managed authentication

Andre, Chris, On 20.11.2015 9:30, André Warnier (tomcat) wrote: On 19.11.2015 21:26, Christopher Schultz wrote: I think that may be the only way to do it. IIRC, someone did some work to allow Filters to be used in the valve chain, but I don't think there is any facility for specifying s for

Source IP filtering on some URLs before Container-managed authentication

Hi, My webapp have a set of resources, let's call that set R. Some of those resources need to be accessed only from certain source IP addresses, let's call that subset R'. And some subset of R' (let's call it R'') needs authentication. I have a reqirement to check source IP address before

Re: Question for posgresq, and jdbc.jar placement.

Jose & Chris, On 21.10.2015 20:47, Christopher Schultz wrote: Jose, On 10/21/15 7:33 AM, Jose María Zaragoza wrote: IMHO $CATALINA_HOME/lib would be the right place +1 Are you willing to elaborate why do you prefer $CATALINA_HOME instead of $CATALINA_BASE? I don't have multiple

Re: How do LockOutRealms work ?

Mark, On 31.8.2015 12:42, Mark Thomas wrote: I experienced situations where the user calls the first level service desk and a ticket goes all its way to someone who can read the server logs and understand the issue... Not exactly optimal. I agree. That is why most organisations provide

Re: Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

Diarmuid, On 27.8.2015 22:31, dmccrthy wrote: * our non-production server with the same versions of all client software connects with no errors to a non-production instance of the same 3rd party service using the same cipher suite. So the tool we're using is our 3rd party client Web app (the

Re: Need configuration example for Tomcat 7.0.55 TLS configuration

On 7.4.2015 15:23, Christopher Schultz wrote: After a weekend of ripping out clumps of my hair and swearing at my computer, nothing had worked. In desperation, before upgrading Java and Tomcat, I tried regenerating my self-signed certificate with new settings (SHA256 instead of SHA1) and that

Re: Need configuration example for Tomcat 7.0.55 TLS configuration

Tom, On 5.4.2015 3:06, Tom Williamson wrote: I would like to know if anyone has a working example of getting TLS 1.2 working on Tomcat 7.0.55, so that it can be accessed by the latest version of Chrome and Firefox. Which version of Java do you use? Make sure it is Java 7 or 8, and if you

Re: SSL / TLS compression | SPDY service|CVE-2012-4929

Rahul, On 27.3.2015 14:42, Rahul Kumar Singh wrote: So how to disable compression and / or the SPDY service in tomcat6. If you are using JSSE connectors (BIO/NIO/NIO2), compression is already disabled because JSSE does not support it, and there is no support for SPDY protocol on those

Re: Chrome reports Tomcat hosted sites as using 'obsolete cryptography'

Egor, On 26.3.2015 21:23, Mark Thomas wrote: On 26/03/2015 17:30, Egor Philippov wrote: Anyone familiar with the warning or know whether it represents a real security problem? That depends on your definition of 'real'. I'm not aware of any viable attacks but general opinion is that now is

Re: Changing Tomcat's SSL ciphers

Eric, On 2.3.2015 23:45, Eric wrote: I am trying to change the ciphers that my Tomcat 7 server supports. I am using the APR connector. Here's the connector information in server.xml with the line saying which ciphers to support: Connector port=8443 executor=edgeExecutor

Re: Cannot disable SSL v3

Deepak, On 17.10.2014 19:13, dku...@ccilindia.co.in wrote: How can I know which protocol support my JVM. We are using java1.7.0_40 Take a look at: https://wiki.apache.org/tomcat/Security/POODLE Please let us know is any turnaround in my server.xml configuration to disable SSL v3.

Re: Tomcat 6 SSL issue

Baran, On 16.10.2014 19:20, Baran Topal wrote: I did the new CSR with the new private key. Ok. You could also add protocol attribute to force JSSE connector (BIO or NIO), to prevent connector auto-selection. 1) What is the protocol attribute and where to add it? To your Connector

Re: Tomcat JVM Crash

Chad, On 10.10.2014 18:12, Chad Maniccia wrote: I have reported my findings to Oracle. They need to fix the bug, but for us the best solution was just to move away from JSSE and switch to APR OpenSSL which is the recommend solution to begin with. Thank you for reporting that back to us.

Re: Tomcat 6 SSL issue

Baran, On 10.10.2014 21:06, Baran Topal wrote: Then I received 2 files from the certificate authority, abc.com.cer and abc.om.p7b What certificates do those files contain? Connector port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false

Re: tomcat crash problem (INTERNAL)

Subbu, On 6.10.2014 10:27, bala-subrahmanyam.bha...@telenor.com wrote: Could you please suggest one best open source java profiler for analysing and monitoring the tomcat server. I don't know which (open source) one is the best, but you may try your luck with: 1. MAT

Re: Tomcat 8.0.14 - doesn§t start from Netbeans 8.0.1 IDE

Mitko, On 3.10.2014 8:52, Mitev, Mitko wrote: Tomcat 8.0.12 :noJuliConfig set JAVA_OPTS=%JAVA_OPTS% %LOGGING_CONFIG% Tomcat 8.0.14 :noJuliConfig set JAVA_OPTS=”%JAVA_OPTS% %LOGGING_CONFIG%” Actually, the qotation marks in 8.0.14 are in different position: set JAVA_OPTS=%JAVA_OPTS%

Re: tomcat crash problem (OPEN)

Subbu, 3.10.2014 9:38, bala-subrahmanyam.bha...@telenor.com wrote: I upgraded tomcat from 5.0.28 to 6.0.36, after upgrade tomcat server is consuming lot of memory and once if memory reaches to 3GB then it is crashing (max memory I configured is 3GB). What kind of a crash is that? Does JVM

Re: tomcat crash problem (INTERNAL)

Subbu, On 3.10.2014 10:25, bala-subrahmanyam.bha...@telenor.com wrote: Hi Ognjen, Tomcat is crashing with the below error message. java.lang.OutOfMemoryError: GC overhead limit exceeded Please, reply below the quotes, it is standard on this list. Tomcat have small memory footprint, way

Re: question on certificate use - resending with attachment descriptions in case they get stripped out again. If this doesnt work I will resend the email when I get home

Ray, On 1.10.2014 21:05, ray.d...@usbank.com wrote: Loaded the website and let the error popup happen once, then I install the certificate it prompts about (to my truststore). If you mean that you imported CA-signed certificate to your Java keystore where your private key is already stored,

Re: question on certificate use - resending with attachment descriptions in case they get stripped out again. If this doesnt work I will resend the email when I get home

Ray, On 30.9.2014 20:54, ray.d...@usbank.com wrote: Connector port=443 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=C:\Bonaire\REVPORT\.keystore keystorePass=changeit keyAlias=tomcat2 proxyName=revport-it.us.bank-dns.com proxyPort=443 / And

Re: a problem: tomcat exits unexpectedly

Zhao, On 19.9.2014 3:42, bo zhao wrote: but I can't find any error message in the log? what causes the tomcat to pause and stop? One of the suspects for restarts and shutdown seems to be the class com.jd.clover.center.service.AbstractScheduleTaskProcess, as there is a log message regarding

Re: Deploy application as Root

Kiran, Question I have is that if I upload war file via manager app, where does it go ? It goes to appBase (e.g. direcotry webapps) as war file, and if neither unpackWARs at Host element nor unpackWAR of Context element is set to false, they are unpacked to the directory of the same name

Re: stress testing tomcat applications

Elias, On 11.9.2014 2:03, Elias Kopsiaftis wrote: My best guess is that tomcat doesnt like to accept requests coming for two different logins from the same IP and same program. Is that accurate? Is anything else that could be going wrong here? Tomcat should allow multiple sessions from same

Re: Deploy application as Root

Kiran, On 11.9.2014 5:52, Kiran Badi wrote: I am trying to deploy application as ROOT.war in tomcat 7.50 provided by hosting service provider, but for some reasons I get below message FAIL - War file ROOT.war cannot be uploaded if context is defined in server.xml I have below in server xml,

Re: Context parameter override?

Andre, On 10.9.2014 18:43, André Warnier wrote: Otherwise, my customer sysadmins would have to unpack the WAR, edit web.xml to insert their specific values, and re-pack the WAR. Which they do not like to do either. My customers also do not like a solution consisting in having these parameters

Re: JSSE or APR

John, On 20.8.2014 18:08, John McLean wrote: I used the following ubuntu guide to create my csr: https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html If you followed steps from that guide you now might have: 1. Private key in PEM format (e.g. server.key) 2. Certificate

Re: JSSE or APR

On 21.8.2014 10:24, Ognjen Blagojevic wrote: For JSSE connectors you may use one of two different file formats: PKCS#12 or JKS. That would be, keystore file formats. -Ognjen - To unsubscribe, e-mail: users-unsubscr

Re: New User Help

Colin, On 18.8.2014 4:42, Colin Kincaid Williams wrote: I have then deployed the application war file using the manager. The application is supposed to take json POST requests, related to a path on the host filesystem such as /opt/app/app_data/datafile . The POST requests work on the old

Re: access non-default webapp

Patcharee, On 11.8.2014 14:00, Patcharee Thongtra wrote: I have two applications running in Tomcat 6. I made the first app as a default web app by placing it as ROOT.war in webapps/. How can I access the second app? Whenever I browse http://localhost:8080/the_second_app/ Tomcat thinks I will

Re: JKS keystore password Encryption

Sanaullah, On 4.8.2014 17:26, Sanaullah wrote: I will also search the archive as well. You may find Wiki also useful: http://wiki.apache.org/tomcat/FAQ/Password -Ognjen - To unsubscribe, e-mail:

Re: Restricting SSL access within webapp

Chris, On 4.8.2014 22:47, Christopher Schultz wrote: Encryption is more expensive than /not/ encrypting, but it's much harder on the server (many connections) than it is on the client (single-digit). Since these days, everyone is disabling compression for SSL, the biggest problem for a dial-up

Re: TC7 and SSL Questions

John, On 24.7.2014 21:11, John Smith wrote: 1. Can I specify /admin/* as a security constraint url pattern so that only that directory runs under SSL? Yes, you can. 2. The NIO connector is accepted for JSSE, since I'm using it already, is there any point in not using it as my SSL

Re: How to monitor performance of tomcat

Randhir, On 21.5.2014 14:31, Randhir Singh wrote: I had changed catalina.sh in our development environment like a week back and want to implement it in the production environment but I got this doubt. I feel catalina.sh is invoked by startup.sh but am not sure. I have already taken downtime for

Re: catalina.out is 13G

On 22.4.2014 16:22, Filip Hanik wrote: http://www.tomcatexpert.com/knowledge-base/rotating-catalinaout-log-files Also, there is a related issue in Bugzilla, to make things easier to configure: https://issues.apache.org/bugzilla/show_bug.cgi?id=53930 -Ognjen

Re: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x

Andre, On 12.4.2014 0:51, André Warnier wrote: Ognjen Blagojevic wrote: On 11.4.2014 10:52, André Warnier wrote: 3) if he has recorded past encrypted traffic to/from your server, and saved this recording, then he can at any time go back and decrypt this past traffic, and pick up anything

Re: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x

On 11.4.2014 10:52, André Warnier wrote: 3) if he has recorded past encrypted traffic to/from your server, and saved this recording, then he can at any time go back and decrypt this past traffic, and pick up anything interesting from there, even without having the new keys. Such a recording

Re: Does the HeartBleed vulnerability affect Apache Tomcat servers using Tomcat Native?

Chris, On 9.4.2014 7:22, Christopher Schultz wrote: - -1 Switching to JSSE only stops the hemorrhaging. You should consider all your server keys compromised if OpenSSL 1.0.1 was used (prior to g patch level). If you switch to JSSE, your key may already have been compromised, so the switch does

Re: [OT] HeartBleed bug

André, On 9.4.2014 9:49, André Warnier wrote: I wonder if I may ask this list-OT question to the SSH experts on the list : I run some 25 webservers (Apache httpd-only, Tomcat-only, or Apache httpd + Tomcat). I do not use HTTPS on any of them. But I use SSH (OpenSSH) to connect to them over the

Re: [OT] HeartBleed bug

Chris, On 9.4.2014 14:53, Christopher Schultz wrote: My recommendation would be to treat everything OpenSSL touches as tainted and re-key anyway. [I will assume we are talking about OpenSSH implementation.] That dependins of the definition of what OpenSSL touches. OpenSSL consists of two

Re: Does the HeartBleed vulnerability affect Apache Tomcat servers using Tomcat Native?

On 8.4.2014 18:48, Arlo White wrote: Are Apache Tomcat servers using Tomcat Native APR vulnerable to the HeartBleed OpenSSL bug, or does this layer insulate them? http://heartbleed.com/ They are vulnerable. There is no layer to insulate. You may test with: http://filippo.io/Heartbleed/ I

Re: Windows tcnative openssl ciphers question

Jeffrey, EECDH/ECDHE is disabled in tcnative-1.dll. There is already a request to enable it. Take a look at: https://issues.apache.org/bugzilla/show_bug.cgi?id=55915 -Ognjen On 8.4.2014 0:07, Jeffrey Janner wrote: Ok, this is a question for the native libs builders (or whoever knows the

Re: Valid certificate chain failing with unable to find valid certification path to requested

On 4.4.2014 5:23, Toby Lazar wrote: I've run my client program with the -Djavax.net.debug=all option. First it listed out all of the trusted authorities. Mine is GoDaddy and this is the record: That one is not the issuer of your certificate. GoDaddy has many issuing certificates. The

Re: Tomcat 6 SSL CA Certificate does not work, but Self signed Certificate does

Mark, On 4.4.2014 23:00, Mark Murphy wrote: So let me try to understand what is going on here. I generate a keystore using keytool, that contains a key. At this point it is equal to a self signed certificate, and it works, but the browser complains that there is no CA. (Standard on this list

Re: Tomcat 6 SSL CA Certificate does not work, but Self signed Certificate does

Mark, On 4.4.2014 23:54, Mark Thomas wrote: The CA that signed your certificate might not be one of the root CAs trusted by the user agent. Most likely it is an intermediate CA. The root CA will have signed the intermediate CA's certificate and the intermediate CA will have signed your

Re: Valid certificate chain failing with unable to find valid certification path to requested

Chris, On 4.4.2014 16:27, Christopher Schultz wrote: So they don't have a big Daddy certificate that has signed all of their intermediate certificates? Boo. That would fix nearly everything. Actually, having different root certificates, one for SHA-1, and one for SHA-2 is recommended

Re: Valid certificate chain failing with unable to find valid certification path to requested

On 4.4.2014 0:27, Toby Lazar wrote: As others have noted here on other threads, you can use: http://portecle.sourceforge.net/ to see exactly which certificates your server is providing clients (Examine SSL/TLS connection). Viewing server certificates via browsers can be misleading since they

Re: Generate pkcs12 certificates from offical COMODO certs

Frank, On 15.2.2014 7:02, Frank BONNET wrote: seems to work without it ! I recommend that you always import intermediate certificates into the keystore. If you don't, some clients / web browsers will find a way to lookup for missing certificates, but others will fail. Therefore, it is

Re: Generate pkcs12 certificates from offical COMODO certs

Frank, On 14.2.2014 14:10, BONNET, Frank wrote: I have officials certificates for apache2 from COMODO that I would like to import into tomcat ( pkcs12 ) if someone has links / infos to do this task it would be a great help ( google doesn't help much ) You didn't mention if you have any

Re: Generate pkcs12 certificates from offical COMODO certs

Frank, On 14.2.2014 15:00, BONNET, Frank wrote: the intermediate cert in the one named chain right ? Yes, it is usually named that way. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional

[OT] Re: Tomcat JDBC Error

Leo, On 27.1.2014 18:17, Leo Medina wrote: Can you please elaborate more as to what you meant by: com.mysql.jdbc.Driver must be present in one of your webapps. I'd expect it to be in a JAR that has mysql in the name. If you don't need it remove it. I meant that we don't have a mysql db. in

Re: Weird certificate situation -- I don't even understand why it works at all!

James, On 21.1.2014 0:14, James H. H. Lampert wrote: It seems that one of our customers moved their server to a different physical box, over the weekend, and we're now seeing some definite weirdness: Their Tomcat now shows a certificate that expired this past September. But it gets weirder:

Re: Weird certificate situation -- I don't even understand why it works at all!

Mark, On 21.1.2014 9:55, Mark Thomas wrote: Why would this even work at all? Hard to say without seeing your server.xml. I could only guess: you misspelled keyAlias attribute name, so Tomcat just reads first key in the keystore. It would be worth checking if the keyAlias atribute had any

Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system

Jeffrey, On 19.1.2014 6:03, Christopher Schultz wrote: Connector address=10.4.1.20 port=443 maxHttpHeaderSize=8192 Could it be as simple as having set the address attribute? +1 BTW, setting attribute preverIPv4Stack=true on server side doesn't mean anything for the client. The client will

Re: SSL certificates

Miten, On 17.1.2014 14:33, Miten Mehta wrote: The catalina.out complaines with SSL handshake stating No Name matching mhoodws.ril.local found. For security reasons, CA shouldn't sign any certificate containing internal server name (either as CN, or subjectAltName): As of July 1, 2012, all

Re: SSL certificates

On 17.1.2014 19:14, James H. H. Lampert wrote: At this point, if you haven't already done so, I would strongly suggest getting your CA's tech support in on this. +1 Reserved IP addresses and internal server names are not unique on the Internet, so the certificates for them may be reused in

Re: Symantec SSL cert in tomcat 6

Gene, On 3.1.2014 14:55, Gene Matthews wrote: Thie symantec instructions say to ensure the alias for the ssl cert has an Entry Type of PrivateKeyEntry. Mine DOES NOT. Instructions say if it does not, to please import the certificate in the “Private Key” alias. With JKS keystore you must

Re: Symantec SSL cert in tomcat 6

Martin, On 4.1.2014 0:27, Martin Gainty wrote: With JKS keystore you must keep private key and certificates in the same keystore. MGSince A pfx that Verisign provides contains key and cert MGWindows servers use .pfx files to contain the public key files (your SSL Certificate files,

Re: JSVC error

Vicky, On 31.12.2013 11:16, vicky wrote: ./startdaemon.sh: line 13: 7429 Segmentation fault (core dumped) ./bin/jsvc -cp $CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/tomcat-juli.jar -outfile $CATALINA_BASE/logs/catalina.out -errfile $CATALINA_BASE/logs/catalina.err

Re: ssl_error_internal_error_alert in tomcat 7‏

Jaya, On 20.12.2013 16:52, jaya ravindran wrote: That means server can do TLSv1. Then why can't it connect with TLS protocol on browsers. You may want to add -Djavax.net.debug=all to CATALINA_OPTS to debug handshake on server side. Compare OpenSSL handshake to Firefox handshake. Also,

Re: enable SSL for Tomcat

Sivakumar, On 4.12.2013 12:11, sivakumar_balag...@contractor.amat.com wrote: I need to enable SSL for tomcat in a windows server 2008. I have generated a certificate using the csr generated by this command: certreq -new request.inf request.req (...) I have imported this certificate to

Re: enable SSL for Tomcat

Sivakumar, On 4.12.2013 14:27, sivakumar_balag...@contractor.amat.com wrote: This csr has the DN formatted like CN=server name, OU=OU Name, O=Organization Name, L=Location, ST=State, C=country which is based on the information we give while genarating the keystore. But the signing authority

Re: [OT] Symantic has a first tomcat worm ;-)

Mark, On 25.11.2013 11:08, Mark Thomas wrote: Unrelated to this issue, I have recently expanded the section of the docs that covers securing the default applications. The updates will be in the next release. Until then you can read it via the copy of the docs built by the CI system:

Re: [OT] Symantic has a first tomcat worm ;-)

Mikolaj, On 25.11.2013 12:46, Mikolaj Rydzewski wrote: On 25.11.2013 12:42, Ognjen Blagojevic wrote: I also think it would be very usefull if 401 error page for manager application does not example password s3cret, but randomly generated long password unique for every request. I guess

Re: [OT] Symantic has a first tomcat worm ;-)

Chris, On 25.11.2013 20:56, Christopher Schultz wrote: role rolename=manager-gui/ user username=tomcat password=s3cret roles=manager-gui/ What most users do is to copy the XML example, and paste it into tomcat-users.xml. If that were the case, I would have expected to see tomcat:s2cret

Re: PFX generation using keytool

Nestor, Chris, On 6.11.2013 22:50, Christopher Schultz wrote: java.security.KeyStoreException: TrustedCertEntry not supported. Entry for alias root not imported. Do you want to quit the import process? [no]: How can i solve this issue? What kind of stuff can be found in your .keystore

Re: Secure Tomcat With SSL

On 30.10.2013 18:41, Jeffrey Janner wrote: Not sure where to go from here! Can anyone help? I just want to do something basic and that issecure tomcat with a godaddy SSL cert. First, go back and re-read the last wonderful response you received from Ognjen. He is right on the money for how

Re: Secure Tomcat With SSL

Chris, Leo, On 28.10.2013 18:23, Leo Donahue - OETX wrote: I've been having some trouble lately converting keys and certs from OpenSSL format into Java's JKS format. I follow all of the magical incantations I can find online to convert key+cert into a Java keystore but I get no love. Is there

Re: Secure Tomcat With SSL

Chris, On 28.10.2013 21:45, Chris Arnold wrote: Let us first determine which connector do you have configured (BIO, NIO or APR), because HTTPS configuration depends on connector type. Could you send your server.xml with comments and sensitive information removed? ?xml version='1.0'

Re: Secure Tomcat With SSL

Chris, On 27.10.2013 2:47, Chris Arnold wrote: This is both possible, only if you plan to use either BIO or NIO HTTP connector. If you plan to use APR, connector configuration is completely different. Not sure what either of these are. I just need secure tomcat Let us first determine which

Re: Secure Tomcat With SSL

Chris, On 26.10.2013 23:39, Chris Arnold wrote: Tomcat 7.0.42 on SLES11. I am following http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration to secure tomcat. I have uncommented the SSL HTTP section. The configuration section of that doc, importing the certificate: i have a

Re: can't connect to manager application

Edoardo, On 19.10.2013 0:03, Edoardo Panfili wrote: 4- second modify to server.xml Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true becomes Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true deployXML=false It is great that you took effort to pin-point

Re: can't connect to manager application

Mark, On 19.10.2013 17:51, Mark Eggers wrote: On 10/19/2013 7:44 AM, Ognjen Blagojevic wrote: If you want to keep parameter deployXML set to false, I believe you need to copy webapps/manager/META-INF/context.xml to conf/Catalina/localhost/manager.xml. Yep, reproducible on Windows 7. Thanks

Re: can't connect to manager application

On 18.10.2013 7:34, Edoardo Panfili wrote: To rule out faulty upgrade, could you try to reproduce the problem on clean Tomcat 7.0.42 install? the problem was surely present with 7.0.39, the 7.0.42 is a fresh installation for me. Could you please clarify: does the problem exists on 7.0.42,

Re: can't connect to manager application

Edoardo, On 17.10.2013 18:45, Edoardo Panfili wrote: Some release ago (tomcat 7.0.x sorry, I can't be more precise) all was well also on production server. Maybe i did something wrong during an update. To rule out faulty upgrade, could you try to reproduce the problem on clean Tomcat 7.0.42

Re: Issue while using SSL with Embedded Tomcat 6.0.37

Chris, On 11.10.2013 18:02, Christopher Schultz wrote: Also, a bit of a brainstorming now: could this whole thing be IP protocol issue? I've seen similar behavior before, albeit not in context of SSL handshake: client tries to connect using IPv6 address, but firewall doesn't allow it, so client

Re: Issue while using SSL with Embedded Tomcat 6.0.37

Chirag, On 10.10.2013 6:19, Chirag Dewan wrote: A small update. The customers client is C++ client,which uses OpenSSL. And I found that client hello message is SSLv2 protocol. And the server response(server hello) is a TLSv1 protocol. Is there something I am missing? There is a difference

Re: Issue while using SSL with Embedded Tomcat 6.0.37

Chris, On 10.10.2013 19:11, Christopher Schultz wrote: Also, Chirag has the connector supporting only TLS, so SSLv2 HELLO should indeally fail entirely. Setting attribute sslProtocol=TLS may actually enable all protocols from SSLv3 to TLSv1.2, plus SSLv2Hello. Even setting something like

Re: Issue while using SSL with Embedded Tomcat 6.0.37

Chris, On 8.10.2013 17:40, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Can anyone assist me in understanding why it is failing for the first time? And is there any way I can force the Tomcat not to select this cipher suite? Or any other way that I can resolve this issue.

Re: setenv.sh issue

Vicky, On 20.9.2013 11:32, vicky wrote: Hi All, When i am declaring variables in my $CATALINA_BASE/bin/setenv.sh file , they are not getting exported :- eg:- export NAME=e1 export ID=22 But when i am declaring the same variables in $CATALINA_BASE/bin/startup.sh in following manner

Re: setenv.sh issue

Vicky, On 9/20/2013 4:14 AM, vicky wrote: I need to set certain application specific enviornment variables ,pls suggest what is the best way of doing that. eg:- configuring enviornment variable for LOG4j file path 1. Please, don't top post. 2. I doubt log4j will read any environment

Re: Tomcat 7 SSL Setup: ERR_CONNECTION_REFUSED

Mavenpol, On 16.9.2013 22:47, Mavenpol Saulon wrote: This server where I imported the certificates and has been encountering errors is just one of the servers that are configured to run SSL. All of the other servers have the same setup except for the keytool -delete.. that I used in this

Re: Tomcat 7.0.42 Won't Start

Ragini, On 14.8.2013 22:53, Singh, Ragini wrote: Now when I place my application in the webapps folder and add the following to server.xml, my Tomcat doesn’t start. Adding context configuration into server.xml is discouraged. For alternative ways to configure context, please read:

Re: FW: configuring realm UserDatabase do not works

Francesco, On 13.8.2013 1:01, Francesco Viscomi wrote: When I try to access the protect resource I get: (...) HTTP Status 403 - Access to the requested resource has been denied Error 403 means that user is authenticatied but not authorized (e.g. username and password are correct, but

Re: Upgrade to Tomcat 7 Issues

Seema, On 12.8.2013 13:09, Seema Patel wrote: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.mysql.jdbc.Driver' ... Caused by: java.lang.ClassNotFoundException: com.mysql.jdbc.Driver You are doing fine. You correctly removed all the jar files as Chuck

Re: Downgrade Tomcat7 to Tomcat6

Sumilang, On 8.8.2013 3:53, Sumilang Plucena wrote: I have a development server Ubuntu12.10 and Tomcat-7.0.30. But prior to upgrading Tomcat7 from Tomcat-6.0.29 we never had problem with our website. I would like to know how I can go about downgrading Tomcat7 without affecting applications

Re: Remote deployments in Tomcat

Thulasiram, On 6.8.2013 12:46, Thulasiram Gopalakrishna wrote: If for some reason, the Manager application is / can not be deployed, is there still a way to achieve remote deployment on to Tomcat? Or is it a must, that we must be having Manager application deployed to deploy applications

Re: LDAP/Realm with TLS in Tomcat 6/7?

Jens, On 6.8.2013 12:44, Jens Neu wrote: is there a lib/method/whatever to achieve Realm Auth in Tomcat 5.x where username/password are protected by TLS? I never tried it myself, but you might find these links useful: https://wiki.apache.org/tomcat/JNDI_startTLs_HowTo

Problem with getRealPath() on Tomcat 8

Hi, I am just testing Tomcat 8.0.0-RC1 that is proposed for (Alpha) release. I noticed that (unlike Tomcat 7.0.42) this version throws IllegalArgumentException upon calling ServletContext.getRealPath(). It seems that TC8 expects that argument provided to getRealPath is non-empty string.

  1   2   3   >