Re: Tomcat 9.0.x on Windows crashing

Le jeu. 24 août 2023 à 13:06, Christopher Schultz < ch...@christopherschultz.net> a écrit : > Daniel, > > On 8/23/23 13:03, Daniel Savard wrote: > > I didn't specify the actual Tomcat version because the problem occurs > under > > all versions. We are running a comm

Re: Tomcat 9.0.x on Windows crashing

path to suit your configuration) > > Robert > Hi Robert, I will look into it. For now, I cannot modify the system easily. I need to plan a change for this with at least a one week notice and upon approval. Will try to include this in a forthcoming change. - Daniel Savard

Re: Tomcat 9.0.x on Windows crashing

Le jeu. 24 août 2023 à 02:29, Thomas Hoffmann (Speed4Trade GmbH) a écrit : > Hello Daniel, > > > -Ursprüngliche Nachricht----- > > Von: Daniel Savard > > Gesendet: Mittwoch, 23. August 2023 19:03 > > An: users@tomcat.apache.org > > Betreff: Tomcat

Tomcat 9.0.x on Windows crashing

if it crashes. Again, the problem is very unlikely to be with Tomcat itself, but the tuning of the VM. - Daniel Savard

Re: CVE-2021-44228 Log4j 2 Vulnerability -- How does this affect Tomcat?

.warn(log msg param " + userControlledParam); > > No. > Mfg > Thomas > > - Daniel Savard

Re: CVE-2021-44228 Log4j 2 Vulnerability -- How does this affect Tomcat?

Thanks, very useful information to channel back to my team and beyond. - Daniel Savard

Re: TLSv1.3 Support in Tomcat

https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites TLSv1.3 supports 5 cipher suites and none is in your list. - Daniel Savard Le mar. 29 juin 2021 à 01:44, S Abirami a écrit : > Hi Christopher, > > Below is my Connector element, sslEnabledProtocols =TLSv1.2

Re: Truststore in HTTPS Connector does not work with Linux

don't see any reason for such a behavior. Regards, --------- Daniel Savard

Re: [OT] Red Hat / CentOS specific question about certificates

Le lun. 31 août 2020 à 11:13, Christopher Schultz < ch...@christopherschultz.net> a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > Daniel, > > On 8/28/20 20:46, Daniel Savard wrote: > > Le ven. 28 août 2020 à 17:19, Darryl Philip Baker &l

Re: Red Hat / CentOS specific question about certificates

RedHat only question having nothing to do with Tomcat itself. From the Tomcat point of view, you can only copy the file somewhere else where the RedHat scripts, update procedures will not touch it and let Tomcat know where it is. Regards, - Daniel Savard

Re: Red Hat / CentOS specific question about certificates

s. Just make a copy and put your certificates in the copy. In fact, you may not need the original file at all if only self-signed certificates are involved. All the certifications authorities in the file are then useless to you. Regards, - Daniel Savard

Re: [Tomcat 9.0.37] Https / SSL on Windows server 2016 with windows certificate store

re stored in the Windows registry. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores Since IIS is a Windows-only product, this is the simple thing for them to do. Tomcat runs on various platforms and should support open and neutral keystore formats instead. - Daniel Savard

Re: Question about setting CATALINA_OPTS when starting Tomcat using a Windows Service in Tomcat 7.0.54

his is standard stuff. The effect is the JVM now knows your port is a JMX port and it will stop to try to use it when it is already in use and free it cleanly. Regards, - Daniel Savard > >

Re: Question about setting CATALINA_OPTS when starting Tomcat using a Windows Service in Tomcat 7.0.54

But, you may have to use extra properties for you particular situation. Why did I say to put everything in the configuration file for com.sun.management.config.file? Because that way, the JVM knows these are for JMX and knows the port is for JMX and will not run into a nonesense when stopping the service saying the port is already in use. That's why you should put this into the configuration file and define the property to tell the JVM the pathname of the configuration file. Regards, - Daniel Savard

Re: Question about setting CATALINA_OPTS when starting Tomcat using a Windows Service in Tomcat 7.0.54

In ${Tomcat}/conf create the file management.properties and put your stuff in this file like: com.sun.management.jmxremote = true com.sun.management.jmxremote.port = 9876 com.sun.management.registry.ssl =true com.sun.management.ssl = true com.sun.management.ssl.enebled.protocols = TLSv1.2 ...

Tomcat 8.5.32 parseHost error

with this version or another one? Regards, - Daniel Savard

Re: how to upgrade tomcat 8.5.x?

ps/apache-tomcat-8.5.12/lib >> cp ./apache-tomcat-8.5.14/lib/websocket-api.jar >> ../apps/apache-tomcat-8.5.12/lib >> > > > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > Maybe a useless comment. However I upgraded from 8.0 to 8.5. I have both a CATALINA_HOME and CATALINA_BASE and the upgrade was really easy and summarizes almost entierly in changes for the new configuration syntax in the server.xml file. Upgrading from a release to another is almost a no brainer, as well as upgrading to a new Java version. It may be a little more work to start with to setup two separated filetree, but on the long run, it pays. I have to maintain and support about 70 instances of Tomcat and a dozen of applications as a sideline job. - Daniel Savard

Re: Redirection/URL rewriting Tomcat 8.5.14

Hi Chris, 2017-05-12 13:31 GMT-04:00 Christopher Schultz <ch...@christopherschultz.net >: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Daniel, > > On 5/12/17 10:03 AM, Daniel Savard wrote: > > Hi everyone, > > > > my question is no

Redirection/URL rewriting Tomcat 8.5.14

. Is there a way to debug this problem? How can I see what is going on with the execution of the rewriting class? Regards, - Daniel Savard

Re: Can Tomcat act as an HTTPS proxy?

dded into another product in production at my shop and it is working fine so far. Regards, - Daniel Savard

Re: How many instances Tomcat?

ing the service. For ressources consumption, you need to look at what your specific applications need and what kind of workload you expect. Giving the amount of RAM and the number of cores is useless. I run 9 instances of Tomcat on a single server with 16 GB of RAM and 2 cores. Regards, - Daniel Savard

Re: TLS/SSL Elliptic Curve support problem with Tomcat 7.0.72

2016-11-09 16:11 GMT-05:00 Christopher Schultz <ch...@christopherschultz.net >: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Daniel, > > You don't seem to have received a response about this... > > On 10/11/16 2:13 PM, Daniel Savard wrote: > > I have

Re: Tomcat clustering and FarmDeployer

Le 20 oct. 2016 3:21 PM, "André Warnier (tomcat)" a écrit : > > Maybe naive, and I have never tried any of this myself, but is there a reason why you cannot use method 2 in > http://tomcat.apache.org/tomcat-8.0-doc/deployer-howto.html#A_word_on_Contexts > in that scenario ? >

Re: Tomcat clustering and FarmDeployer

enario ? > > André, thanks I will give it a try. I never used method 2 before and I just forgot about it. ----- Daniel Savard

Tomcat clustering and FarmDeployer

to the web application? BTW, if it is of any use, I am running Tomcat 8.0.36 and Oracle JDK 1.8.0_92. Regards, - Daniel Savard

TLS/SSL Elliptic Curve support problem with Tomcat 7.0.72

the three following browsers: IE 11, Chrome and Firefox. IE11 and Chrome are complaining about TLS protocol error without saying anything about the cause of the error. Any hints? Regards, - Daniel Savard

Re: Tomcat 8 HTTPS issue with old browser

Your challenge is much more with Java 8 as already mentioned above if you use a non-APR connector and with OpenSSL otherwise than with Tomcat itself. - Daniel Savard 2016-10-04 6:43 GMT-04:00 Garratt, Dave <dgarr...@logopak.net>: > To elaborate, there is only th

Re: tomat8.5 write logs with incorret os permission

support them. You can use umask to change the default behavior. If security of log files is critical for your application, you should take time to design the logging appropriately and don't expect someone else to take care of all your concerns for you. - Daniel Savard 2016-08-05

Re: Facing issue while configuring SSL

rectory of your Tomcat instance. I'm not sure about the C: in the pathname. However, ${catalina.base}/conf/ is portable and enables you to move you instance into another directory without having to modify all the configuration files. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

2016-07-13 15:56 GMT-04:00 Sean Son <linuxmailinglistsem...@gmail.com>: > Thank you for your answer guys. Is there anywhere in the Tomcat config > files that I would need to specify the DNS name? Like in Apache we would > specify the DNS name in a Virtualhost. > > No. ---

Re: Need help setting up SSL on Tomcat 8

ificate specify the SubjectAlternativeName field with two DNS entries. If none of these can be resolved for your server, the certificate is considered invalid. --------- Daniel Savard

Re: Need help setting up SSL on Tomcat 8

>> There are issues with the site's certificate chain >>> (net::ERR_CERT_COMMON_NAME_INVALID). >>> >>> Looks like adding the keyAlias to the connector did not fix anything >>> unfortunately. >>> >> > Did you examined the received certificate in the browser. Usually this help to identify why it failed. In this case, the chain of certification seems to be the problem. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

t; > keystorePass="password" keyAlias="{b81d8607-57e9-4c35-a058-cd46099e7797}" > SSLEnabled="true" scheme="https" secure="true" >clientAuth="false" sslProtocol="TLS" /> > > Yes. - Daniel Savard

Re: Tomcat 7 and SHA-1

hing different from the HMAC for the certificate itself. However, if the user wants to ban the SHA-1 from the negociated symmetric encryption algorithm, he will have to set a proper cipher suite to exclude anything without SHA-256 and more from the accepted ciphers. You have to experiment with the openssl cipher command to find out a proper combination. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

and you will have the alias and Common Name clearly identified on the output in a verbose format. Use the -v option to the keytool command for this. No need to post everything here if you are unsure. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

send, the first entry in the keystore is sent. In this case, root. The attribute to tell the connector which certificate to send, is keyAlias, however it seems your certificate has no alias in the keystore. - Daniel Savard

Re: Tomcat 7 and SHA-1

that doesn't meet your standards. - Daniel Savard

Re: Need help setting up SSL on Tomcat 8

trust store, the default trust store shipped with your version of Java will be used. If the clients trying to connect are not having certificats signed by one of these, it will fails. It may not be a problem in your case since you do not provide any details on the clients' certificates. Regards,

Re: Configuring Tomcat to support TLSv1.2

that turns around and asks > "but why" :-) > > Because previously you didn't complete the TLSv1.2 protocol handshaking process given the fact you server didn't support it. It then negociated a lesser protocol understood by both parties which happen to be TLSv1.0 (the one set by the previous value of SSL_VERSION in your catalina.sh startup file). - Daniel Savard

Re: Configuring Tomcat to support TLSv1.2

ed out this in her next post saying it was setup by the vendor. I was assuming she was working from a vanilla installation someone else has customized somewhat, hence my suggestion to stick on vanilla catalina.sh and so on. ----- Daniel Savard

Re: Configuring Tomcat to support TLSv1.2

tation page above, you will see the sslProtocol attribute is actually passing the value to Java 7. That's why there is no need to temper with the catalina.sh to try to set this for Java before hand. The proper way to configure Tomcat is to modify files in the conf directory only. Playing with files in bin and lib is not a recommended approach. Daniel Savard

Re: Configuring Tomcat to support TLSv1.2

it yet. You didn't mention which version of Java 7 exactly you are using. Did you install the Unlimited JDK security package? Did you read the documentation on TLS/SSL? http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html - Daniel Savard

Re: Updating Apache Tomcat to a current version

dors to distribute their apps > to their customers, or is it normally a customer created file? > > Hi Paul, I assumed your previous configuration or the reference configuration is doing so. Then, if you replicate the configuration it should do the same. Regards, - Daniel Savard

Re: Updating Apache Tomcat to a current version

9.34. We are upgrading to SM 9.41, Tomcat 8 and Java 8. So far, SM is running smoothly in all our environments. Usually HP support whatever version of Tomcat you have, provided it meets the minimum requirements or unless a specific bug exists in your Tomcat version. Regards, - Daniel Savard

Re: Updating Apache Tomcat to a current version

> (I'm not familiar with WAR files - is that the normal way to install new > apps into Tomcat?) > WAR is the standard to distribute web applications. Regards, - Daniel Savard

Re: Updating Apache Tomcat to a current version

2016-06-10 15:09 GMT-04:00 paul.greene.va : > Actually, I don't want to have parallel versions going; 7.0.53 needs to go > away to address the vulnerabilities found in the audit scan. Ideally > everything should be the same as it is now, with the only difference being

Re: Updating Apache Tomcat to a current version

2016-06-09 23:04 GMT-04:00 paul.greene.va : > Hello All, > > I manage an HP application that uses Apache Tomcat as a 3rd party > application. The installed Tomcat version is 7.0.53. Because of a recent > audit scan I have to update it to the most current version

Clustering and Context Container setup

precated class while searching for the different values for channelSendOptions. Here: http://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/tribes/group/interceptors/MessageDispatch15Interceptor.html So, a little clarification would be appreciated. Regards, - Daniel Savard

Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427

provide > folks with the information they need to figure out whether this affects > them or not. > > Mark > In doubt, I usually prefer to upgrade to latest version. I see no reason to stick to a lower version unless a specific bug is know and has been introduced into the latest version. - Daniel Savard

Re: Apache Tomcat 9

2016-05-06 14:27 GMT-04:00 Frederick Piña : > Hi ! I'm using Tomcat Controller. It works fine (turning off/on, etc). > However, after the confirmation page on my browser is shown; from Apache > Tomcat 9; I still can't get the Java Web Application to load. > > Apache

Re: performance of tomcat 8 is less than tomcat 6

2016-04-19 1:04 GMT-04:00 Ravi Chandra Suryavanshi < ravi.chandra.suryavan...@ericsson.com>: > Hi, > I am using tomcat 6 in my product. I am planning to upgrade to tomcat 8 as > tomcat is going to EoS in Dec-2016. > I have just taken the performance of Tomcat 8 and found the 70% less >

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

be helpful to be provided alternate solutions. But, anyway, enough on this. - Daniel Savard 2016-03-19 17:02 GMT-04:00 André Warnier (tomcat) <a...@ice-sa.com>: > Daniel, > > first of all, stop top-posting (this applies to both of you). This is not > the style

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

. - Daniel Savard 2016-03-19 15:40 GMT-04:00 Lyallex <lyal...@gmail.com>: > <Sigh!> > > On 19 March 2016 at 19:19, Daniel Savard <daniel.sav...@gmail.com> wrote: >> I see what you were trying to achieve, however I don't see much >> interest

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

unprivileged port isn't a solution to your problem. Regards, - Daniel Savard 2016-03-19 12:10 GMT-04:00 Lyallex <lyal...@gmail.com>: > It's the simplest way to find out which port you have Tomcat listening on > > *NIX based systems don't allow non root uses bind

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

Why? What is the point? The server.xml has nothing to do with integration with systemd. - Daniel Savard 2016-03-19 1:40 GMT-04:00 Lyallex <lyal...@gmail.com>: > Would you mind posting your server.xml, here is the relevant bit

Re: contextDestroyed() method not called

, - Daniel Savard 2016-03-16 23:56 GMT-04:00 Caldarale, Charles R <chuck.caldar...@unisys.com>: >> From: Daniel Savard [mailto:daniel.sav...@gmail.com] >> Subject: contextDestroyed() method not called > >> I noticed a problem with one of my web applications which re

Re: contextDestroyed() method not called

>From the manager clicking on the Stop button for the application. For the instance, on Windows just stop the Tomcat service, on Linux, just run the catalina.sh stop script. ----- Daniel Savard 2016-03-17 8:47 GMT-04:00 Caldarale, Charles R <chuck.caldar...@unisys.com>

contextDestroyed() method not called

, I guess I am doing something wrong. Someone can provide some guidance to identify the cause of such undesirable behavior? Regards, - Daniel Savard - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org F

Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved

of my EnvironmentFile: CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" CATALINA_BASE="/tomcat/tomcat-8-dev" CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" CATALINA_PID="/var/run/tomcat-8-dev.pid"

Re: contextDestroyed() method not called

? - Daniel Savard 2016-03-17 19:08 GMT-04:00 Daniel Savard <daniel.sav...@gmail.com>: > From the manager clicking on the Stop button for the application. For > the instance, on Windows just stop the Tomcat service, on Linux, just > run the catalina.sh stop script. > -------

Re: Connection pool in a clustered environment

/[hostname]/mywebapp.xml instead of adding the empty element in $CATALINA_BASE/webapps/mywebapp/WEB-INF/web.xml. It seems the former is not working, at least with Tomcat 8.0.32 ----- Daniel Savard 2016-03-08 15:08 GMT-05:00 Christopher Schultz <ch...@christopherschultz.net>: > --

Connection pool in a clustered environment

I have to handle this in my code? Do I have to reinitialize the connection pool if such an event happen? Regards, - Daniel Savard - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional

Re: Advice on Cluster in one machine

. - Daniel Savard 2016-03-08 10:48 GMT-05:00 Christopher Schultz <ch...@christopherschultz.net>: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Edwin, > > On 3/8/16 8:19 AM, Edwin Quijada wrote: >> I am new using Tomcat so I have a questio

Re: Configuring a custom folder for Tomcat configuration files

Your question has been answered and you shouldn't cross post questions. - Daniel Savard 2016-03-08 3:31 GMT-05:00 Chiranga Alwis <chirangaal...@gmail.com>: > Hi, > > please refer the question in stackoverflow > http://stackoverflow.com/questions/35862427/configu

Re: Building binary release on Windows 10

with anything else, unfortunately. - Daniel Savard 2016-02-14 7:06 GMT-05:00 Konstantin Kolinko <knst.koli...@gmail.com>: > 2016-02-14 4:50 GMT+03:00 Daniel Savard <daniel.sav...@gmail.com>: >> Hi everyone, >> >> I am trying to perform a "buil

Building binary release on Windows 10

bviously, the program requires more privileges than my current user. How do I fix this to complete the process and create the installer file for Windows? Regards, - Daniel Savard - To unsubscribe, e-mail: users

Re: Is IBM Right About Java?

activity is so high no useful work but paging take place. The system is no longer usable at this point. Hope I was able to clarify Chris' point a little bit. Regards, -- - Daniel Savard CiDS Inc. Montreal, QC Canada

Re: Tomcat Consultant

That's an Opus Dei owned company, I fear. Unless you are seeking for the anti-matter thing, you should rather than stay away of it. 2010/11/18 Martin Gainty mgai...@hotmail.com can we get someone from the vatican to translate? Martin Gainty __

Re: [OT] RE: Tomcat Consultant

it compare or not? Daniel Savard 2010/9/29 Martin Gainty mgai...@hotmail.com i always wondered by the big 5 billable rate started at 100 /hr BTW: dont forgot your armani suit and the lamberghini! Martin Gainty

Re: Tomcat Consultant

Jorge, Could you explain further what's the difference between an app container and an app server? For me it seems pretty much the same. Regards, Daniel Savard 2010/9/24, Jorge Medina cerebrotecnolog...@gmail.com: Hey, you don't need a Big-5 consulting company. You need a a couple of experts

Re: Tomat monitoring

So, decipher how the jconsole can be used as a monitoring tool? My belief is it can be used to provide snmp agent services, but I have no experience with it and I am curious to hear from others about it. Daniel Savard 2010/5/20, Leon Rosenberg rosenberg.l...@gmail.com: On Thu, May 20, 2010

Re: Tomat monitoring

We are not talking about SNMP monitoring, but about SNMP as a tool to interface between monitoring of the JVM and applications and a centralized manager or integration with a manager of managers in an enterprise-wide picture. Daniel Savard 2010/5/20 Ozgur Ozdemircili ozgur.ozdemirc...@gmail.com