Re: Truststore in HTTPS Connector does not work with Linux

2020-09-18 Thread Daniel Savard
don't see any reason for such a behavior. Regards, --------- Daniel Savard

Re: [OT] Red Hat / CentOS specific question about certificates

2020-08-31 Thread Daniel Savard
Le lun. 31 août 2020 à 11:13, Christopher Schultz < ch...@christopherschultz.net> a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > Daniel, > > On 8/28/20 20:46, Daniel Savard wrote: > > Le ven. 28 août 2020 à 17:19, Darryl Philip Baker &l

Re: Red Hat / CentOS specific question about certificates

2020-08-29 Thread Daniel Savard
RedHat only question having nothing to do with Tomcat itself. From the Tomcat point of view, you can only copy the file somewhere else where the RedHat scripts, update procedures will not touch it and let Tomcat know where it is. Regards, - Daniel Savard

Re: Red Hat / CentOS specific question about certificates

2020-08-28 Thread Daniel Savard
s. Just make a copy and put your certificates in the copy. In fact, you may not need the original file at all if only self-signed certificates are involved. All the certifications authorities in the file are then useless to you. Regards, - Daniel Savard

Re: [Tomcat 9.0.37] Https / SSL on Windows server 2016 with windows certificate store

2020-07-12 Thread Daniel Savard
re stored in the Windows registry. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores Since IIS is a Windows-only product, this is the simple thing for them to do. Tomcat runs on various platforms and should support open and neutral keystore formats instead. - Daniel Savard

Re: Question about setting CATALINA_OPTS when starting Tomcat using a Windows Service in Tomcat 7.0.54

2018-08-08 Thread Daniel Savard
his is standard stuff. The effect is the JVM now knows your port is a JMX port and it will stop to try to use it when it is already in use and free it cleanly. Regards, - Daniel Savard > >

Re: Question about setting CATALINA_OPTS when starting Tomcat using a Windows Service in Tomcat 7.0.54

2018-08-03 Thread Daniel Savard
But, you may have to use extra properties for you particular situation. Why did I say to put everything in the configuration file for com.sun.management.config.file? Because that way, the JVM knows these are for JMX and knows the port is for JMX and will not run into a nonesense when stopping the service saying the port is already in use. That's why you should put this into the configuration file and define the property to tell the JVM the pathname of the configuration file. Regards, - Daniel Savard

Re: Question about setting CATALINA_OPTS when starting Tomcat using a Windows Service in Tomcat 7.0.54

2018-08-02 Thread Daniel Savard
In ${Tomcat}/conf create the file management.properties and put your stuff in this file like: com.sun.management.jmxremote = true com.sun.management.jmxremote.port = 9876 com.sun.management.registry.ssl =true com.sun.management.ssl = true com.sun.management.ssl.enebled.protocols = TLSv1.2 ...

Tomcat 8.5.32 parseHost error

2018-07-24 Thread Daniel Savard
with this version or another one? Regards, - Daniel Savard

Re: how to upgrade tomcat 8.5.x?

2017-05-17 Thread Daniel Savard
ps/apache-tomcat-8.5.12/lib >> cp ./apache-tomcat-8.5.14/lib/websocket-api.jar >> ../apps/apache-tomcat-8.5.12/lib >> > > > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > Maybe a useless comment. However I upgraded from 8.0 to 8.5. I have both a CATALINA_HOME and CATALINA_BASE and the upgrade was really easy and summarizes almost entierly in changes for the new configuration syntax in the server.xml file. Upgrading from a release to another is almost a no brainer, as well as upgrading to a new Java version. It may be a little more work to start with to setup two separated filetree, but on the long run, it pays. I have to maintain and support about 70 instances of Tomcat and a dozen of applications as a sideline job. - Daniel Savard

Re: Redirection/URL rewriting Tomcat 8.5.14

2017-05-12 Thread Daniel Savard
Hi Chris, 2017-05-12 13:31 GMT-04:00 Christopher Schultz <ch...@christopherschultz.net >: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Daniel, > > On 5/12/17 10:03 AM, Daniel Savard wrote: > > Hi everyone, > > > > my question is no

Redirection/URL rewriting Tomcat 8.5.14

2017-05-12 Thread Daniel Savard
. Is there a way to debug this problem? How can I see what is going on with the execution of the rewriting class? Regards, - Daniel Savard

Re: Can Tomcat act as an HTTPS proxy?

2017-01-19 Thread Daniel Savard
dded into another product in production at my shop and it is working fine so far. Regards, - Daniel Savard

Re: How many instances Tomcat?

2016-12-16 Thread Daniel Savard
ing the service. For ressources consumption, you need to look at what your specific applications need and what kind of workload you expect. Giving the amount of RAM and the number of cores is useless. I run 9 instances of Tomcat on a single server with 16 GB of RAM and 2 cores. Regards, - Daniel Savard

Re: TLS/SSL Elliptic Curve support problem with Tomcat 7.0.72

2016-11-09 Thread Daniel Savard
2016-11-09 16:11 GMT-05:00 Christopher Schultz <ch...@christopherschultz.net >: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Daniel, > > You don't seem to have received a response about this... > > On 10/11/16 2:13 PM, Daniel Savard wrote: > > I have

Re: Tomcat clustering and FarmDeployer

2016-10-21 Thread Daniel Savard
Le 20 oct. 2016 3:21 PM, "André Warnier (tomcat)" a écrit : > > Maybe naive, and I have never tried any of this myself, but is there a reason why you cannot use method 2 in > http://tomcat.apache.org/tomcat-8.0-doc/deployer-howto.html#A_word_on_Contexts > in that scenario ? >

Re: Tomcat clustering and FarmDeployer

2016-10-20 Thread Daniel Savard
enario ? > > André, thanks I will give it a try. I never used method 2 before and I just forgot about it. ----- Daniel Savard

Tomcat clustering and FarmDeployer

2016-10-20 Thread Daniel Savard
to the web application? BTW, if it is of any use, I am running Tomcat 8.0.36 and Oracle JDK 1.8.0_92. Regards, - Daniel Savard

TLS/SSL Elliptic Curve support problem with Tomcat 7.0.72

2016-10-11 Thread Daniel Savard
the three following browsers: IE 11, Chrome and Firefox. IE11 and Chrome are complaining about TLS protocol error without saying anything about the cause of the error. Any hints? Regards, - Daniel Savard

Re: Tomcat 8 HTTPS issue with old browser

2016-10-04 Thread Daniel Savard
Your challenge is much more with Java 8 as already mentioned above if you use a non-APR connector and with OpenSSL otherwise than with Tomcat itself. - Daniel Savard 2016-10-04 6:43 GMT-04:00 Garratt, Dave <dgarr...@logopak.net>: > To elaborate, there is only th

Re: TLS 1.2 Handshake on Tomcat 7.0.39 Getting Internal Error: Key format must be RAW

2016-09-22 Thread Daniel Savard
2016-09-22 6:16 GMT-04:00 André Warnier (tomcat) : > Dono, > > Ok, this is really a long shot, and I really do not know what I am > talking about.. > > I just want to point out that in the course of doing some searches on the > WWW with keywords related to your issue, I seemed

Re: tomat8.5 write logs with incorret os permission

2016-08-05 Thread Daniel Savard
support them. You can use umask to change the default behavior. If security of log files is critical for your application, you should take time to design the logging appropriately and don't expect someone else to take care of all your concerns for you. - Daniel Savard 2016-08-05

Re: Facing issue while configuring SSL

2016-07-14 Thread Daniel Savard
rectory of your Tomcat instance. I'm not sure about the C: in the pathname. However, ${catalina.base}/conf/ is portable and enables you to move you instance into another directory without having to modify all the configuration files. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

2016-07-13 Thread Daniel Savard
2016-07-13 15:56 GMT-04:00 Sean Son <linuxmailinglistsem...@gmail.com>: > Thank you for your answer guys. Is there anywhere in the Tomcat config > files that I would need to specify the DNS name? Like in Apache we would > specify the DNS name in a Virtualhost. > > No. ---

Re: Need help setting up SSL on Tomcat 8

2016-07-12 Thread Daniel Savard
ificate specify the SubjectAlternativeName field with two DNS entries. If none of these can be resolved for your server, the certificate is considered invalid. --------- Daniel Savard

Re: Need help setting up SSL on Tomcat 8

2016-07-07 Thread Daniel Savard
>> There are issues with the site's certificate chain >>> (net::ERR_CERT_COMMON_NAME_INVALID). >>> >>> Looks like adding the keyAlias to the connector did not fix anything >>> unfortunately. >>> >> > Did you examined the received certificate in the browser. Usually this help to identify why it failed. In this case, the chain of certification seems to be the problem. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

2016-07-07 Thread Daniel Savard
t; > keystorePass="password" keyAlias="{b81d8607-57e9-4c35-a058-cd46099e7797}" > SSLEnabled="true" scheme="https" secure="true" >clientAuth="false" sslProtocol="TLS" /> > > Yes. - Daniel Savard

Re: Tomcat 7 and SHA-1

2016-07-01 Thread Daniel Savard
hing different from the HMAC for the certificate itself. However, if the user wants to ban the SHA-1 from the negociated symmetric encryption algorithm, he will have to set a proper cipher suite to exclude anything without SHA-256 and more from the accepted ciphers. You have to experiment with the openssl cipher command to find out a proper combination. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

2016-07-01 Thread Daniel Savard
and you will have the alias and Common Name clearly identified on the output in a verbose format. Use the -v option to the keytool command for this. No need to post everything here if you are unsure. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

2016-07-01 Thread Daniel Savard
send, the first entry in the keystore is sent. In this case, root. The attribute to tell the connector which certificate to send, is keyAlias, however it seems your certificate has no alias in the keystore. - Daniel Savard

Re: Tomcat 7 and SHA-1

2016-07-01 Thread Daniel Savard
that doesn't meet your standards. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

2016-06-28 Thread Daniel Savard
trust store, the default trust store shipped with your version of Java will be used. If the clients trying to connect are not having certificats signed by one of these, it will fails. It may not be a problem in your case since you do not provide any details on the clients' certificates. Regards,

Re: Configuring Tomcat to support TLSv1.2

2016-06-24 Thread Daniel Savard
that turns around and asks > "but why" :-) > > Because previously you didn't complete the TLSv1.2 protocol handshaking process given the fact you server didn't support it. It then negociated a lesser protocol understood by both parties which happen to be TLSv1.0 (the one set by the previous value of SSL_VERSION in your catalina.sh startup file). - Daniel Savard

Re: Configuring Tomcat to support TLSv1.2

2016-06-24 Thread Daniel Savard
ed out this in her next post saying it was setup by the vendor. I was assuming she was working from a vanilla installation someone else has customized somewhat, hence my suggestion to stick on vanilla catalina.sh and so on. ----- Daniel Savard

Re: Configuring Tomcat to support TLSv1.2

2016-06-21 Thread Daniel Savard
tation page above, you will see the sslProtocol attribute is actually passing the value to Java 7. That's why there is no need to temper with the catalina.sh to try to set this for Java before hand. The proper way to configure Tomcat is to modify files in the conf directory only. Playing with files in bin and lib is not a recommended approach. Daniel Savard

Re: Configuring Tomcat to support TLSv1.2

2016-06-21 Thread Daniel Savard
it yet. You didn't mention which version of Java 7 exactly you are using. Did you install the Unlimited JDK security package? Did you read the documentation on TLS/SSL? http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html - Daniel Savard

Re: Updating Apache Tomcat to a current version

2016-06-12 Thread Daniel Savard
dors to distribute their apps > to their customers, or is it normally a customer created file? > > Hi Paul, I assumed your previous configuration or the reference configuration is doing so. Then, if you replicate the configuration it should do the same. Regards, - Daniel Savard

Re: Updating Apache Tomcat to a current version

2016-06-12 Thread Daniel Savard
9.34. We are upgrading to SM 9.41, Tomcat 8 and Java 8. So far, SM is running smoothly in all our environments. Usually HP support whatever version of Tomcat you have, provided it meets the minimum requirements or unless a specific bug exists in your Tomcat version. Regards, - Daniel Savard

Re: Updating Apache Tomcat to a current version

2016-06-12 Thread Daniel Savard
> (I'm not familiar with WAR files - is that the normal way to install new > apps into Tomcat?) > WAR is the standard to distribute web applications. Regards, - Daniel Savard

Re: Updating Apache Tomcat to a current version

2016-06-11 Thread Daniel Savard
2016-06-10 15:09 GMT-04:00 paul.greene.va : > Actually, I don't want to have parallel versions going; 7.0.53 needs to go > away to address the vulnerabilities found in the audit scan. Ideally > everything should be the same as it is now, with the only difference being

Re: Updating Apache Tomcat to a current version

2016-06-09 Thread Daniel Savard
2016-06-09 23:04 GMT-04:00 paul.greene.va : > Hello All, > > I manage an HP application that uses Apache Tomcat as a 3rd party > application. The installed Tomcat version is 7.0.53. Because of a recent > audit scan I have to update it to the most current version

Clustering and Context Container setup

2016-06-03 Thread Daniel Savard
precated class while searching for the different values for channelSendOptions. Here: http://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/tribes/group/interceptors/MessageDispatch15Interceptor.html So, a little clarification would be appreciated. Regards, - Daniel Savard

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

2016-05-25 Thread Daniel Savard
provide > folks with the information they need to figure out whether this affects > them or not. > > Mark > In doubt, I usually prefer to upgrade to latest version. I see no reason to stick to a lower version unless a specific bug is know and has been introduced into the latest version. - Daniel Savard

Re: Apache Tomcat 9

2016-05-06 Thread Daniel Savard
2016-05-06 14:27 GMT-04:00 Frederick Piña : > Hi ! I'm using Tomcat Controller. It works fine (turning off/on, etc). > However, after the confirmation page on my browser is shown; from Apache > Tomcat 9; I still can't get the Java Web Application to load. > > Apache

Re: performance of tomcat 8 is less than tomcat 6

2016-04-19 Thread Daniel Savard
2016-04-19 1:04 GMT-04:00 Ravi Chandra Suryavanshi < ravi.chandra.suryavan...@ericsson.com>: > Hi, > I am using tomcat 6 in my product. I am planning to upgrade to tomcat 8 as > tomcat is going to EoS in Dec-2016. > I have just taken the performance of Tomcat 8 and found the 70% less >

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Daniel Savard
be helpful to be provided alternate solutions. But, anyway, enough on this. - Daniel Savard 2016-03-19 17:02 GMT-04:00 André Warnier (tomcat) <a...@ice-sa.com>: > Daniel, > > first of all, stop top-posting (this applies to both of you). This is not > the style

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Daniel Savard
. - Daniel Savard 2016-03-19 15:40 GMT-04:00 Lyallex <lyal...@gmail.com>: > <Sigh!> > > On 19 March 2016 at 19:19, Daniel Savard <daniel.sav...@gmail.com> wrote: >> I see what you were trying to achieve, however I don't see much >> interest

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Daniel Savard
unprivileged port isn't a solution to your problem. Regards, - Daniel Savard 2016-03-19 12:10 GMT-04:00 Lyallex <lyal...@gmail.com>: > It's the simplest way to find out which port you have Tomcat listening on > > *NIX based systems don't allow non root uses bind

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-19 Thread Daniel Savard
Why? What is the point? The server.xml has nothing to do with integration with systemd. - Daniel Savard 2016-03-19 1:40 GMT-04:00 Lyallex <lyal...@gmail.com>: > Would you mind posting your server.xml, here is the relevant bit

Re: contextDestroyed() method not called

2016-03-19 Thread Daniel Savard
, - Daniel Savard 2016-03-16 23:56 GMT-04:00 Caldarale, Charles R <chuck.caldar...@unisys.com>: >> From: Daniel Savard [mailto:daniel.sav...@gmail.com] >> Subject: contextDestroyed() method not called > >> I noticed a problem with one of my web applications which re

Re: contextDestroyed() method not called

2016-03-19 Thread Daniel Savard
>From the manager clicking on the Stop button for the application. For the instance, on Windows just stop the Tomcat service, on Linux, just run the catalina.sh stop script. ----- Daniel Savard 2016-03-17 8:47 GMT-04:00 Caldarale, Charles R <chuck.caldar...@unisys.com>

contextDestroyed() method not called

2016-03-18 Thread Daniel Savard
, I guess I am doing something wrong. Someone can provide some guidance to identify the cause of such undesirable behavior? Regards, - Daniel Savard - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org F

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

2016-03-18 Thread Daniel Savard
of my EnvironmentFile: CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" CATALINA_BASE="/tomcat/tomcat-8-dev" CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" CATALINA_PID="/var/run/tomcat-8-dev.pid"

Re: contextDestroyed() method not called

2016-03-18 Thread Daniel Savard
? - Daniel Savard 2016-03-17 19:08 GMT-04:00 Daniel Savard <daniel.sav...@gmail.com>: > From the manager clicking on the Stop button for the application. For > the instance, on Windows just stop the Tomcat service, on Linux, just > run the catalina.sh stop script. > -------

Re: Connection pool in a clustered environment

2016-03-08 Thread Daniel Savard
/[hostname]/mywebapp.xml instead of adding the empty element in $CATALINA_BASE/webapps/mywebapp/WEB-INF/web.xml. It seems the former is not working, at least with Tomcat 8.0.32 ----- Daniel Savard 2016-03-08 15:08 GMT-05:00 Christopher Schultz <ch...@christopherschultz.net>: > --

Connection pool in a clustered environment

2016-03-08 Thread Daniel Savard
I have to handle this in my code? Do I have to reinitialize the connection pool if such an event happen? Regards, - Daniel Savard - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional

Re: Advice on Cluster in one machine

2016-03-08 Thread Daniel Savard
. - Daniel Savard 2016-03-08 10:48 GMT-05:00 Christopher Schultz <ch...@christopherschultz.net>: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Edwin, > > On 3/8/16 8:19 AM, Edwin Quijada wrote: >> I am new using Tomcat so I have a questio

Re: Configuring a custom folder for Tomcat configuration files

2016-03-08 Thread Daniel Savard
Your question has been answered and you shouldn't cross post questions. - Daniel Savard 2016-03-08 3:31 GMT-05:00 Chiranga Alwis <chirangaal...@gmail.com>: > Hi, > > please refer the question in stackoverflow > http://stackoverflow.com/questions/35862427/configu

Re: Building binary release on Windows 10

2016-02-14 Thread Daniel Savard
with anything else, unfortunately. - Daniel Savard 2016-02-14 7:06 GMT-05:00 Konstantin Kolinko <knst.koli...@gmail.com>: > 2016-02-14 4:50 GMT+03:00 Daniel Savard <daniel.sav...@gmail.com>: >> Hi everyone, >> >> I am trying to perform a "buil

Building binary release on Windows 10

2016-02-13 Thread Daniel Savard
bviously, the program requires more privileges than my current user. How do I fix this to complete the process and create the installer file for Windows? Regards, - Daniel Savard - To unsubscribe, e-mail: users

Re: Is IBM Right About Java?

2011-02-08 Thread Daniel Savard
activity is so high no useful work but paging take place. The system is no longer usable at this point. Hope I was able to clarify Chris' point a little bit. Regards, -- - Daniel Savard CiDS Inc. Montreal, QC Canada

Re: Tomcat Consultant

2010-11-18 Thread Daniel Savard
That's an Opus Dei owned company, I fear. Unless you are seeking for the anti-matter thing, you should rather than stay away of it. 2010/11/18 Martin Gainty mgai...@hotmail.com can we get someone from the vatican to translate? Martin Gainty __

Re: [OT] RE: Tomcat Consultant

2010-09-29 Thread Daniel Savard
it compare or not? Daniel Savard 2010/9/29 Martin Gainty mgai...@hotmail.com i always wondered by the big 5 billable rate started at 100 /hr BTW: dont forgot your armani suit and the lamberghini! Martin Gainty

Re: Tomcat Consultant

2010-09-25 Thread Daniel Savard
Jorge, Could you explain further what's the difference between an app container and an app server? For me it seems pretty much the same. Regards, Daniel Savard 2010/9/24, Jorge Medina cerebrotecnolog...@gmail.com: Hey, you don't need a Big-5 consulting company. You need a a couple of experts

Re: Tomat monitoring

2010-05-20 Thread Daniel Savard
So, decipher how the jconsole can be used as a monitoring tool? My belief is it can be used to provide snmp agent services, but I have no experience with it and I am curious to hear from others about it. Daniel Savard 2010/5/20, Leon Rosenberg rosenberg.l...@gmail.com: On Thu, May 20, 2010

Re: Tomat monitoring

2010-05-20 Thread Daniel Savard
We are not talking about SNMP monitoring, but about SNMP as a tool to interface between monitoring of the JVM and applications and a centralized manager or integration with a manager of managers in an enterprise-wide picture. Daniel Savard 2010/5/20 Ozgur Ozdemircili ozgur.ozdemirc...@gmail.com