Re: Context Name replacement variable for conf/context.xml

2022-10-02 Thread Christopher Schultz
Kok Hoor, On 10/1/22 10:20, Chew Kok Hoor wrote: I would like to configure $CATALINA_BASE/conf/context.xml to set up a Manager Don't do this. but would like to add the context name as one of the parameters to the manager (keyPrefix). It's much easier to copy

Re: Install CA signed certificate on Tomcat 9

2022-09-29 Thread Christopher Schultz
Veni, On 9/29/22 13:21, Janardhanan, Veni wrote: Hi, My Tomcat version is 9. I am trying to install a CA signed certificate on Tomcat, tomcat error log says Invalid Keystore format. Followed instructions given in

Re: MaxRequestWorkers error

2022-09-27 Thread Christopher Schultz
Koustav, On 9/27/22 11:09, Naha, Koustav wrote: We have Tomcat and Apache installed in our production environment since 5/6 years. Everything was going fine until we started getting application not responding status from users, upon checking we found out that there was a MaxRequest error as

Re: certificate re-loading for apache tomcat without the apache restart

2022-09-26 Thread Christopher Schultz
Raghavendran, On 9/26/22 7:43 AM, Ragavendhiran Bhiman (rabhiman) wrote: Is there any way to reload new certificates as well with restarting the tomcat services? Yes, but you will have to use JMX to essentially re-configure the connector, and then reload/restart it. The mail below

Re: Tomcat 8.5.8x patch upgrade failing

2022-09-26 Thread Christopher Schultz
Doug, On 9/23/22 11:20 AM, Cannatella, Douglas wrote: We are currently using Tomcat 8.5.53 and tried to upgrade patch 8.5.81 & 8.5.82 using Ivanti Patch tool. Did it work? Our project is using OpenJDK version: 1.8.0_242, Microsoft Framework 4.0.0 running TR/ OneSource Indirect Tax

Re: [OT] which missing file prevents tomcat 10 from starting as windows service ?

2022-09-21 Thread Christopher Schultz
Chuck lives! On 9/21/22 08:58, Chuck Caldarale wrote: [2022-09-19 13:09:07] [debug] ( javajni.c:817 ) [ 7652] JVM Option[12] -Djava.class.path=c:\Dematic\apache-tomcat-10.0.23\bin\bootstrap.jar;c:\Dematic\apache-tomcat-10.0.23\bin\tomcat-juli.jar [2022-09-19 13:09:07] [debug] ( javajni.c:817 )

Re: HOW TO ENABLE LDAPS ON TOMCAT 8.5

2022-09-21 Thread Christopher Schultz
Rakesh, On 9/20/22 17:56, rakesh meka wrote: I will just ask the my AD team to provide the CA certificate which is already installed on the AD domain controller and then place it in client (tomcat web server) trust store if it is not official. If you post your configuration, we may be able

Re: tomcats starting with 200 threads

2022-09-21 Thread Christopher Schultz
: On Mon, Sep 19, 2022 at 7:45 PM Christopher Schultz < ch...@christopherschultz.net> wrote: Jon, On 9/19/22 10:46, Jonathan Yom-Tov wrote: Sometimes one of our production Tomcats will start with the maximum (200) number of t

Re: tomcats starting with 200 threads

2022-09-19 Thread Christopher Schultz
Jon, On 9/19/22 10:46, Jonathan Yom-Tov wrote: Sometimes one of our production Tomcats will start with the maximum (200) number of threads in the https pool. That is, it doesn't start with some minimum and works its way up to the maximum, it immediately starts with the maximum. There's no

Re: HOW TO ENABLE LDAPS ON TOMCAT 8.5

2022-09-19 Thread Christopher Schultz
Rakesh, On 9/17/22 23:02, rakesh meka wrote: Currently of the application is deplye Don the tomcat 8.5 uses LDAP protocol for AD authentication of sap users. I need to change the LDAP to LDAPS. So I installed domain certificate using keytool. But when i change the port number to 636 I see an

Re: Unexpected double-slash in javax.servlet.forward.request_uri

2022-09-19 Thread Christopher Schultz
All, On 8/24/22 14:15, Christopher Schultz wrote: I haven't tried narrowing this down very much yet, but I have a situation where I'm using javax.servlet.forward.request_uri to build a URI and the string I'm pulling from there starts with TWO / characters instead of one. This ends up

Re: How to check no of user request coming in tomcat application in a minute

2022-09-08 Thread Christopher Schultz
cessing tools to collate the information. -chris -Original Message- From: Christopher Schultz Sent: 08 September 2022 20:04 To: users@tomcat.apache.org Subject: Re: How to check no of user request coming in tomcat application in a minute Koustav, On 9/8/22 10:06, Naha, Koustav wrote:

Re: Get more debug information?

2022-09-08 Thread Christopher Schultz
Hua, On 9/8/22 10:30, Hua Zhang wrote: Hi Tomcat, I have a question about how to get more debug information in a tomcat log file. Sometimes my websites, which run on tomcat 9.0.43, suddenly all went down without a good reason. You might want to consider an upgrade. That version of Tomcat is

Re: How to check no of user request coming in tomcat application in a minute

2022-09-08 Thread Christopher Schultz
Koustav, On 9/8/22 10:06, Naha, Koustav wrote: Just want to know how can we calculate the number of user request processed by tomcat in a particular minute. Do you want to be able to pick an arbitrary minute, or are you more interested in e.g. "the most recent minute or activity"? Can we

Re: PGP key missing for 9.0.65

2022-08-29 Thread Christopher Schultz
Arno, On 8/28/22 22:38, Arno Hautala wrote: You aren't using the KEYS file in the above command. gpg works with keyrings, and you have to import then use it: # Import $ gpg --import --no-default-keyring --primary-keyring apache-9.0-keys < KEYS # Verify against the custom key ring $ gpg

Re: PGP key missing for 9.0.65

2022-08-26 Thread Christopher Schultz
Arno, On 8/26/22 08:50, Arno Hautala wrote: I’m trying to verify the PGP signatures for the 9.0.65 release, but the public key is missing from the KEYS.txt file and it isn’t available on any keyservers that I’ve checked. Can someone point me in the right direction or update the KEYS.txt?

Re: AW: Unexpected double-slash in javax.servlet.forward.request_uri

2022-08-25 Thread Christopher Schultz
__ Von: Christopher Schultz Gesendet: Mittwoch, 24. August 2022 20:15:25 An: Tomcat Users List Betreff: Unexpected double-slash in javax.servlet.forward.request_uri All, I haven't tried narrowing this down very much yet, but I have a situation where I'm using javax.servlet.forward.request_uri to b

Unexpected double-slash in javax.servlet.forward.request_uri

2022-08-24 Thread Christopher Schultz
All, I haven't tried narrowing this down very much yet, but I have a situation where I'm using javax.servlet.forward.request_uri to build a URI and the string I'm pulling from there starts with TWO / characters instead of one. This ends up breaking navigation because the browser interprets

Re: Tomcat Native and macOS 10.15.7

2022-08-24 Thread Christopher Schultz
Thad, On 8/23/22 10:49, Thad Humphries wrote: On Tue, Aug 23, 2022 at 10:18 AM Mark Thomas wrote: On 23/08/2022 14:12, Thad Humphries wrote: I'm trying to understand a problem I'm having with Tomcat Native since moving from 1.2.x to 2.0. For several years I have been running Tomcat 9.0.12

Re: Tomcat 9.0.65 Clustering in Azure Kubernetes Service (AKS)

2022-08-17 Thread Christopher Schultz
All, If you are havig issues with the CloudMembershipService, I would highly recommend that you continue to have this discussion. The original author (remm) was mostly targeting OpenShift (he works for RedHat, so it's not a surprise) but it doesn't mean that its support cannot expand to

[ANN] Apache Tomcat 8.5.82 available

2022-08-13 Thread Christopher Schultz
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.82. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.82 is a bugfix and

Re: Simple SSL question

2022-08-12 Thread Christopher Schultz
Peter, On 8/11/22 17:00, Peter Kreuser wrote: I have tried all the fancy new cert options and they are cool. And I do agree that it's more readable. What would be useful would be one sample how to transfer a simple "old" config to SSLHostConfig. Let's see if a PNG attachment makes it to

Re: Issue with catalina.out not being generated (RHEL 7.9, tomcat 9.0.63)

2022-08-11 Thread Christopher Schultz
Paul, On 8/11/22 13:03, Paul Chauvet wrote: Hi Noelette, Thanks for the reponse! It logs to catalina--MM-DD.log, localhost.YY-MM-DD.log, localhost_access_log.-MM-DD.txt - but it doesn't use catalina.out. When I temporarily started Tomcat via startup.sh it did create catalina.out

Re: Simple SSL question

2022-08-11 Thread Christopher Schultz
t;the way you do it". So the "new" way is The Way and the old way is ... the Old Way. Use SSLHostConfig. I'm sure you'll sleep better at night after you've switched. -chris -Original Message- From: Christopher Schultz Sent: Thursday, August 11, 2022 11:29 AM To: users@t

Re: Tomcat 8 releases - where to get correct key

2022-08-11 Thread Christopher Schultz
Petr, Please don't email committers directly. I'm replying to the Tomcat users' mailing list with my response, as it's useful information for everyone. On 8/11/22 09:23, Petr Sumbera wrote: I have a problem where to get correct key for previous version. Can you please advice where to get

Re: Issue with catalina.out not being generated (RHEL 7.9, tomcat 9.0.63)

2022-08-11 Thread Christopher Schultz
Paul, On 8/11/22 12:09, Paul Chauvet wrote: Hello all, I haven't been able to figure this out - but a catalina.out file is not being generated for me. Sadly - I'm trying to troubleshoot an issue (with a vendor's saml implementation) which wants to write to that file (and doesn't seem to be

Re: .deb file to Tomcat 9.0.33

2022-08-11 Thread Christopher Schultz
Rhea, On 8/11/22 11:47, Rhea Moubarak wrote: Where can i find the .deb file to tomcat 9.0.33? Probably in a Debian repository? Or Ubuntu? The Apache Tomcat project doesn't formally deal with package-manager-specific artifacts such as .deb files, though there are members of this community

Re: Simple SSL question

2022-08-11 Thread Christopher Schultz
Jon, On 8/11/22 11:22, jonmcalexan...@wellsfargo.com.INVALID wrote: Is there a "name" for the new connector style? The old is known as the Coyote Connector. Coyote is just the name of the connector itself, for whatever reason. Both the new and old-style configuration is using the same

Re: SSLLabs scan shows TLSv1.0 and TLSv1.1 even though I have sslProtocol="TLSv1.2"

2022-08-10 Thread Christopher Schultz
James, On 8/10/22 11:57, James H. H. Lampert wrote: Interesting. The new "protocols" parameter. Does this work with the traditional syntax? Can "protocols" and "sslProtocol" coexist in the same Connector? It's pretty important here to specify your Tomcat version number(s). I see you have

Re: End user files uploaded to sftp getting stored in tomcat root directory

2022-08-09 Thread Christopher Schultz
4. Maybe you don't even need to store the file locally. Does your sftp client library allow you to stream files directly to the remote server? It would be better to never write the file bytes onto the Tomcat server in the first place. Hope that helps, -chris On Tue, Aug 9, 2022 at 4:18 PM C

Re: End user files uploaded to sftp getting stored in tomcat root directory

2022-08-09 Thread Christopher Schultz
Farash, On 8/9/22 04:55, Farash Ahamad wrote: Just to add, the file is getting uploaded to SFTP server, but there is an exact copy in tomcat server as well. Can you give more details? Is a human user pushing via sftp to your Tomcat server? Or is your Tomcat-deployed application pushing via

Re: Error during startup

2022-08-09 Thread Christopher Schultz
Joey, On 8/8/22 09:21, Joey Cochran wrote: Make sure /bin/tomcat-juli.jar is set to 755 (chmod 755 tomcat-juli.jar) Nonsense. This would never cause a permissions problem as described by the OP. Also: 7 = owner read+write+execute 5 = group read+execute 5 = other read+execute NOBODY needs

Re: Error during startup

2022-08-09 Thread Christopher Schultz
Han, On 8/4/22 00:49, Han Li wrote: Hi Mohan, You can open CATALINA_BASE/conf/catalina.policy file, add following statement within “grant” section: permission java.lang.RuntimePermission "getenv.*"; While this will likely fix the "problem", it may not be the best solution. The OP is

Re: Tomcat is Automatically Getting Stopped Frequently

2022-08-03 Thread Christopher Schultz
Prasenjit, On 8/3/22 11:43, Prasenjit Dey wrote: Can you please tell us which OS logs in Ubuntu I need to check. I am new to this. Please help! Look at CATALINA_BASE/logs/catalina.out and /var/log/messages. You may have to check other /var/log/* files, as each Linux distro tends to put

Re: Tomcat is Automatically Getting Stopped Frequently

2022-08-03 Thread Christopher Schultz
Prasenjit, On 8/3/22 03:19, Prasenjit Dey wrote: Tomcat Version: 8.5.81.0 Operating System: Ubuntu 20.04 LTS RAM: 8gb Java Version: 1.8.0_312 Architecture: 64Bit Hi, I am facing a problem regarding our application hosted in Tomcat. Our infrastructure is on Azure Cloud. We have hosted our

Re: Apache Tomcat 8.5.82 Release Date

2022-08-02 Thread Christopher Schultz
To whom it may concern, On 8/2/22 01:28, Wai Siang, Chu wrote: Dear Apache Tomcat Team, Based on the previous email reply, may we have an update regarding the estimated release date for the *Apache Tomcat 8.5.82* ? I can accept payments via Venmo if you want to accelerate the release-date

Re: Apache Tomcat 8.5.82 Release Date

2022-07-26 Thread Christopher Schultz
Wai Siang, On 7/26/22 00:13, Wai Siang, Chu wrote: Based on the previous email reply, may we have an update regarding the estimated release date for the *Apache Tomcat 8.5.82* ? I expect to begin the release process around 1 August (6 days from today). Please note that upgrading to Tomcat

Re: AW: Publishing Tomcat webapp

2022-07-25 Thread Christopher Schultz
want to do the encryption and be able to have https access to my Tomcat. What should I do next? Tell us what you did with the files you have above. -chris čet, 21. srp 2022. u 14:25 Thomas Hoffmann (Speed4Trade GmbH) napisao je: -Ursprüngliche Nachricht- Von: Christopher Schultz

Re: *** Payara, GlassFish or Tomcat ***

2022-07-21 Thread Christopher Schultz
Zdenek, On 7/21/22 04:39, Zdeněk Henek wrote: Amn, Our application is tested with Weblogic and Tomcat. I was asked to port our application to any free application server or web container. I picked Tomcat 5.5, now we are on Tomcat 9. I have to say maintaining our app and its installer for

Re: Publishing Tomcat webapp

2022-07-21 Thread Christopher Schultz
Aryeh, On 7/18/22 09:08, Aryeh Friedman wrote: Here are the steps to installing a SSL cert (it varies slightly based on who your certificate authority [CA] is): Generate a CSR Stop. The OP already has a key, cert, and chain. None of this is necessary. [..] with keytool (it must be key tool

Re: AW: Publishing Tomcat webapp

2022-07-21 Thread Christopher Schultz
Thomas, On 7/17/22 03:07, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello, -Ursprüngliche Nachricht- Von: Aryeh Friedman Gesendet: Sonntag, 17. Juli 2022 08:43 An: Tomcat Users List Betreff: Re: Publishing Tomcat webapp On Sun, Jul 17, 2022 at 2:39 AM Aryeh Friedman wrote: Once

Re: Need remedy for the Vulnabilities

2022-07-21 Thread Christopher Schultz
Koustav, On 7/19/22 05:49, Naha, Koustav wrote: We have the below vulnerability in recent scan, mentioned below. Environment details: Apache - 2.4.25 version Tomcat - 8.5.5 version Can anyone take a look at the CVEs associated with the scan findings and see if there are workarounds,

Re: QID 38863 - Cryptographically Weak Key Exchange Size

2022-07-21 Thread Christopher Schultz
Saicharan, On 7/18/22 10:45, saicharan.bu...@wellsfargo.com.INVALID wrote: Hi All, A new vulnerability has surfaced regarding TLS and Key Exchange agreement (more specifically the key size.) "The SSL/TLS server supports key exchanges that are cryptographically weaker than recommended. Key

Re: SSL configuration for Tomcat 9

2022-07-21 Thread Christopher Schultz
Vince, On 7/15/22 19:56, Vince Stewart wrote: My system uses embedded Tomcat to connect to a HttpServlet instance. I have just uprgraded from Tomcat 8.0.2 to 9.0.64 I am implementing SSL for the first time. I created a keystore with no alias. Keytool gave it the alias "mykey". (2nd entry

Re: *** Payara, GlassFish or Tomcat ***

2022-07-20 Thread Christopher Schultz
Amn, On 7/12/22 17:59, Amn wrote: Nu-B here. Reading about Payara, GlassFish and Tomcat, I feel confused as to which would be the best server to learn about when learning Jakarta EE. I would use whichever you can download, install, and launch with the least hassle. For Tomcat, that's just:

Re: [OT] issues with Tomcat to Siteminder communication post mod-proxy setup

2022-07-20 Thread Christopher Schultz
u must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Christopher S

Re: Secondary Authentication method for application

2022-07-20 Thread Christopher Schultz
Tim, On 7/12/22 10:09, Tim K wrote: Hello, I currently have a custom realm in Tomcat 9 that uses form authentication (j_username/j_password POST to j_security_check). I'm looking to create a secondary way to establish an authenticated session. I want to allow trusted sources to be able to

Re: Package TOMCAT 9.0.54 for Ubuntu 20.04

2022-07-12 Thread Christopher Schultz
WAS fixed). This was not flagged as a security bug. You originally asked about security bugs, but this one is not listed as a security fix. So it's unlikely to have been back-ported to the Ubuntu repository. -chris -Original Message----- From: Christopher Schultz Sent: Friday, July 8, 2022 8:57 PM

Re: [OT] issues with Tomcat to Siteminder communication post mod-proxy setup

2022-07-12 Thread Christopher Schultz
Jon, On 7/8/22 16:48, jonmcalexan...@wellsfargo.com.INVALID wrote: Chris, Moving this discussion to here. Yes, it appears that I broke something when setting up the Tomcat Connector for the mod-proxy that is now affecting, somehow, the SSL communication with the Site Minder services. Here is

Re: Package TOMCAT 9.0.54 for Ubuntu 20.04

2022-07-08 Thread Christopher Schultz
Rhea, On 7/8/22 05:53, Rhea Moubarak wrote: I asked Ubuntu-devel-discus if it's possible to integrate TOMCAT 9.0.54 in the official repositories of Ubuntu 20.04 as it helps fixing major security issues on TOMCAT installations.

Re: AW: SSL handshake failure logs required for auditing purpose

2022-07-08 Thread Christopher Schultz
: Christopher Schultz Date: Friday, 8 July 2022 at 12:05 AM To: users@tomcat.apache.org Subject: Re: AW: SSL handshake failure logs required for auditing purpose Thomas, On 7/7/22 13:36, Thomas Hoffmann (Speed4Trade GmbH) wrote: -Ursprüngliche Nachricht- Von: Thomas Hoffmann (Speed4Trade GmbH

Re: AW: SSL handshake failure logs required for auditing purpose

2022-07-07 Thread Christopher Schultz
Thomas, On 7/7/22 13:36, Thomas Hoffmann (Speed4Trade GmbH) wrote: -Ursprüngliche Nachricht- Von: Thomas Hoffmann (Speed4Trade GmbH) Gesendet: Donnerstag, 7. Juli 2022 19:23 An: Tomcat Users List Betreff: AW: SSL handshake failure logs required for auditing purpose Hello Raghav,

Re: Tomcat in distroless image

2022-07-06 Thread Christopher Schultz
Stefan, On 7/6/22 18:50, Stefan Mayr wrote: Am 05.07.2022 um 23:36 schrieb Pawel Veselov: Christopher, Stephan, On Tue, Jul 5, 2022 at 11:18 PM Christopher Schultz wrote: Stefan, On 7/2/22 09:45, Stefan Mayr wrote: Hi, Am 01.07.2022 um 17:10 schrieb Christopher Schultz: Thomas, On 6

Re: JS fiddle for generating TLS keys and certs

2022-07-06 Thread Christopher Schultz
All, If anyone was interested, I have an update: https://jsfiddle.net/ny1egwaz/3/ -chris On 6/28/22 12:43, Christopher Schultz wrote: All, I recently built this into an application at $work and I figured I would give it away for anyone who might get some use out of it. https

Re: Tomcat freezes with axios

2022-07-06 Thread Christopher Schultz
nyway I also limited the number of parallel connections on javascript side (axios). This is always an excellent idea. There is no reason for a single client to be making huge numbers of queries to your database simultaneously. -chris Le 2022-06-30 à 18:42, Christopher Schultz a écrit : All, On

Re: Tomcat in distroless image

2022-07-05 Thread Christopher Schultz
Stefan, On 7/2/22 09:45, Stefan Mayr wrote: Hi, Am 01.07.2022 um 17:10 schrieb Christopher Schultz: Thomas, On 6/30/22 13:52, Thomas Meyer wrote: Sadly currently Tomcat startup relies on shell script to bootstrap JVM process. In the light of distroless images (e.g. https

Re: Tomcat in distroless image

2022-07-01 Thread Christopher Schultz
Thomas, On 6/30/22 13:52, Thomas Meyer wrote: Sadly currently Tomcat startup relies on shell script to bootstrap JVM process. In the light of distroless images (e.g. https://blog.chainguard.dev/introducing-apko-bringing-distroless-nirvana-to-alpine-linux/) What are you thoughts on packaging

Food for thought: /dev/random vs /dev/urandom

2022-07-01 Thread Christopher Schultz
All, This war has been raging on for years. I for one consider myself "practical" when it comes to security. I think this write-up makes some good arguments, even if the top section is a little difficult to parse (it's sometimes tough to differentiate the author's words from that of the

Re: Tomcat freezes with axios

2022-06-30 Thread Christopher Schultz
All, On 6/30/22 02:34, Mark Thomas wrote: Hi, We need more information to help you. Tomcat version? Tomcat connector configuration (from server.xml)? httpd version? httpd MPM and configuration? mod_proxy configuration? Was the httpd restart graceful or not? Wild guess: missing finally

Re: State of the Cat 2022

2022-06-30 Thread Christopher Schultz
Rémy, all, On 6/28/22 09:58, Rémy Maucherat wrote: On Tue, Jun 28, 2022 at 3:38 PM Christopher Schultz wrote: Rémy, On 6/28/22 05:33, Rémy Maucherat wrote: On Mon, Jun 27, 2022 at 11:37 PM Christopher Schultz wrote: Cathy, On 6/27/22 15:01, Cathy Spears wrote: Wondering

Re: JS fiddle for generating TLS keys and certs

2022-06-29 Thread Christopher Schultz
allow you to create an RSA key with less than 3072 bits, or an EC key with less than 128 bits. It encourages you to use 4096 / 256 (but should include 384, honestly) because those are fairly forward-looking big-strengths. -chris [1] https://keystore-explorer.org/ -Original Message----- From: C

JS fiddle for generating TLS keys and certs

2022-06-28 Thread Christopher Schultz
All, I recently built this into an application at $work and I figured I would give it away for anyone who might get some use out of it. https://jsfiddle.net/ny1egwaz/ It doesn't actually generate a key + cert – nor should you ever trust another site to generate your keys for you!. Instead,

Re: Error While importing certificate into keystore

2022-06-28 Thread Christopher Schultz
Mohan, On 6/28/22 09:54, Mohan T wrote: I am trying top import the certificate into keystore and encountered the below error. Would appreciate if you could throw some light on this $ keytool -importkeystore -srckeystore /home/ilas/Downloads/okta.cert -srcstoretype pkcs12 -destkeystore

Re: State of the Cat 2022

2022-06-28 Thread Christopher Schultz
Rémy, On 6/28/22 05:33, Rémy Maucherat wrote: On Mon, Jun 27, 2022 at 11:37 PM Christopher Schultz wrote: Cathy, On 6/27/22 15:01, Cathy Spears wrote: Wondering if there will be a State of the cat 2022. Rémy is scheduled to give a talked called "[Tomcat:] New and Upcoming" at

Re: Question ad 2021 presentation videos

2022-06-28 Thread Christopher Schultz
Rony, On 6/28/22 05:44, Rony G. Flatscher (Apache) wrote: Is there a link for the 2021 Tomcat presentation videos, if any? Oh, I'm sorry. I was working on getting those onto the Presentations page and I got distracted and didn't finish. I'll try to get back to that, today. -chris

Re: State of the Cat 2022

2022-06-27 Thread Christopher Schultz
Cathy, On 6/27/22 15:01, Cathy Spears wrote: Wondering if there will be a State of the cat 2022. Rémy is scheduled to give a talked called "[Tomcat:] New and Upcoming" at ApacheCon North America in October. I would imagine it would be very similar to State of the Cat though perhaps without

Re: Root Module Deployment Error

2022-06-27 Thread Christopher Schultz
Seretseab, On 6/27/22 09:01, Kenaw, Seretseab wrote: We just upgraded from Tomcat 9.0.12 to 9.0.62, and after the upgrade the new Tomcat version is throwing an error while deploying the ROOT module. All the ROOT module has is a redirection to a specific page when the user tries to access the

Re: Help Needed

2022-06-27 Thread Christopher Schultz
Mohan, On 6/27/22 02:17, Mohan T wrote: Dear All, We have deployed a application in tomcat 8.5 and while accessing http://sebswarcnv08.ramco:8081/samldemo-0.0.1-SNAPSHOT/hello Error retrieving metadata from https://dev-67198606.okta.com/app/exk5htsyx3S4UcaHA5d7/sso/saml/metadata

Re: AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-15 Thread Christopher Schultz
Thomas, On 6/15/22 03:08, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello, -Ursprüngliche Nachricht- Von: Pavan Kumar Tiruvaipati Gesendet: Mittwoch, 15. Juni 2022 08:59 An: Christopher Schultz Cc: Tomcat Users List Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0 Hi

Re: AW: Filehandle left open when using sendfile

2022-06-15 Thread Christopher Schultz
Thomas, On 6/15/22 02:26, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello Christopher, -Ursprüngliche Nachricht- Von: Christopher Schultz Gesendet: Dienstag, 14. Juni 2022 20:26 An: users@tomcat.apache.org Betreff: Re: Filehandle left open when using sendfile Thomas, On 6/14/22 13

Re: cert/key config woes

2022-06-15 Thread Christopher Schultz
Rob, On 6/14/22 15:38, Rob Sargent wrote: On 6/14/22 13:06, Christopher Schultz wrote: Thanks so much for your perseverance. No problem. Anything to avoid doing $work. On 6/14/22 14:43, Rob Sargent wrote: Let's get one thing working at a time. I reviewed this thread, and I honestly can't

Re: cert/key config woes

2022-06-14 Thread Christopher Schultz
Rob, On 6/14/22 14:43, Rob Sargent wrote: I have my environment working again but not with supplying both keystore and truststore to both the server and the client.  Clearly scrogged somewhere Let's get one thing working at a time. I reviewed this thread, and I honestly can't figure out

Re: Filehandle left open when using sendfile

2022-06-14 Thread Christopher Schultz
Thomas, On 6/14/22 13:52, Thomas Hoffmann (Speed4Trade GmbH) wrote: Hello, we are using Tomcat 10.0.16 under windows. For sending files to the browser, we are using sendfile by setting the attribute "org.apache.tomcat.sendfile.filename". Streaming an image to the browser works well in this

Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-14 Thread Christopher Schultz
you be more specific? Does the Tomcat server start? Are there any errors or warnings in the logs? -chris On Tue, Jun 14, 2022 at 7:30 PM Christopher Schultz mailto:ch...@christopherschultz.net>> wrote: Pavan, On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote: > We ha

Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-14 Thread Christopher Schultz
Pavan, On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote: We have replaced JDK 1.8 with JRE 1.8.0_333. SSL configuration was working fine with Tomcat 6.0.45 before replacing JDK with JRE. Now it's not working. In server.xml, SSL Protocol is set to "TLS". Does Tomcat 6.0.45 support SSL with

Re: New Install - Manager/html issue

2022-06-13 Thread Christopher Schultz
Bruce, On 6/13/22 11:29, brucetobyga...@me.com.INVALID wrote: Tomcat is installed in opt/tomcat and the webapps directory contains docs examples host-manager manager ROOT I think that's CATALINA_HOME not CATALINA_BASE. IIRC, Ubuntu installs Tomcat into /opt/tomcat but has separate

[ANN] Apache Tomcat 8.5.81 available

2022-06-12 Thread Christopher Schultz
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.81. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.81 is a bugfix and

Re: LDAPS Configuration with Tomcat

2022-06-07 Thread Christopher Schultz
Rakesh, On 6/6/22 09:54, rakesh meka wrote: Currently we are using an internal application which is deployed on windows server. And we use http which means we didn't configure SSL or TLS setup with application. The current application is using LDAP for user authentication which checks with

Re: Question regarding Tomcat and Apache HTTPD Mod-proxy over SSL [EXTERNAL]

2022-06-02 Thread Christopher Schultz
On 6/2/22 14:38, Beard, Shawn wrote: > I've never done this. But I think it would go something like this: > To make tomcat take advantages of Client Authentication, require three > certificates. i.e A Server Certificate for Tomcat, Client Certificate > for the browser/Apache and Certificate of

Re: Question regarding Tomcat and Apache HTTPD Mod-proxy over SSL

2022-06-02 Thread Christopher Schultz
Jon, On 6/2/22 14:20, jonmcalexan...@wellsfargo.com.INVALID wrote: I'm trying to figure out if there is a way to use certificates between Tomcat and Apache for mutual authentication of the mod-proxy connection to Tomcat. This would be similar as to how you can setup the WebSphere plugin to

Re: cert/key config woes

2022-06-02 Thread Christopher Schultz
Rob, On 6/2/22 14:19, Rob Sargent wrote:    Caused by: java.lang.IllegalArgumentException: Alias name [sgsAgent]    does not identify a key entry         at > [...] but I believe the alias is in place, both places    ## check, different files    [ec2-user@ip-10-0-2-118 certs]ls

Re: cert/key config woes

2022-06-02 Thread Christopher Schultz
Rob, On 6/2/22 13:43, Rob Sargent wrote: I had this overall configuration working until I 'terminated' the AWS server instance and am trying to rebuild. Could a lack of network connectivity between client and server present this same symptom? Hmm. Your SAN looks okay to me. Are you 100%

Re: cert/key config woes

2022-06-02 Thread Christopher Schultz
Rob, On 6/2/22 01:13, Rob Sargent wrote: This part always confuses me I supply the trust and key store files on the command line and I see the SAN for the tomcat server IP (in ObjectId #3). I try to connect to tomcat by host-IP and port.  Here's the text of the keystore sent in.   

Re: FIPS Mode is not getting enabled in Tomcat9 using Openssl 3.0.2 post successful FIPS module installation in windows

2022-06-01 Thread Christopher Schultz
Mark, On 6/1/22 09:49, Mark Thomas wrote: On 20/05/2022 12:43, Mark Thomas wrote: Tomcat Native has not been updated for OpenSSL 3.0.x and FIPS. Code changes in Tomcat Native are going to be required to get this to work. After doing some work on this I have an update. First of all,

Re: Apache Tomcat EncryptInterceptor DoS CVE-2022-29885 vulnerability question

2022-05-31 Thread Christopher Schultz
Jacob, On 5/31/22 11:17, DeHaven, Jacob wrote: In regards, to the Low: Apache Tomcat EncryptInterceptor DoS http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885 which is fixed in Apache Tomcat 9.0.63, it is being reporting as a Low vulnerability on the Apache Tomcat website but others

Re: allowHostHeaderMismatch option only works if the Host Header has an http or https prefix

2022-05-28 Thread Christopher Schultz
hey can do that, they are already mounting a MitM against you and no amount of checking host headers is going to solve that problem. -chris -Original Message----- From: Christopher Schultz Sent: Friday, May 27, 2022 4:26 PM To: users@tomcat.apache.org Subject: Re: allowHostHeaderMismatch option

Re: allowHostHeaderMismatch option only works if the Host Header has an http or https prefix

2022-05-27 Thread Christopher Schultz
Mark, On 5/27/22 3:13 AM, Mark Thomas wrote: On 27/05/2022 02:00, Ralph Atallah wrote: Hi Mark, Thanks again for the prompt response. You wrote below:  "If the original request only has a Host header, then allowHostHeaderMismatch="false" isn't going to do anything because there is no

Re: What causes "client errors" with mod_jk

2022-05-26 Thread Christopher Schultz
Rainer, On 5/26/22 17:25, Rainer Jung wrote: Hi Chris, Am 26.05.2022 um 21:49 schrieb Christopher Schultz: On 5/16/22 13:48, Christopher Schultz wrote: I see the place in the code where the error is generated, but I'm not familiar enough with the code to know how to add that kind of thing

Re: Upgrade tomcat 7 to 10.

2022-05-26 Thread Christopher Schultz
Rodrigo, On 5/26/22 17:16, Rodrigo Cunha wrote: i need upgrade my tomcat server from 7 to 10. I don't saw in internet nothing about that. Commonly i upgraded in steps, 7 to 8, 8 to 9 and 9 to 10. Are there a problem upgrade from 7 to 10? I suspect you should be able to upgrade your Tomcat

Re: Sv: Unexpected messages in commons-daemon.log

2022-05-26 Thread Christopher Schultz
Pontus, On 5/25/22 03:53, Pontus Ågren wrote: There is monitoring of the service so that seems to be the cause. I agree that logging it at TRACE level is a better idea. On INFO level it just adds noice. You might be "over monitoring" if you are seeing pairs of messages at once... except for

Re: What causes "client errors" with mod_jk

2022-05-26 Thread Christopher Schultz
Rainer, On 5/26/22 16:46, Rainer Jung wrote: Hi Chris, Am 16.05.2022 um 19:48 schrieb Christopher Schultz: I've been looking into this a little more in my production environment. These errors are not super common, but there seems to be a steady trickle of errors from my two services

Re: What causes "client errors" with mod_jk

2022-05-26 Thread Christopher Schultz
All, On 5/26/22 15:49, Christopher Schultz wrote: Rainer, On 5/16/22 13:48, Christopher Schultz wrote: Rainer, I've been looking into this a little more in my production environment. These errors are not super common, but there seems to be a steady trickle of errors from my two services

Re: What causes "client errors" with mod_jk

2022-05-26 Thread Christopher Schultz
Rainer, On 5/16/22 13:48, Christopher Schultz wrote: Rainer, I've been looking into this a little more in my production environment. These errors are not super common, but there seems to be a steady trickle of errors from my two services that have human users. I see 0 errors for my API

[ANN] Apache Tomcat 8.5.79 available

2022-05-24 Thread Christopher Schultz
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.79. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.79 is a bugfix and

Re: [ANN] Apache Tomcat 8.5.79 available

2022-05-23 Thread Christopher Schultz
All, I jumped the gun on sending this announcement, so I went ahead and updated the web site, too. The CDN doesn't have the release artifacts, yet, but the ASF downloads server does. Please be patient until the CDN updates. Thanks, -chris On 5/23/22 16:56, Christopher Schultz wrote

[ANN] Apache Tomcat 8.5.79 available

2022-05-23 Thread Christopher Schultz
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.79. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.79 is a bugfix and

Re: [ANN] ApacheCon NA 2022 in New Orleans, 3-6 Oct 2022, CFP is OPEN!

2022-05-23 Thread Christopher Schultz
Jon, On 5/23/22 16:41, jonmcalexan...@wellsfargo.com.INVALID wrote: Understood. I'm willing to give it a try if you want to sign me up, but I have to do it virtual. Traveling is not possible for me. Oh. Sorry about that; it will need to be in-person. We don't have any set up to do

Re: [ANN] ApacheCon NA 2022 in New Orleans, 3-6 Oct 2022, CFP is OPEN!

2022-05-23 Thread Christopher Schultz
Jon, On 5/23/22 15:53, jonmcalexan...@wellsfargo.com.INVALID wrote: I would really Love to have something, but I just don't have the time to work on anything like this You could just talk about something you are already doing. It doesn't need to be ground-breaking work. Something along the

Re: [ANN] ApacheCon NA 2022 in New Orleans, 3-6 Oct 2022, CFP CLOSES TODAY!!

2022-05-23 Thread Christopher Schultz
All, If you were considering submitting a presentation, please do it *RIGHT NOW*. Thank, -chris On 4/7/22 10:26, Christopher Schultz wrote: All, [Cross-posting to dev@, please reply to users@] ApacheCon NA 2022 is back *in-person* in New Orleans, Louisiana. It will be held 3 - 6 October

Re: [ANN] ApacheCon NA 2022 in New Orleans, 3-6 Oct 2022, CFP is OPEN!

2022-05-23 Thread Christopher Schultz
Coty, On 5/23/22 15:22, Coty Sutherland wrote: On Fri, Apr 29, 2022 at 2:53 PM Christopher Schultz < ch...@christopherschultz.net> wrote: All, Please remember that the ApacheCon North American conference is still accepting presentations until 23 May 2022. The Tomcat track current

  1   2   3   4   5   6   7   8   9   10   >