Re: FIPS Mode enabling on Tomcat 7.00.057
Thanks Chris! I am able to resolve the issue. On Fri, Jan 30, 2015 at 10:09 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Geet, On 1/30/15 1:22 AM, Geett Chanddra Singha wrote: Steps followed to build FIPS tar zxf openssl-1.0.1l.tar.gz cd openssl-1.0.1l ./config --prefix=/usr/local --with-fipsdir=/usr/local/ssl/fips-2.0 make make install Note: I have installed the FIPS module in /usr/local/ssl/fips-2.0 You have to do ./config fips --with--fipsdir=[...]. You are missing the fips argument to config. After I did the config, it told me that I needed to first make depend. Then I did a regular make and got a FIPS-capable module (as tested by doing: $ cd test $ sh ./testfipsssl (Note that this test fails part way through because it's missing some kind of fake certificate... it looks like a problem with the test itself). I ran the test without building with FIPS and it died right away, so I'm confident I ended up with a FIPS-capable module: $ sh ./testfipsssl WARNING: can't open config file: /usr/local/ssl/openssl.cnf test ssl3 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: NONE 140652183557800:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1715: 140652183557800:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1715: test ssl2 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: NONE 139882949523112:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1715: 139882949523112:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1715: test tls1 *** IN FIPS MODE *** Available compression methods: NONE TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done test tls1 with server authentication *** IN FIPS MODE *** Available compression methods: NONE server authentication depth=0 error=20 /C=UK/O=OpenSSL Group/OU=FOR TESTING PURPOSES ONLY/CN=Test Server Cert Error string: unable to get local issuer certificate ERROR in CLIENT 140515612989096:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1162: TLSv1, cipher (NONE) (NONE) 1 handshakes of 256 bytes done $ cd .. $ ./apps/openssl version WARNING: can't open config file: /usr/local/ssl/openssl.cnf OpenSSL 1.0.1l-fips 15 Jan 2015 (Man... OpenSSL really is a big ball of crap: you have to be in the exact right directory for everything to work. It's amazing that these guys don't fix stuff like that. I like scripting everything, and having to do a cd in a script usually means that it's going to be hard to do things properly.) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUy7PaAAoJEBzwKT+lPKRYAqcQAI+So5gWQYfh166f1V30jrR4 IqWHGvwxUYjIRPeuwu6V0tTVgAkwcspRiMapLWOIpSojrr+9jysj2N85EOVSpg+r yIkc7dJmDgvaQ025u6bhnCby8YwupVmoyQKuiR4CzQb+ZjZIaDgp0l4XEyP/DxTy UDD/CnXvJE/Fgp6lwnOcLygOYuPwGq0cDMcJEW5RT9TMfp8T0yLgOoC8NOuYp4q5 Buywt9adAjNYZR1xREIKgRzEXEalFuI2dA4XyIV55Pye00dsAufsBj/uLhv4xAva XU3qbHnHSnycfiipGjW60ZM0zJqLtszx3Q26luElCbv9QqOAyf68+QV4cYVhI2rY 6SefnQZ2mCQKDs15+aYyB093zveQxKLkVIHyYsbHLpe0oPBUp0f8cy5UVRZnmtE+ H8IXxG3jaz6mG15DYF6IXyg/GVlHMS+RQdoD2c0sNN+WtY0g+7kbcNLcrjwvsei0 nKm6lnWXDUT4u8ggp5h+XDSbf1RzyxMyl6B9EwFW39rgmOnTtYIJjW7N8TxvcxvI 5LBEUJUcVSi2kb3tiWNHdcEeT5cnk8Woy3Tyoi+OrdcDoawz7x8o8sroXHgXogxN Zm5k6gAB+4xCv8LUVnkRV2qu+MBk6hmX5vEOp8NYf0xKzEuOhYGyxSL4b/5U+6c2 bbYfRCbqLI/ySkifw55o =o/7E -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Thanks Regards Geett Chanddra Singha
Re: FIPS Mode enabling on Tomcat 7.00.057
Thanks Chris! Please find the inline comments from my side On 1/29/15 12:45 AM, Geett Chanddra Singha wrote: I'm getting the following error when enabling FIPS mode on Apache Tomcat: Jan 28, 2015 5:02:33 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent SEVERE: Failed to initialize the SSLEngine. java.lang.Exception: error:2D06C06E:FIPS routines:FIPS_mode_set:fingerprint does not match at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method) Chris : Looks like your fingerprint doesn't match. Geet: Could you please explain the meaning of the FIPS_mode_set:fingerprint does not match.It will be helpful for me as I am trying for FIPS mode configuration for the first time. *Steps I followed to configure: * Added the following in server.xml Server port=8006 shutdown=SHUTDOWN !-- Comment these entries out to disable JMX MBeans support used for the administration web application -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on FIPSMode=on/ -- 1.)Installing tomcat apr: Download from http://apache.mirror.anlx.net/apr/apr-1.5.1.tar.gz Chris :What UNIX are you running? Are you sure you have to build this all yourself? Geett: I am trying on Linux RHEL.6.0_x64. Yes, I got the steps from internet. tar zxvf apr-1.5.1.tar.gz rm apr-1.5.1.tar.gz cd apr-1.5.1 * sudo ./configure sudo make sudo make install Chris: Why did you build this as root? Geett: I am trying on Linux RHEL.6.0_x64 test machine. export LD_LIBRARY_PATH='$LD_LIBRARY_PATH:/usr/local/apr/lib' 2.)Installing tomcat tomcat-native: Download http://apache.bytenet.in/tomcat/tomcat-connectors/native/1.1.32/source/tomcat-native-1.1.32-src.tar.gz tar zxvf tomcat-native-1.1.32-src.tar.gz rm tomcat-native-1.1.32-src.tar.gz cd tomcat-native-1.1.32-src/jni/native JAVA_HOME=/usr/lib/jvm/JAVA_HOME sudo ./configure --with-apr=/usr/local/apr --with-java-home=$JAVA_HOME sudo make sudo make install 3.)Adding the following line CATALINA_OPTS=$CATALINA_OPTS -Djava.library.path=/usr/local/apr/lib 4.) Restarting Tomcat Pl Please help me resolve this issue and please let me know if i missed any step. Chris: I didn't see the part where your built OpenSSL with FIPS. Did you do that? Geett: Steps followed to build FIPS tar zxf openssl-1.0.1l.tar.gz cd openssl-1.0.1l ./config --prefix=/usr/local --with-fipsdir=/usr/local/ssl/fips-2.0 make make install Note: I have installed the FIPS module in /usr/local/ssl/fips-2.0 Please suggest me to resolve the issue. Regards, Geett Chanddra Singha On Thu, Jan 29, 2015 at 8:59 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Geett, On 1/29/15 12:45 AM, Geett Chanddra Singha wrote: I'm getting the following error when enabling FIPS mode on Apache Tomcat: Jan 28, 2015 5:02:33 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent SEVERE: Failed to initialize the SSLEngine. java.lang.Exception: error:2D06C06E:FIPS routines:FIPS_mode_set:fingerprint does not match at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method) Looks like your fingerprint doesn't match. *Steps I followed to configure: * Added the following in server.xml Server port=8006 shutdown=SHUTDOWN !-- Comment these entries out to disable JMX MBeans support used for the administration web application -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on FIPSMode=on/ -- 1.)Installing tomcat apr: Download from http://apache.mirror.anlx.net/apr/apr-1.5.1.tar.gz What UNIX are you running? Are you sure you have to build this all yourself? tar zxvf apr-1.5.1.tar.gz rm apr-1.5.1.tar.gz cd apr-1.5.1 * sudo ./configure sudo make sudo make install Why did you build this as root? export LD_LIBRARY_PATH='$LD_LIBRARY_PATH:/usr/local/apr/lib' 2.)Installing tomcat tomcat-native: Download http://apache.bytenet.in/tomcat/tomcat-connectors/native/1.1.32/source/tomcat-native-1.1.32-src.tar.gz tar zxvf tomcat-native-1.1.32-src.tar.gz rm tomcat-native-1.1.32-src.tar.gz cd tomcat-native-1.1.32-src/jni/native JAVA_HOME=/usr/lib/jvm/JAVA_HOME sudo ./configure --with-apr=/usr/local/apr --with-java-home=$JAVA_HOME sudo make sudo make install 3.)Adding the following line CATALINA_OPTS=$CATALINA_OPTS -Djava.library.path=/usr/local/apr/lib 4.) Restarting Tomcat Pl Please help me resolve this issue and please let me know if i missed any step. I didn't see the part where your built OpenSSL with FIPS. Did you do that? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1
FIPS Mode enabling on Tomcat 7.00.057
*Hi all,* I'm getting the following error when enabling FIPS mode on Apache Tomcat: Jan 28, 2015 5:02:33 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent SEVERE: Failed to initialize the SSLEngine. java.lang.Exception: error:2D06C06E:FIPS routines:FIPS_mode_set:fingerprint does not match at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method) at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:329) at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:137) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99) at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at org.apache.catalina.startup.Catalina.load(Catalina.java:663) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454) Jan 28, 2015 5:02:33 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent SEVERE: Failed to enter FIPS mode java.lang.Error: Failed to enter FIPS mode at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:146) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99) at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at org.apache.catalina.startup.Catalina.load(Catalina.java:663) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454) *Steps I followed to configure: * Added the following in server.xml Server port=8006 shutdown=SHUTDOWN !-- Comment these entries out to disable JMX MBeans support used for the administration web application -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on FIPSMode=on/ -- 1.)Installing tomcat apr: Download from http://apache.mirror.anlx.net/apr/apr-1.5.1.tar.gz tar zxvf apr-1.5.1.tar.gz rm apr-1.5.1.tar.gz cd apr-1.5.1 * sudo ./configure sudo make sudo make install export LD_LIBRARY_PATH='$LD_LIBRARY_PATH:/usr/local/apr/lib' 2.)Installing tomcat tomcat-native: Download http://apache.bytenet.in/tomcat/tomcat-connectors/native/1.1.32/source/tomcat-native-1.1.32-src.tar.gz tar zxvf tomcat-native-1.1.32-src.tar.gz rm tomcat-native-1.1.32-src.tar.gz cd tomcat-native-1.1.32-src/jni/native JAVA_HOME=/usr/lib/jvm/JAVA_HOME sudo ./configure --with-apr=/usr/local/apr --with-java-home=$JAVA_HOME sudo make sudo make install 3.)Adding the following line CATALINA_OPTS=$CATALINA_OPTS -Djava.library.path=/usr/local/apr/lib 4.) Restarting Tomcat Pl PlPlease help me resolve this issue and please let me know if i missed any step. Regards, Geet Chandra Singha
Apache Tomcat 7.0.035 and IPv6 environment
Hi All, I have a web application hosted on Apache Tomcat Version 7.0.035. We are trying to make the web application run IPv6 environment. Environment Details Windows 2008 server machine, 64-bit OS Java version: JRE 1.7.x The home page of web application is not accessible using the IPv6 address. The connectivity to windows server machine goes though IPv6 address. Here is the Tomcat startup log details: Mar 28, 2013 10:21:47 AM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4 .6. Mar 28, 2013 10:21:47 AM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra ndom [true]. Mar 28, 2013 10:21:48 AM org.apache.catalina.core.AprLifecycleListener initializ eSSL INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012) Mar 28, 2013 10:21:49 AM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-apr-9080] Mar 28, 2013 10:21:49 AM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-apr-8009] Mar 28, 2013 10:21:49 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 3117 ms Mar 28, 2013 10:21:49 AM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina Mar 28, 2013 10:21:49 AM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.35 Mar 28, 2013 10:21:49 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Users\Administrator\Desktop\apache- tomcat-7.0.35\webapps\docs Mar 28, 2013 10:21:50 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Users\Administrator\Desktop\apache- tomcat-7.0.35\webapps\examples Mar 28, 2013 10:21:51 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Users\Administrator\Desktop\apache- tomcat-7.0.35\webapps\host-manager Mar 28, 2013 10:21:51 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Users\Administrator\Desktop\apache- tomcat-7.0.35\webapps\manager Mar 28, 2013 10:21:51 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Users\Administrator\Desktop\apache- tomcat-7.0.35\webapps\ROOT Mar 28, 2013 10:21:51 AM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-apr-9080] Mar 28, 2013 10:21:51 AM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-apr-8009] Mar 28, 2013 10:21:51 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 2536 ms Please help me to get solution for this. -- Thanks Regards Geett Chanddra Singha
Re: Apache Tomcat 7.0.035 and IPv6 environment
Thanks Konstantin Kolinko! It will be great help for me if you could provide steps to configure the same or documents, where in I could get configuration steps. On Thu, Mar 28, 2013 at 10:56 AM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2013/3/28 Geett Chanddra Singha gee...@gmail.com: Hi All, I have a web application hosted on Apache Tomcat Version 7.0.035. We are trying to make the web application run IPv6 environment. Environment Details Windows 2008 server machine, 64-bit OS Java version: JRE 1.7.x The home page of web application is not accessible using the IPv6 address. The connectivity to windows server machine goes though IPv6 address. Here is the Tomcat startup log details: Mar 28, 2013 10:21:47 AM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4 .6. APR connector cannot listen on both IPv4 and IPv6 addresses at the same time. You have to choose one (with address attribute). If you need both IPv4 and IPv6, configure 2 connectors. It has been discussed previously. Search the archives. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Thanks Regards Geett Chanddra Singha
Apache Tomcat 7.0.037 starting issue on Windows 2003 Server 64 bit machine
Hi, I am trying to register and start Apache Tomcat 7.0.37 service on my Windows 2003 Server 64 bit machine. I am able to register Tomcat as a service using the service.bat file, but when I try to start the service it gives the following error: Could not start the Apache Tomcat tomcat7 service on Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion. There is no error in Catalina Logs or any other log. I follow the same process on a Windows 2003 Server 32 bit machine and a Windows 2008 Server 32/64 bit machine. I am able to register as well as start the service. Environment: Apache Tomcat version 7.0.037 JRE Version : 7.0.x OS: Windows 2003 Server 64 bit Please help ! -- Thanks Regards Geett Chanddra Singha
Re: Issue in IPv6 evironment
Hi, - what version of Tomcat (x.y.z) you are using - *Tomcat Version 6.0.035* - under what version of Java - *Java version 1.6.033* * * - under what platform O.S. - *Windows and Linux* Regards, Geett On Wed, Mar 6, 2013 at 3:56 PM, André Warnier a...@ice-sa.com wrote: Geett Chanddra Singha wrote: Hi All, I would like to know is that is it ok to add this as shown below protocol=org.apache.coyote.**http11.Http11Protocol in Connector port=8080 maxHttpHeaderSize=8192 * maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / As there are certainly differences in the tag attributes between different versions of Tomcat, it would be a good idea to mention - what version of Tomcat (x.y.z) you are using - under what version of Java - under what platform O.S. This is by the way a good practice in general for *any* question to the list, as it usually saves time for everyone. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Thanks Regards Geett Chanddra Singha
Re: Issue in IPv6 evironment
Thanks Ognjen! 1. Did I understand correctly: - You are able to access your Tomcat server using HTTPS over IPv6. - If you do not add protocol attribute to your HTTP connector, you are unable to access Tomcat server using HTTP. - After you add protocol attribute everything works as expected. Right? What about IPv4? Do you use it? Is it similar situation when you use IPv4 (works only when you add protocol attribute)? Are you sure that IPv6 protocol is being used? Do you access your server using hostname or IP address? Your are right, the same change works for IPv4 environment (i.e. RHEL) 2. Your access to HTTP might be blocked due to: a. Wrong URL (you must use port 8080) b. Network/OS firewall (port 8080 is blocked) -- check with telnet server.example.com 8080, does it work? Repeat the same using IPv6 address, does it work? c. Tomcat not starting on port 8080 -- check log files for entry 'INFO: Initializing ProtocolHandler [http-bio-8080]', are there any errors? If log files look OK, and they have no errors, also check access log. Do you see entry for requested URL there? What does it look like? --- Since , the same change works for IPv4 environment (i.e. RHEL), we don't have issues mentioned. So I would like to know whether the change can be incorporated to server.xml, if not please let me know solution/workaround. Regards, Geett On Wed, Mar 6, 2013 at 4:42 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Geett, On 6.3.2013 11:37, Geett Chanddra Singha wrote: - what version of Tomcat (x.y.z) you are using - *Tomcat Version 6.0.035* - under what version of Java - *Java version 1.6.033* * * - under what platform O.S. - *Windows and Linux* 1. Did I understand correctly: - You are able to access your Tomcat server using HTTPS over IPv6. - If you do not add protocol attribute to your HTTP connector, you are unable to access Tomcat server using HTTP. - After you add protocol attribute everything works as expected. Right? What about IPv4? Do you use it? Is it similar situation when you use IPv4 (works only when you add protocol attribute)? Are you sure that IPv6 protocol is being used? Do you access your server using hostname or IP address? 2. Your access to HTTP might be blocked due to: a. Wrong URL (you must use port 8080) b. Network/OS firewall (port 8080 is blocked) -- check with telnet server.example.com 8080, does it work? Repeat the same using IPv6 address, does it work? c. Tomcat not starting on port 8080 -- check log files for entry 'INFO: Initializing ProtocolHandler [http-bio-8080]', are there any errors? If log files look OK, and they have no errors, also check access log. Do you see entry for requested URL there? What does it look like? -Ognjen --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Thanks Regards Geett Chanddra Singha
Re: Issue in IPv6 evironment
Thanks Ognjen! for your debugging tips. I shall provide you information. My apologies for not providing enough information to you. Next time I shall come up with more information :) On Thu, Mar 7, 2013 at 2:22 AM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Geett, On 6.3.2013 15:14, Geett Chanddra Singha wrote: Right? What about IPv4? Do you use it? Is it similar situation when you use IPv4 (works only when you add protocol attribute)? Are you sure that IPv6 protocol is being used? Do you access your server using hostname or IP address? --**--** --**--** Your are right, the same change works for IPv4 environment (i.e. RHEL) (Sigh) So many questions, so few answers. 2. Your access to HTTP might be blocked due to: a. Wrong URL (you must use port 8080) b. Network/OS firewall (port 8080 is blocked) -- check with telnet server.example.com 8080, does it work? Repeat the same using IPv6 address, does it work? c. Tomcat not starting on port 8080 -- check log files for entry 'INFO: Initializing ProtocolHandler [http-bio-8080]', are there any errors? If log files look OK, and they have no errors, also check access log. Do you see entry for requested URL there? What does it look like? --**--** --**--** --**--** --- Since , the same change works for IPv4 environment (i.e. RHEL), we don't have issues mentioned. So I would like to know whether the change can be incorporated to server.xml, if not please let me know solution/workaround. In order to try to find the solution for your problem, we must first diagnose what exactly is the problem, and why can't you access Tomcat when there is no protocol attribute specified in the connector. Adding attribute protocol=org.apache.coyote.**http11.Http11Protocol to HTTP connector would only make a difference if you have APR/native connector installed (perhaps faulty). Did you install it? That is why I would like to see your Tomcat startup logs WITH and WITHOUT protocol attribute. We are looking for something like this: Mar 01, 2013 01:02:03 AM org.apache.coyote.**AbstractProtocol start INFO: Starting ProtocolHandler [http-apr/bio-8080] Could you please provide log contents for both cases. -Ognjen --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Thanks Regards Geett Chanddra Singha
Re: Issue in IPv6 evironment
Chris, Thanks for letting me know, What I wanted to know is that is it ok to add this as shown below protocol=org.apache.coyote.http11.Http11Protocol in Connector port=8080 maxHttpHeaderSize=8192 * maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Regards::Geet On Wed, Mar 6, 2013 at 11:36 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Geett, On 3/5/13 10:45 PM, Geett Chanddra Singha wrote: Hi All, I am using Apache Tomcat version 6.0.035 for a web application, everything seems to be working fine when I access the application in HTTPS mode,however if I try to access in HTTP mode, I am not able launch home page of web application.As a workaround I made a small change as highlighted in red color in server.xml as given below: Connector port=8080 maxHttpHeaderSize=8192 * protocol=org.apache.coyote.http11.Http11Protocol* maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / So I would like to know is it ok add mentioned parameter to server.xml. Colors, etc. are stripped by the list. Please use text-only to indicate any diffs you want to show. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlE23OgACgkQ9CaO5/Lv0PCUgwCgj844bGdrVWNYm4OcOAxTW462 18AAn3rTkodHOIm7hKVcfvP/s2Jl9jTE =2CVm -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Thanks Regards Geett Chanddra Singha