RE: Tomcat SSL issue

2017-10-10 Thread John Ellis


John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com] 
Sent: Monday, October 9, 2017 4:49 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

On 10/9/2017 10:01 AM, John Ellis wrote:
>
> I posted questions about this a couple of weeks ago I think it was. I 
> have been trying to get Tomcat running on a secure port with a valid 
> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
> on port 9443 and I can go to that IP:port and get a Tomcat webpage but 
> when I go through all the steps using the keytool commands to submit a 
> certificate (we use Cacert.org) and try to plug that certificate into 
> the mix it doesn’t work. I still get an error message telling me that 
> I will have to create an exception to go to that IP address and port.
> Last Friday I even deleted the certificate and all the keystore file, 
> etc. and got the same exact error. So it appears that Tomcat is not 
> seeing the certificate at all since I get the same error about having 
> to add an exception whether or not I have a valid certificate in place 
> on the server.
>
> The lines we added to the server.xml file to get the secure port 
> working are-
>
> 
> maxThreads="150" scheme="https" secure="true"
>
> clientAuth="false" sslProtocol="TLS"
>
>
keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk
s"
>
>keystorePass="changeit" />
>
> John Ellis
>
>Terence I have tried putting my name in where it asks for the "first and
last name" part of filling out the certificate info but when I do that the
Cacert.org website says I have to authenticate the actual internal IP
address of this server and there is no way to do that that I know of.
Thanks, 

Hi, John-

Is it a browser that's displaying the error message and requesting that you
create an exception to continue?  If so, have you looked at the additional
information to determine what problems the browser has detected with the
certificate?

-Terence Bandoian
  http://www.tmbsw.com/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Tomcat SSL issue

2017-10-10 Thread John Ellis


John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com] 
Sent: Monday, October 9, 2017 4:49 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

On 10/9/2017 10:01 AM, John Ellis wrote:
>
> I posted questions about this a couple of weeks ago I think it was. I 
> have been trying to get Tomcat running on a secure port with a valid 
> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
> on port 9443 and I can go to that IP:port and get a Tomcat webpage but 
> when I go through all the steps using the keytool commands to submit a 
> certificate (we use Cacert.org) and try to plug that certificate into 
> the mix it doesn’t work. I still get an error message telling me that 
> I will have to create an exception to go to that IP address and port.
> Last Friday I even deleted the certificate and all the keystore file, 
> etc. and got the same exact error. So it appears that Tomcat is not 
> seeing the certificate at all since I get the same error about having 
> to add an exception whether or not I have a valid certificate in place 
> on the server.
>
> The lines we added to the server.xml file to get the secure port 
> working are-
>
> 
> maxThreads="150" scheme="https" secure="true"
>
> clientAuth="false" sslProtocol="TLS"
>
>
keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk
s"
>
>keystorePass="changeit" />
>
> John Ellis
>
>Thanks for the reply Terence. Yes I get the message about needing to create
a security exception when I first try to open the Tomcat webpage on the
secure port of 9443. I have deleted the certificate and supporting files off
of the server as I was going to start over with a new certificate. I believe
the error said something about not being able to verify the certificate. I
think the main issue is that this is just an internal server here in our
office running RHEL 6. It is not setup as a web server and it just has the
name of "cowboy" (given that name by my boss) so it is hard to figure out
what to call the "First and last name" part when I am creating the CSR to
send to Cacert.org. I can't just use the name "cowboy" as I don't have any
way to validate that. Have you ever run into situations like this? As I said
before I am not a programmer or developer or anything like that. My
background was in computer hardware for over 25 years until I took this
position after being laid off from what was formerly WebMD. We installed
systems in dr's offices, etc. Any light you could shed on this would be
great!
Thanks 

Hi, John-

Is it a browser that's displaying the error message and requesting that you
create an exception to continue?  If so, have you looked at the additional
information to determine what problems the browser has detected with the
certificate?

-Terence Bandoian
  http://www.tmbsw.com/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Tomcat SSL issue

2017-10-09 Thread John Ellis


John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Monday, October 9, 2017 12:33 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

On 09/10/17 16:01, John Ellis wrote:
> I posted questions about this a couple of weeks ago I think it was. I 
> have been trying to get Tomcat running on a secure port with a valid 
> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
> on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I 
> go through all the steps using the keytool commands to submit a 
> certificate (we use Cacert.org) and try to plug that certificate into 
> the mix it doesn’t work. I still get an error message telling me that 
> I will have to create an exception to go to that IP address and port. 
> Last Friday I even deleted the certificate and all the keystore file, 
> etc. and got the same exact error. So it appears that Tomcat is not 
> seeing the certificate at all since I get the same error about having 
> to add an exception whether or not I have a valid certificate in place on
the server.

If you get that error then Tomcat has the certificate but the client doesn't
trust it. You need to check if:

- Tomcat is supplying the full certificate chain
- If the client trusts the issuing CA

Mark

OK Mark can you explain to me why we get the same exact error condition with
no certificate in place at all as when we provide a certificate? 
I'm not arguing that just doesn't make any sense to me but as I said before
I am not a programmer or developer or anything like that.
Thanks,
John 

> 
> The lines we added to the server.xml file to get the secure port 
> working
> are-
> 
>  
> 
>  
>   maxThreads="150" scheme="https" secure="true"
> 
>   clientAuth="false" sslProtocol="TLS"
> 
>    
>
keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk
s"
> 
>     keystorePass="changeit" />
> 
>  
> 
> John Ellis
> 
>  
> 
> 405.285.2500 office
> 
>  
> 
> United States
> 
> bize-logo-rgb-original_Ryan_Revised_portal size
>  cid:image002.jpg@01CECFDA.65B42CD0
> 
>  
> 
> http://biz-e.io
> 
>  
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Tomcat SSL issue

2017-10-09 Thread John Ellis


John Ellis

405.285.2500 office




http://biz-e.io

-Original Message-
From: Jose María Zaragoza [mailto:demablo...@gmail.com] 
Sent: Monday, October 9, 2017 11:25 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

2017-10-09 17:01 GMT+02:00 John Ellis <john.el...@lsgsolutions.com>:

> I posted questions about this a couple of weeks ago I think it was. I 
> have been trying to get Tomcat running on a secure port with a valid 
> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
> on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I 
> go through all the steps using the keytool commands to submit a 
> certificate (we use Cacert.org) and try to plug that certificate into 
> the mix it doesn’t work. I still get an error message telling me that 
> I will have to create an exception to go to that IP address and port. 
> Last Friday I even deleted the certificate and all the keystore file, 
> etc. and got the same exact error. So it appears that Tomcat is not 
> seeing the certificate at all since I get the same error about having 
> to add an exception whether or not I have a valid certificate in place on the 
> server.
>
> The lines we added to the server.xml file to get the secure port 
> working
> are-
>
>
>
> 
>   maxThreads="150" scheme="https" secure="true"
>
>   clientAuth="false" sslProtocol="TLS"
>
> keystoreFile="/home/tomcat9.0.
> 0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks"
>
> keystorePass="changeit" />
>


Maybe you should use  element, do you ?

Read:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig

Each secure connector must define at least one *SSLHostConfig*


I thought that was only for version 9? However I believe we did try that and 
got the same result last week.




>
>
> John Ellis
>
>
>
> 405.285.2500 office
>
>
>
> [image: United States]
>
> [image: bize-logo-rgb-original_Ryan_Revised_portal size][image:
> cid:image002.jpg@01CECFDA.65B42CD0]
>
>
>
> http://biz-e.io
>
>
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Tomcat SSL issue

2017-10-09 Thread John Ellis
I posted questions about this a couple of weeks ago I think it was. I have
been trying to get Tomcat running on a secure port with a valid SSL
certificate. We finally got version 9.0.0.M20 setup successfully on port
9443 and I can go to that IP:port and get a Tomcat webpage but when I go
through all the steps using the keytool commands to submit a certificate (we
use Cacert.org) and try to plug that certificate into the mix it doesn't
work. I still get an error message telling me that I will have to create an
exception to go to that IP address and port. Last Friday I even deleted the
certificate and all the keystore file, etc. and got the same exact error. So
it appears that Tomcat is not seeing the certificate at all since I get the
same error about having to add an exception whether or not I have a valid
certificate in place on the server.

The lines we added to the server.xml file to get the secure port working
are-

 



 

John Ellis

 

405.285.2500 office

 





 

http://biz-e.io

 



RE: tomcat ssl setup

2017-09-28 Thread John Ellis


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Peter Kreuser [mailto:l...@kreuser.name] 
Sent: Wednesday, September 27, 2017 3:43 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis <john.el...@lsgsolutions.com>:
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis <john.el...@lsgsolutions.com>:
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> <https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl>
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> Re

RE: tomcat ssl setup

2017-09-28 Thread John Ellis


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Peter Kreuser [mailto:l...@kreuser.name] 
Sent: Wednesday, September 27, 2017 3:43 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis <john.el...@lsgsolutions.com>:
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis <john.el...@lsgsolutions.com>:
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> <https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl>
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
>

RE: tomcat ssl setup

2017-09-28 Thread John Ellis


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Peter Kreuser [mailto:l...@kreuser.name] 
Sent: Wednesday, September 27, 2017 3:43 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis <john.el...@lsgsolutions.com>:
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis <john.el...@lsgsolutions.com>:
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> <https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl>
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> 

RE: tomcat ssl setup

2017-09-27 Thread John Ellis


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: l...@kreuser.name [mailto:l...@kreuser.name] 
Sent: Tuesday, September 26, 2017 3:26 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

John,



> Am 26.09.2017 um 21:26 schrieb John Ellis <john.el...@lsgsolutions.com>:
> 
> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
> what Jira and/or Confluence would use so I did that and it worked fine on 
> http port of 8080. I then edited the server.xml file again for the SSL port 
> and got the same result as before; never gets to a webpage login using the 
> secure port of 8443 but I can still get the webpage on port 8080. When I look 
> at the Tomcat 8 Catalina log file I see several lines where it says- 
> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
> googling that error and found a couple of posts saying to change from JKS to 
> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
> for the algorithm. Can someone provide me with the proper keytool commands 
> that I need to use to create an SSL certificate for Tomcat?   
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 


We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride a 
dead horse, also SSL setup has changed quite a bit in 8.5/9.0.

So my setup is as follows:

server.xml:

 

 

  

https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
 
<https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl>

I use openssl to create the certs (as let’s encrypt for an official cert will 
generate the same structure) and then convert to JKS:

openssl genrsa -aes256 -out server.key 4096 -subj 
"/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
openssl req -new -key server.key -out server.csr -sha512  -subj 
"/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
#there is more to it to get SAN extensions, but that’s not necessary to get it 
running

openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
server.crt # you may need your own ca and a signing-process to make this work 
in all browsers

#Verify Server Cert
openssl x509 -in server.crt -text -noout

openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts -name 
tomcat keytool -list -v -keystore jssecacerts -storepass changeit


Hope this helps for a start.

Regards

Peter

Peter I have never seen entries in the "" part of the 
server.xml file. Does that have to be in there for SSL to work in Tomcat?












-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-26 Thread John Ellis
Mark I don't see where you wrote anything in this reply?

John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Tuesday, September 26, 2017 5:49 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: tomcat ssl setup

On 26 September 2017 20:26:58 BST, John Ellis <john.el...@lsgsolutions.com> 
wrote:
>Yesterday my boss suggested setting up Tomcat vers. 8 as he thought 
>this is what Jira and/or Confluence would use so I did that and it 
>worked fine on http port of 8080. I then edited the server.xml file 
>again for the SSL port and got the same result as before; never gets to 
>a webpage login using the secure port of 8443 but I can still get the 
>webpage on port 8080. When I look at the Tomcat 8 Catalina log file I 
>see several lines where it says- "java.security.KeyStoreException:
>Cannot store non-PrivateKeys". I have been googling that error and 
>found a couple of posts saying to change from JKS to JCEKS but when I 
>ran the commands I didn't have JKS in the command; only RSA for the 
>algorithm. Can someone provide me with the proper keytool commands that
>I need to use to create an SSL certificate for Tomcat?   
>
>John Ellis
>
>405.285.2500 office
>
>
>
>
>http://biz-e.io
>
>-Original Message-
>From: Mark Thomas [mailto:ma...@apache.org]
>Sent: Friday, September 22, 2017 2:20 PM
>To: Tomcat Users List <users@tomcat.apache.org>
>Subject: Re: tomcat ssl setup
>
>On 22/09/17 16:44, John Ellis wrote:
>> I have installed Tomcat 9.0.0.M27 on this test server but I still get
>the same result; when I try to connect to Tomcat on the secure port of
>8443 it just sits there and has a spinner up at the top of the browser 
>window but if I try to connect to it back on the non-secure port of
>8080 it works fine. Here is a Dropbox link to the server.xml file that 
>I edited-
>> 
>> https://www.dropbox.com/s/rdjjjxn6lzrucs0/server.xml?dl=0
>> 
>> Here is a Dropbox link to the Catalina log file-
>> 
>>
>https://www.dropbox.com/s/c0x8svk4neqp5xo/catalina.2017-09-22.log?dl=0
>> 
>> Thanks,
>> 
>> John Ellis
>
>How did you generate the key and certificate files?
>
>Mark
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org

https://youtu.be/I6TbMqH9WFg

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-26 Thread John Ellis
Yes I have run into that. I'm using an xml editor to check my work.

John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: l...@kreuser.name [mailto:l...@kreuser.name] 
Sent: Tuesday, September 26, 2017 3:32 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

G, I hate formatting in Mails...

Beware of “ when copying source code!

> Am 26.09.2017 um 22:25 schrieb l...@kreuser.name:
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis <john.el...@lsgsolutions.com>:
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
   defaultSSLHostConfigName=“localhost” > 
> 
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-sign
> ed-certificate-with-openssl 
> <https://stackoverflow.com/questions/10175812/how-to-create-a-self-sig
> ned-certificate-with-openssl>
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary 
> to get it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key 
> -out server.crt # you may need your own ca and a signing-process to 
> make this work in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out 
> jssecacerts -name tomcat keytool -list -v -keystore jssecacerts 
> -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> Regards
> 
> Peter
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-26 Thread John Ellis
Yes version 8.5 is what I downloaded & tried but I had already tried both 
versions (M26 and M27) of 9.0.0. I think this is just something that I am 
overlooking here; I am not a programmer and have just had to learn all of this 
to work with Jira and Confluence, that we use here in our office. I will try 
this tomorrow.
Thanks so much for the info! 

John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: l...@kreuser.name [mailto:l...@kreuser.name] 
Sent: Tuesday, September 26, 2017 3:26 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

John,



> Am 26.09.2017 um 21:26 schrieb John Ellis <john.el...@lsgsolutions.com>:
> 
> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
> what Jira and/or Confluence would use so I did that and it worked fine on 
> http port of 8080. I then edited the server.xml file again for the SSL port 
> and got the same result as before; never gets to a webpage login using the 
> secure port of 8443 but I can still get the webpage on port 8080. When I look 
> at the Tomcat 8 Catalina log file I see several lines where it says- 
> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
> googling that error and found a couple of posts saying to change from JKS to 
> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
> for the algorithm. Can someone provide me with the proper keytool commands 
> that I need to use to create an SSL certificate for Tomcat?   
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 


We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride a 
dead horse, also SSL setup has changed quite a bit in 8.5/9.0.

So my setup is as follows:

server.xml:

 

 

  

https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
 
<https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl>

I use openssl to create the certs (as let’s encrypt for an official cert will 
generate the same structure) and then convert to JKS:

openssl genrsa -aes256 -out server.key 4096 -subj 
"/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
openssl req -new -key server.key -out server.csr -sha512  -subj 
"/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
#there is more to it to get SAN extensions, but that’s not necessary to get it 
running

openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
server.crt # you may need your own ca and a signing-process to make this work 
in all browsers

#Verify Server Cert
openssl x509 -in server.crt -text -noout

openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts -name 
tomcat keytool -list -v -keystore jssecacerts -storepass changeit


Hope this helps for a start.

Regards

Peter












-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-26 Thread John Ellis
Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
what Jira and/or Confluence would use so I did that and it worked fine on http 
port of 8080. I then edited the server.xml file again for the SSL port and got 
the same result as before; never gets to a webpage login using the secure port 
of 8443 but I can still get the webpage on port 8080. When I look at the Tomcat 
8 Catalina log file I see several lines where it says- 
"java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
googling that error and found a couple of posts saying to change from JKS to 
JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
for the algorithm. Can someone provide me with the proper keytool commands that 
I need to use to create an SSL certificate for Tomcat?   

John Ellis

405.285.2500 office




http://biz-e.io

-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Friday, September 22, 2017 2:20 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

On 22/09/17 16:44, John Ellis wrote:
> I have installed Tomcat 9.0.0.M27 on this test server but I still get the 
> same result; when I try to connect to Tomcat on the secure port of 8443 it 
> just sits there and has a spinner up at the top of the browser window but if 
> I try to connect to it back on the non-secure port of 8080 it works fine. 
> Here is a Dropbox link to the server.xml file that I edited-
> 
> https://www.dropbox.com/s/rdjjjxn6lzrucs0/server.xml?dl=0
> 
> Here is a Dropbox link to the Catalina log file-
> 
> https://www.dropbox.com/s/c0x8svk4neqp5xo/catalina.2017-09-22.log?dl=0
> 
> Thanks,
> 
> John Ellis

How did you generate the key and certificate files?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-25 Thread John Ellis
Ok please disregard my last question re using keytool. I DID use it on the 
server we are trying to get the ssl certificate to work on. It's just that it 
was awhile back and I wasn't seeing the commands when I went by through the 
command history.
My Bad 

John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Friday, September 22, 2017 2:20 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

On 22/09/17 16:44, John Ellis wrote:
> I have installed Tomcat 9.0.0.M27 on this test server but I still get the 
> same result; when I try to connect to Tomcat on the secure port of 8443 it 
> just sits there and has a spinner up at the top of the browser window but if 
> I try to connect to it back on the non-secure port of 8080 it works fine. 
> Here is a Dropbox link to the server.xml file that I edited-
> 
> https://www.dropbox.com/s/rdjjjxn6lzrucs0/server.xml?dl=0
> 
> Here is a Dropbox link to the Catalina log file-
> 
> https://www.dropbox.com/s/c0x8svk4neqp5xo/catalina.2017-09-22.log?dl=0
> 
> Thanks,
> 
> John Ellis

How did you generate the key and certificate files?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-25 Thread John Ellis
I have another question. In visiting with my boss just now he brought up this 
question. Do we have to run something like the keytool command and go through 
all of those steps to get a certificate just in order to try to connect to 
Tomcat on a secure port, like 8443? I thought we could connect try to connect 
to it 1st and THEN setup the certificate. Maybe I missed this. As I said in the 
past when I first started posting my questions for the SSL issue I am not a 
programmer; my background is in computer hardware. I have only learned what I 
know about Jira and Confluence from OJT here with this position, in the last 
few years.   

John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Friday, September 22, 2017 2:20 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

On 22/09/17 16:44, John Ellis wrote:
> I have installed Tomcat 9.0.0.M27 on this test server but I still get the 
> same result; when I try to connect to Tomcat on the secure port of 8443 it 
> just sits there and has a spinner up at the top of the browser window but if 
> I try to connect to it back on the non-secure port of 8080 it works fine. 
> Here is a Dropbox link to the server.xml file that I edited-
> 
> https://www.dropbox.com/s/rdjjjxn6lzrucs0/server.xml?dl=0
> 
> Here is a Dropbox link to the Catalina log file-
> 
> https://www.dropbox.com/s/c0x8svk4neqp5xo/catalina.2017-09-22.log?dl=0
> 
> Thanks,
> 
> John Ellis

How did you generate the key and certificate files?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-25 Thread John Ellis
Mark although I am not finding it now I'm pretty sure that I sent out a reply 
to this last week saying I am getting the same exact result with ver. M27 as I 
was with M26; can't get a webpage login when I try the secure port of 8443. It 
just churns on the screen but never connects. However if I plug in the 
non-secure port of 8080 it goes to the 9.0.0.M27 webpage immediately. 
Also my boss suggested that I try using "Let's Encrypt so I tried that on 
Friday. It instructed me to run several updates first but when I tried to run 
the actual command of-
./certbot-auto --apache I got a messages below-
 
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/__init__.py:26:
 DeprecationWarning: Python 2.6 is no longer supported by the Python core team, 
please upgrade your Python. A future version of cryptography will drop support 
for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apache2ctl in PATH: 
/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin:/usr/bin:/root/bin
The apache plugin is not working; there may be problems with your existing 
configuration.
The error was: NoInstallationError('Cannot find Apache control command 
apache2ctl',)

I went to the cert.bot website and it suggested running the command 
./certbot-auto --apache certonly but it gave the same error.

John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Friday, September 22, 2017 9:17 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

On 22/09/17 15:05, John Ellis wrote:
> Andre I saw where you asked Mark Thomas, on another thread, if the 
> issue on that thread might be causing the SSL issue that I am having. 
> On the server that I have been using for the testing of Tomcat 9 
> version 8 was already installed on it. It's just that my boss said to 
> download, install and work with version 9. I wonder if it might work on with 
> version 8?

Try with 9.0.0.M27. You'll need to follow the browse link on the download page 
and then up a directory to find it. (It has been released but CVE-2017-12617 
happened and we decided not to announce it as the next 9.0.x release will be 
following shortly.)

Note there is still a regression in the keystore handling but it affects fewer 
configurations (just FIPS as far as I know).

Mark


> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
> Sent: Thursday, September 21, 2017 4:40 PM
> To: users@tomcat.apache.org
> Subject: Re: tomcat ssl setup
> 
> Hi.
> 
> I just downloaded tomcat 9 myself (the windows zip version, but it 
> should be the same), to look at the standard server.xml.
> 
> There is something which does not quite fit in all of this.
> I can also not see, in the snippets of server.xml that you pasted, any 
> obvious XML errors or imbricated comments.
> Yet the logfile points to these lines..
> Somehow the logfile which you uploaded to drop-box, does not seem to 
> match the server.xml lines that you pasted here.
> 
> Ooooh, wait.
> I know why it did not fit.
> 
> After looking again, more carefully, at the logfile that you posted, I 
> see what was confusing : that logfile shows several starts and stops of 
> tomcat.
> It just accumulates. I was looking just at the beginning, the first 
> error that I found.
> You have for example this :
> 
> 08-Sep-2017 11:10:32.131 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["http-nio-8080"]
> 08-Sep-2017 11:10:32.136 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["ajp-nio-8009"]
> 08-Sep-2017 11:10:32.137 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 18916 ms
> 
> Just before the error message that I was mentioning, which was :
> 08-Sep-2017 11:31:21.952 SEVERE [main] 
> org.apache.tomcat.util.digester.Digester.fatalError
> Parse Fatal Error at line 87 column 6: The content of elements must 
> consist of well-formed character data or markup.
>   org.xml.sax.SAXParseException; systemId: 
> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; 
> lineNumber: 87;
> columnNumber: 
> 6; The content of elements must consist of well-formed character data 
> or markup.
> 
> But that was like 21 minutes later, after tomcat had been running for 
> 21 minutes.
> 
> Then after that there are a few more starts and stops, and a the 
> lastest attempt, the problem is different :
> 
> 08-Sep-2017 15:24:35.920 INFO [main] 
> org.apa

RE: tomcat ssl setup

2017-09-22 Thread John Ellis
I used the keytool command, then submitted the CSR to the cacert.org site, then 
put root and main certificates in place and referenced them in the server.xml 
file.

John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Friday, September 22, 2017 2:20 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

On 22/09/17 16:44, John Ellis wrote:
> I have installed Tomcat 9.0.0.M27 on this test server but I still get the 
> same result; when I try to connect to Tomcat on the secure port of 8443 it 
> just sits there and has a spinner up at the top of the browser window but if 
> I try to connect to it back on the non-secure port of 8080 it works fine. 
> Here is a Dropbox link to the server.xml file that I edited-
> 
> https://www.dropbox.com/s/rdjjjxn6lzrucs0/server.xml?dl=0
> 
> Here is a Dropbox link to the Catalina log file-
> 
> https://www.dropbox.com/s/c0x8svk4neqp5xo/catalina.2017-09-22.log?dl=0
> 
> Thanks,
> 
> John Ellis

How did you generate the key and certificate files?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-22 Thread John Ellis
I have installed Tomcat 9.0.0.M27 on this test server but I still get the same 
result; when I try to connect to Tomcat on the secure port of 8443 it just sits 
there and has a spinner up at the top of the browser window but if I try to 
connect to it back on the non-secure port of 8080 it works fine. Here is a 
Dropbox link to the server.xml file that I edited-

https://www.dropbox.com/s/rdjjjxn6lzrucs0/server.xml?dl=0

Here is a Dropbox link to the Catalina log file-

https://www.dropbox.com/s/c0x8svk4neqp5xo/catalina.2017-09-22.log?dl=0

Thanks,

John Ellis

405.285.2500 office




http://biz-e.io

-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Friday, September 22, 2017 9:17 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

On 22/09/17 15:05, John Ellis wrote:
> Andre I saw where you asked Mark Thomas, on another thread, if the 
> issue on that thread might be causing the SSL issue that I am having. 
> On the server that I have been using for the testing of Tomcat 9 
> version 8 was already installed on it. It's just that my boss said to 
> download, install and work with version 9. I wonder if it might work on with 
> version 8?

Try with 9.0.0.M27. You'll need to follow the browse link on the download page 
and then up a directory to find it. (It has been released but CVE-2017-12617 
happened and we decided not to announce it as the next 9.0.x release will be 
following shortly.)

Note there is still a regression in the keystore handling but it affects fewer 
configurations (just FIPS as far as I know).

Mark


> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
> Sent: Thursday, September 21, 2017 4:40 PM
> To: users@tomcat.apache.org
> Subject: Re: tomcat ssl setup
> 
> Hi.
> 
> I just downloaded tomcat 9 myself (the windows zip version, but it 
> should be the same), to look at the standard server.xml.
> 
> There is something which does not quite fit in all of this.
> I can also not see, in the snippets of server.xml that you pasted, any 
> obvious XML errors or imbricated comments.
> Yet the logfile points to these lines..
> Somehow the logfile which you uploaded to drop-box, does not seem to 
> match the server.xml lines that you pasted here.
> 
> Ooooh, wait.
> I know why it did not fit.
> 
> After looking again, more carefully, at the logfile that you posted, I 
> see what was confusing : that logfile shows several starts and stops of 
> tomcat.
> It just accumulates. I was looking just at the beginning, the first 
> error that I found.
> You have for example this :
> 
> 08-Sep-2017 11:10:32.131 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["http-nio-8080"]
> 08-Sep-2017 11:10:32.136 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["ajp-nio-8009"]
> 08-Sep-2017 11:10:32.137 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 18916 ms
> 
> Just before the error message that I was mentioning, which was :
> 08-Sep-2017 11:31:21.952 SEVERE [main] 
> org.apache.tomcat.util.digester.Digester.fatalError
> Parse Fatal Error at line 87 column 6: The content of elements must 
> consist of well-formed character data or markup.
>   org.xml.sax.SAXParseException; systemId: 
> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; 
> lineNumber: 87;
> columnNumber: 
> 6; The content of elements must consist of well-formed character data 
> or markup.
> 
> But that was like 21 minutes later, after tomcat had been running for 
> 21 minutes.
> 
> Then after that there are a few more starts and stops, and a the 
> lastest attempt, the problem is different :
> 
> 08-Sep-2017 15:24:35.920 INFO [main] 
> org.apache.coyote.AbstractProtocol.init
> Initializing ProtocolHandler ["https-jsse-nio-8443"]
> 08-Sep-2017 15:24:36.300 SEVERE [main] 
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed 
> to initialize component [Connector[HTTP/1.1-8443]]
>   org.apache.catalina.LifecycleException: Protocol handler 
> initialization failed ...
> Caused by: java.lang.IllegalArgumentException:
> java.security.KeyStoreException: Cannot store non-PrivateKeys
>   at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(Abstr
> actJss
> eEndpoint.java:113)
> 
> 
> So, here is what happened :
> 
> - when you first started tomcat (timestamp 08-Sep-2017 10:05:02.807), 
> it started fine, ending in the line
> 08-Sep-2017 10:05:03.371 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 48

RE: tomcat ssl setup

2017-09-22 Thread John Ellis
OK I will try to find, download and try that version.
Thanks!

John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Friday, September 22, 2017 9:17 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat ssl setup

On 22/09/17 15:05, John Ellis wrote:
> Andre I saw where you asked Mark Thomas, on another thread, if the 
> issue on that thread might be causing the SSL issue that I am having. 
> On the server that I have been using for the testing of Tomcat 9 
> version 8 was already installed on it. It's just that my boss said to 
> download, install and work with version 9. I wonder if it might work on with 
> version 8?

Try with 9.0.0.M27. You'll need to follow the browse link on the download page 
and then up a directory to find it. (It has been released but CVE-2017-12617 
happened and we decided not to announce it as the next 9.0.x release will be 
following shortly.)

Note there is still a regression in the keystore handling but it affects fewer 
configurations (just FIPS as far as I know).

Mark


> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
> Sent: Thursday, September 21, 2017 4:40 PM
> To: users@tomcat.apache.org
> Subject: Re: tomcat ssl setup
> 
> Hi.
> 
> I just downloaded tomcat 9 myself (the windows zip version, but it 
> should be the same), to look at the standard server.xml.
> 
> There is something which does not quite fit in all of this.
> I can also not see, in the snippets of server.xml that you pasted, any 
> obvious XML errors or imbricated comments.
> Yet the logfile points to these lines..
> Somehow the logfile which you uploaded to drop-box, does not seem to 
> match the server.xml lines that you pasted here.
> 
> Ooooh, wait.
> I know why it did not fit.
> 
> After looking again, more carefully, at the logfile that you posted, I 
> see what was confusing : that logfile shows several starts and stops of 
> tomcat.
> It just accumulates. I was looking just at the beginning, the first 
> error that I found.
> You have for example this :
> 
> 08-Sep-2017 11:10:32.131 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["http-nio-8080"]
> 08-Sep-2017 11:10:32.136 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["ajp-nio-8009"]
> 08-Sep-2017 11:10:32.137 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 18916 ms
> 
> Just before the error message that I was mentioning, which was :
> 08-Sep-2017 11:31:21.952 SEVERE [main] 
> org.apache.tomcat.util.digester.Digester.fatalError
> Parse Fatal Error at line 87 column 6: The content of elements must 
> consist of well-formed character data or markup.
>   org.xml.sax.SAXParseException; systemId: 
> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; 
> lineNumber: 87;
> columnNumber: 
> 6; The content of elements must consist of well-formed character data 
> or markup.
> 
> But that was like 21 minutes later, after tomcat had been running for 
> 21 minutes.
> 
> Then after that there are a few more starts and stops, and a the 
> lastest attempt, the problem is different :
> 
> 08-Sep-2017 15:24:35.920 INFO [main] 
> org.apache.coyote.AbstractProtocol.init
> Initializing ProtocolHandler ["https-jsse-nio-8443"]
> 08-Sep-2017 15:24:36.300 SEVERE [main] 
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed 
> to initialize component [Connector[HTTP/1.1-8443]]
>   org.apache.catalina.LifecycleException: Protocol handler 
> initialization failed ...
> Caused by: java.lang.IllegalArgumentException:
> java.security.KeyStoreException: Cannot store non-PrivateKeys
>   at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(Abstr
> actJss
> eEndpoint.java:113)
> 
> 
> So, here is what happened :
> 
> - when you first started tomcat (timestamp 08-Sep-2017 10:05:02.807), 
> it started fine, ending in the line
> 08-Sep-2017 10:05:03.371 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 482 ms
> 
> but then, you did not have the connector for port 8443 enabled yet.
> 
> - then you stopped tomcat, and you started it again at
> 08-Sep-2017 11:10:13.141 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log 
> Server version:Apache Tomcat/9.0.0.M26
> 
> - and then you had this :
> 08-Sep-2017 11:31:21.952 SEVERE [main] 
> org.apache.tomcat.util.digester.Digester.fatalError
> Parse Fatal Error at line 87 column 6: The co

RE: tomcat ssl setup

2017-09-22 Thread John Ellis
Andre I saw where you asked Mark Thomas, on another thread, if the issue on
that thread might be causing the SSL issue that I am having. On the server
that I have been using for the testing of Tomcat 9 version 8 was already
installed on it. It's just that my boss said to download, install and work
with version 9. I wonder if it might work on with version 8?

John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Thursday, September 21, 2017 4:40 PM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

Hi.

I just downloaded tomcat 9 myself (the windows zip version, but it should be
the same), to look at the standard server.xml.

There is something which does not quite fit in all of this.
I can also not see, in the snippets of server.xml that you pasted, any
obvious XML errors or imbricated comments.
Yet the logfile points to these lines..
Somehow the logfile which you uploaded to drop-box, does not seem to match
the server.xml lines that you pasted here.

Ooooh, wait.
I know why it did not fit.

After looking again, more carefully, at the logfile that you posted, I see
what was confusing : that logfile shows several starts and stops of tomcat.
It just accumulates. I was looking just at the beginning, the first error
that I found.
You have for example this :

08-Sep-2017 11:10:32.131 INFO [main]
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["http-nio-8080"]
08-Sep-2017 11:10:32.136 INFO [main]
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["ajp-nio-8009"]
08-Sep-2017 11:10:32.137 INFO [main]
org.apache.catalina.startup.Catalina.start Server startup in 18916 ms

Just before the error message that I was mentioning, which was :
08-Sep-2017 11:31:21.952 SEVERE [main]
org.apache.tomcat.util.digester.Digester.fatalError
Parse Fatal Error at line 87 column 6: The content of elements must consist
of well-formed character data or markup.
  org.xml.sax.SAXParseException; systemId: 
file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber: 87;
columnNumber: 
6; The content of elements must consist of well-formed character data or
markup.

But that was like 21 minutes later, after tomcat had been running for 21
minutes.

Then after that there are a few more starts and stops, and a the lastest
attempt, the problem is different :

08-Sep-2017 15:24:35.920 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-jsse-nio-8443"]
08-Sep-2017 15:24:36.300 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector[HTTP/1.1-8443]]
  org.apache.catalina.LifecycleException: Protocol handler initialization
failed ...
Caused by: java.lang.IllegalArgumentException:
java.security.KeyStoreException: Cannot store non-PrivateKeys
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJss
eEndpoint.java:113)


So, here is what happened :

- when you first started tomcat (timestamp 08-Sep-2017 10:05:02.807), it
started fine, ending in the line
08-Sep-2017 10:05:03.371 INFO [main]
org.apache.catalina.startup.Catalina.start Server startup in 482 ms

but then, you did not have the connector for port 8443 enabled yet.

- then you stopped tomcat, and you started it again at
08-Sep-2017 11:10:13.141 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log 
Server version:Apache Tomcat/9.0.0.M26

- and then you had this :
08-Sep-2017 11:31:21.952 SEVERE [main]
org.apache.tomcat.util.digester.Digester.fatalError
Parse Fatal Error at line 87 column 6: The content of elements must consist
of well-formed character data or markup.

so my guess is that you modified the server.xml, while tomcat was still
running, and then you did a "shutdown.sh", to prepare to restart tomcat.

- And then there was that parse error.

And the reason is that the shutdown command, in fact starts another (small)
instance of tomcat, to issue the shutdown command to the running instance.
But that shutdown instance also reads server.xml, and at that time you /did/
have a syntax error in it. So that is where this syntax error came from.

Later you apparently corrected the syntax, and restarted tomcat :

08-Sep-2017 15:24:34.889 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log 
Server version:Apache Tomcat/9.0.0.M26

and this time, there was no syntax error anymore in server.xml, but then
there is this other problem :

08-Sep-2017 15:24:35.920 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-jsse-nio-8443"]
08-Sep-2017 15:24:36.300 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector[HTTP/1.1-8443]]
  org.apache.catalina.LifecycleException: Protocol handler initialization
failed ...
Caused by: java.lang.Illegal

RE: tomcat ssl setup

2017-09-21 Thread John Ellis
One more thing Andre. I don't know if it matters or not but when I try to
access Tomcat 9 on the secure port of 8443
 I see it saying down in the bottom left hand corner of my browser-
"Performing a TLS handshake to 10.22.8.70..." but it never 
gives the webpage. However once I change the IP address to 10.22.8.70:8080
it immediately goes to the Tomcat 9 webpage. 

John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Thursday, September 21, 2017 11:34 AM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

On 21.09.2017 17:17, John Ellis wrote:
> OK. As I said there is nothing on line 87 but here is line 114-
>
> SSLCertificateChainFile="/usr/java/jdk1.8.0_45/jre/bin/root.pem"

I think you need to provide a bit more context then.

Can you paste here, say, that same line, but with 10 lines before and 10
lines after, and tell at which line number this starts in server.xml (so
that we can compare with the log) ?

The error messages in the log were apparently about comments (between ), so if these lines are (or contain) comments, copy them anyway.


>
>
>
> John Ellis
>
> 405.285.2500 office
>
>
>
>
> http://biz-e.io
>
> -Original Message-
> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
> Sent: Thursday, September 21, 2017 10:15 AM
> To: users@tomcat.apache.org
> Subject: Re: tomcat ssl setup
>
>
>
> On 21.09.2017 16:43, John Ellis wrote:
>> Thanks so much for the quick reply Andre. There doesn't appear to be
>> anything on line 87 but there is on line 114. See the screenshot I
>> took of the server.xml file below-
>>
>
> Unfortunately, this list strips most attachments, and in fact asks for
> text-only messages.
> (and to avoid top-posting)
>
> See : http://tomcat.apache.org/lists.html#tomcat-users  --> Important
>
> Please paste the corresponding lines directly, as text, in your next
> message.
>
>
>> John Ellis
>>
>> 405.285.2500 office
>>
>> http://biz-e.io
>>
>> -Original Message-
>> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
>> Sent: Wednesday, September 20, 2017 10:41 AM
>> To: users@tomcat.apache.org
>> Subject: Re: tomcat ssl setup
>>
>> On 20.09.2017 17:07, John Ellis wrote:
>>
>>   > All of what I have done so far has been in Tomcat version 9, which
>> I
>>
>>   > downloaded from the Apache Tomcat website. The way I start tomcat
>> is
>>
>>   > by running the command ./startup.sh from within the
>>
>>   > apache-tomcat-9.0.0.M26/bin directory. I stop it by running the
>>
>>   > command ./shutdown.sh from the same directory.
>>
>>   >
>>
>> Ok, perfect. So there is only one tomcat9 we can be talking about, and
>> one server.xml file. And since this is a "standard tomcat", that
>> server.xml must be in .. let me look at the logfile again) ..
>>
>> 08-Sep-2017 10:05:02.911 INFO [main]
>>
>> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
>> application directory
>> [/home/tomcat9/apache-tomcat-9.0.0.M26/webapps/ROOT]
>>
>> so here : /home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml
>>
>> and considering this :
>>
>> 08-Sep-2017 11:31:21.952 SEVERE [main]
>> org.apache.tomcat.util.digester.Digester.fatalError
>>
>> Parse Fatal Error at line 87 column 6: The content of elements must
>> consist of well-formed character data or markup.
>>
>> org.xml.sax.SAXParseException; systemId:
>>
>> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber:
> 87; columnNumber:
>>
>> 6; The content of elements must consist of well-formed character data or
> markup.
>>
>> there is something on line 87, position 6, that he does not like.
>>
>> And further down also :
>>
>> 08-Sep-2017 13:17:36.947 SEVERE [main]
>> org.apache.tomcat.util.digester.Digester.fatalError
>>
>> Parse Fatal Error at line 114 column 6: The string "--" is not permitted
> within comments.
>>
>> org.xml.sax.SAXParseException; systemId:
>>
>> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber:
> 114; columnNumber:
>>
>> 6; The string "--" is not permitted within comments.
>>
>> but maybe this is not in the server.xml file itself, but in something
>> else that the server.xml references there (like an external "XML entity"
> or something).
>>
>> Why don't you get those 2 lines from your serve

RE: tomcat ssl setup

2017-09-21 Thread John Ellis
Andre I just realized that I forgot to do the same thing with line 114; here
are all the lines in the section that includes line 114- it starts at line
107 and ends at line 117.
Thanks again,

 

John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Thursday, September 21, 2017 11:34 AM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

On 21.09.2017 17:17, John Ellis wrote:
> OK. As I said there is nothing on line 87 but here is line 114-
>
> SSLCertificateChainFile="/usr/java/jdk1.8.0_45/jre/bin/root.pem"

I think you need to provide a bit more context then.

Can you paste here, say, that same line, but with 10 lines before and 10
lines after, and tell at which line number this starts in server.xml (so
that we can compare with the log) ?

The error messages in the log were apparently about comments (between ), so if these lines are (or contain) comments, copy them anyway.


>
>
>
> John Ellis
>
> 405.285.2500 office
>
>
>
>
> http://biz-e.io
>
> -Original Message-
> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
> Sent: Thursday, September 21, 2017 10:15 AM
> To: users@tomcat.apache.org
> Subject: Re: tomcat ssl setup
>
>
>
> On 21.09.2017 16:43, John Ellis wrote:
>> Thanks so much for the quick reply Andre. There doesn't appear to be
>> anything on line 87 but there is on line 114. See the screenshot I
>> took of the server.xml file below-
>>
>
> Unfortunately, this list strips most attachments, and in fact asks for
> text-only messages.
> (and to avoid top-posting)
>
> See : http://tomcat.apache.org/lists.html#tomcat-users  --> Important
>
> Please paste the corresponding lines directly, as text, in your next
> message.
>
>
>> John Ellis
>>
>> 405.285.2500 office
>>
>> http://biz-e.io
>>
>> -Original Message-
>> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
>> Sent: Wednesday, September 20, 2017 10:41 AM
>> To: users@tomcat.apache.org
>> Subject: Re: tomcat ssl setup
>>
>> On 20.09.2017 17:07, John Ellis wrote:
>>
>>   > All of what I have done so far has been in Tomcat version 9, which
>> I
>>
>>   > downloaded from the Apache Tomcat website. The way I start tomcat
>> is
>>
>>   > by running the command ./startup.sh from within the
>>
>>   > apache-tomcat-9.0.0.M26/bin directory. I stop it by running the
>>
>>   > command ./shutdown.sh from the same directory.
>>
>>   >
>>
>> Ok, perfect. So there is only one tomcat9 we can be talking about, and
>> one server.xml file. And since this is a "standard tomcat", that
>> server.xml must be in .. let me look at the logfile again) ..
>>
>> 08-Sep-2017 10:05:02.911 INFO [main]
>>
>> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
>> application directory
>> [/home/tomcat9/apache-tomcat-9.0.0.M26/webapps/ROOT]
>>
>> so here : /home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml
>>
>> and considering this :
>>
>> 08-Sep-2017 11:31:21.952 SEVERE [main]
>> org.apache.tomcat.util.digester.Digester.fatalError
>>
>> Parse Fatal Error at line 87 column 6: The content of elements must
>> consist of well-formed character data or markup.
>>
>> org.xml.sax.SAXParseException; systemId:
>>
>> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber:
> 87; columnNumber:
>>
>> 6; The content of elements must consist of well-formed character data or
> markup.
>>
>> there is something on line 87, position 6, that he does not like.
>>
>> And further down also :
>>
>> 08-Sep-2017 13:17:36.947 SEVERE [main]
>> org.apache.tomcat.util.digester.Digester.fatalError
>>
>> Parse Fatal Error at line 114 column 6: The string "--" is not permitted
> within comments.
>>
>> org.xml.sax.SAXParseException; systemId:
>>
>> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber:
> 114; columnNumber:
>>
>> 6; The string "--" is not permitted within comments.
>>
>> but maybe this is not in the server.xml file itself, but in something
>> else that the server.xml references there (like an external "XML entity"
> or something).
>>
>> Why don't you get those 2 lines from your server.xml and paste them here
:
>>
>> ...
>>
>>   > John Ellis
>>
>>   >
>>
>>   > 405.285.2500 office
>>
>>   >
>>
&g

RE: tomcat ssl setup

2017-09-21 Thread John Ellis
Sure this is starting with line number 73 thru line 101 so I could get the
entire sections-







John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Thursday, September 21, 2017 11:34 AM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

On 21.09.2017 17:17, John Ellis wrote:
> OK. As I said there is nothing on line 87 but here is line 114-
>
> SSLCertificateChainFile="/usr/java/jdk1.8.0_45/jre/bin/root.pem"

I think you need to provide a bit more context then.

Can you paste here, say, that same line, but with 10 lines before and 10
lines after, and tell at which line number this starts in server.xml (so
that we can compare with the log) ?

The error messages in the log were apparently about comments (between ), so if these lines are (or contain) comments, copy them anyway.


>
>
>
> John Ellis
>
> 405.285.2500 office
>
>
>
>
> http://biz-e.io
>
> -Original Message-
> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
> Sent: Thursday, September 21, 2017 10:15 AM
> To: users@tomcat.apache.org
> Subject: Re: tomcat ssl setup
>
>
>
> On 21.09.2017 16:43, John Ellis wrote:
>> Thanks so much for the quick reply Andre. There doesn't appear to be
>> anything on line 87 but there is on line 114. See the screenshot I
>> took of the server.xml file below-
>>
>
> Unfortunately, this list strips most attachments, and in fact asks for
> text-only messages.
> (and to avoid top-posting)
>
> See : http://tomcat.apache.org/lists.html#tomcat-users  --> Important
>
> Please paste the corresponding lines directly, as text, in your next
> message.
>
>
>> John Ellis
>>
>> 405.285.2500 office
>>
>> http://biz-e.io
>>
>> -Original Message-
>> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
>> Sent: Wednesday, September 20, 2017 10:41 AM
>> To: users@tomcat.apache.org
>> Subject: Re: tomcat ssl setup
>>
>> On 20.09.2017 17:07, John Ellis wrote:
>>
>>   > All of what I have done so far has been in Tomcat version 9, which
>> I
>>
>>   > downloaded from the Apache Tomcat website. The way I start tomcat
>> is
>>
>>   > by running the command ./startup.sh from within the
>>
>>   > apache-tomcat-9.0.0.M26/bin directory. I stop it by running the
>>
>>   > command ./shutdown.sh from the same directory.
>>
>>   >
>>
>> Ok, perfect. So there is only one tomcat9 we can be talking about, and
>> one server.xml file. And since this is a "standard tomcat", that
>> server.xml must be in .. let me look at the logfile again) ..
>>
>> 08-Sep-2017 10:05:02.911 INFO [main]
>>
>> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
>> application directory
>> [/home/tomcat9/apache-tomcat-9.0.0.M26/webapps/ROOT]
>>
>> so here : /home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml
>>
>> and considering this :
>>
>> 08-Sep-2017 11:31:21.952 SEVERE [main]
>> org.apache.tomcat.util.digester.Digester.fatalError
>>
>> Parse Fatal Error at line 87 column 6: The content of elements must
>> consist of well-formed character data or markup.
>>
>> org.xml.sax.SAXParseException; systemId:
>>
>> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber:
> 87; columnNumber:
>>
>> 6; The content of elements must consist of well-formed character data or
> markup.
>>
>> there is something on line 87, position 6, that he does not like.
>>
>> And further down also :
>>
>> 08-Sep-2017 13:17:36.947 SEVERE [main]
>> org.apache.tomcat.util.digester.Digester.fatalError
>>
>> Parse Fatal Error at line 114 column 6: The string "--" is not permitted
> within comments.
>>
>> org.xml.sax.SAXParseException; systemId:
>>
>> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber:
> 114; columnNumber:
>>
>> 6; The string "--" is not permitted within comments.
>>
>> but maybe this is not in the server.xml file itself, but in something
>> else that the server.xml references there (like an external "XML entity"
> or something).
>>
>> Why don't you get those 2 lines from your server.xml and paste them here
:
>>
>> ...
>>
>>   > John Ellis
>>
>>   >
>>
>>   > 405.285.2500 office
>>
>>   >
>>
>>   >
>>
>>   >
>>
>>   >
>>
>&g

RE: tomcat ssl setup

2017-09-21 Thread John Ellis
OK. As I said there is nothing on line 87 but here is line 114-

SSLCertificateChainFile="/usr/java/jdk1.8.0_45/jre/bin/root.pem"



John Ellis

405.285.2500 office


    

http://biz-e.io

-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Thursday, September 21, 2017 10:15 AM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup



On 21.09.2017 16:43, John Ellis wrote:
> Thanks so much for the quick reply Andre. There doesn't appear to be 
> anything on line 87 but there is on line 114. See the screenshot I 
> took of the server.xml file below-
>

Unfortunately, this list strips most attachments, and in fact asks for
text-only messages.
(and to avoid top-posting)

See : http://tomcat.apache.org/lists.html#tomcat-users  --> Important

Please paste the corresponding lines directly, as text, in your next
message.


> John Ellis
>
> 405.285.2500 office
>
> http://biz-e.io
>
> -Original Message-
> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
> Sent: Wednesday, September 20, 2017 10:41 AM
> To: users@tomcat.apache.org
> Subject: Re: tomcat ssl setup
>
> On 20.09.2017 17:07, John Ellis wrote:
>
>  > All of what I have done so far has been in Tomcat version 9, which 
> I
>
>  > downloaded from the Apache Tomcat website. The way I start tomcat 
> is
>
>  > by running the command ./startup.sh from within the
>
>  > apache-tomcat-9.0.0.M26/bin directory. I stop it by running the
>
>  > command ./shutdown.sh from the same directory.
>
>  >
>
> Ok, perfect. So there is only one tomcat9 we can be talking about, and 
> one server.xml file. And since this is a "standard tomcat", that 
> server.xml must be in .. let me look at the logfile again) ..
>
> 08-Sep-2017 10:05:02.911 INFO [main]
>
> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web 
> application directory 
> [/home/tomcat9/apache-tomcat-9.0.0.M26/webapps/ROOT]
>
> so here : /home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml
>
> and considering this :
>
> 08-Sep-2017 11:31:21.952 SEVERE [main] 
> org.apache.tomcat.util.digester.Digester.fatalError
>
> Parse Fatal Error at line 87 column 6: The content of elements must 
> consist of well-formed character data or markup.
>
>org.xml.sax.SAXParseException; systemId:
>
> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber:
87; columnNumber:
>
> 6; The content of elements must consist of well-formed character data or
markup.
>
> there is something on line 87, position 6, that he does not like.
>
> And further down also :
>
> 08-Sep-2017 13:17:36.947 SEVERE [main] 
> org.apache.tomcat.util.digester.Digester.fatalError
>
> Parse Fatal Error at line 114 column 6: The string "--" is not permitted
within comments.
>
>org.xml.sax.SAXParseException; systemId:
>
> file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber:
114; columnNumber:
>
> 6; The string "--" is not permitted within comments.
>
> but maybe this is not in the server.xml file itself, but in something 
> else that the server.xml references there (like an external "XML entity"
or something).
>
> Why don't you get those 2 lines from your server.xml and paste them here :
>
> ...
>
>  > John Ellis
>
>  >
>
>  > 405.285.2500 office
>
>  >
>
>  >
>
>  >
>
>  >
>
>  > http://biz-e.io
>
>  >
>
>  >
>
>  > -Original Message-
>
>  > From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
>
>  > Sent: Wednesday, September 20, 2017 10:02 AM
>
>  > To: users@tomcat.apache.org <mailto:users@tomcat.apache.org>
>
>  > Subject: Re: tomcat ssl setup
>
>  >
>
>  > On 20.09.2017 15:20, John Ellis wrote:
>
>  >> Andre can you tell me which log file you are saying tells where 
> the
>
>  >> problem is?
>
>  >
>
>  > That's the one you uploaded to the dropbox :
>
>  >   >>
>
>  > 
> https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl=0
>
>  >
>
>  > I have of course no idea at this point, which tomcat or which
>
>  > server.xml this was related to, but i suppose you do.
>
>  >
>
>  > I am not seeing it but I may not be even looking for the right thing.
>
>  > I
>
>  >> did open the server.xml file up in an XML file editor program and 
> it
>
>  >> didn't give any errors.
>
>  >
>
>  > Then it must be that this tomcat who wrote the logfile, is not 
> looking
>
>  > at the same server.xm

RE: tomcat ssl setup

2017-09-21 Thread John Ellis
Thanks so much for the quick reply Andre. There doesn't appear to be
anything on line 87 but there is on line 114. See the screenshot I took of
the server.xml file below-

 



 

John Ellis

 

405.285.2500 office

 

 



 

http://biz-e.io

 

 

-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Wednesday, September 20, 2017 10:41 AM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

 

On 20.09.2017 17:07, John Ellis wrote:

> All of what I have done so far has been in Tomcat version 9, which I 

> downloaded from the Apache Tomcat website. The way I start tomcat is 

> by running the command ./startup.sh from within the 

> apache-tomcat-9.0.0.M26/bin directory. I stop it by running the 

> command ./shutdown.sh from the same directory.

> 

 

Ok, perfect. So there is only one tomcat9 we can be talking about, and one
server.xml file. And since this is a "standard tomcat", that server.xml must
be in .. let me look at the logfile again) ..

 

08-Sep-2017 10:05:02.911 INFO [main]

org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [/home/tomcat9/apache-tomcat-9.0.0.M26/webapps/ROOT]

 

so here : /home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml

 

and considering this :

08-Sep-2017 11:31:21.952 SEVERE [main]
org.apache.tomcat.util.digester.Digester.fatalError

Parse Fatal Error at line 87 column 6: The content of elements must consist
of well-formed character data or markup.

  org.xml.sax.SAXParseException; systemId: 

file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber: 87;
columnNumber: 

6; The content of elements must consist of well-formed character data or
markup.

 

there is something on line 87, position 6, that he does not like.

 

And further down also :

08-Sep-2017 13:17:36.947 SEVERE [main]
org.apache.tomcat.util.digester.Digester.fatalError

Parse Fatal Error at line 114 column 6: The string "--" is not permitted
within comments.

  org.xml.sax.SAXParseException; systemId: 

file:/home/tomcat9/apache-tomcat-9.0.0.M26/conf/server.xml; lineNumber: 114;
columnNumber: 

6; The string "--" is not permitted within comments.

 

but maybe this is not in the server.xml file itself, but in something else
that the server.xml references there (like an external "XML entity" or
something).

 

Why don't you get those 2 lines from your server.xml and paste them here :

 

...

 

 

 

 

 

> John Ellis

> 

> 405.285.2500 office

> 

> 

> 

> 

>  <http://biz-e.io> http://biz-e.io

> 

> 

> -Original Message-

> From: André Warnier (tomcat) [ <mailto:a...@ice-sa.com>
mailto:a...@ice-sa.com]

> Sent: Wednesday, September 20, 2017 10:02 AM

> To:  <mailto:users@tomcat.apache.org> users@tomcat.apache.org

> Subject: Re: tomcat ssl setup

> 

> On 20.09.2017 15:20, John Ellis wrote:

>> Andre can you tell me which log file you are saying tells where the 

>> problem is?

> 

> That's the one you uploaded to the dropbox :

>   >> 

>  <https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl=0>
https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl=0

> 

> I have of course no idea at this point, which tomcat or which 

> server.xml this was related to, but i suppose you do.

> 

> I am not seeing it but I may not be even looking for the right thing. 

> I

>> did open the server.xml file up in an XML file editor program and it 

>> didn't give any errors.

> 

> Then it must be that this tomcat who wrote the logfile, is not looking 

> at the same server.xml file than the one you're looking at.

> (Or else your XML file editor is not really good)

> 

> How do you start this tomcat, on your server ?

> And where did you get this tomcat from ? Is it the one from the tomcat 

> website ?

> 

>> 

>> John Ellis

>> 

>> 405.285.2500 office

>> 

>> 

>> 

>> 

>>  <http://biz-e.io> http://biz-e.io

>> 

>> 

>> -Original Message-

>> From: André Warnier (tomcat) [ <mailto:a...@ice-sa.com>
mailto:a...@ice-sa.com]

>> Sent: Tuesday, September 19, 2017 3:47 PM

>> To:  <mailto:users@tomcat.apache.org> users@tomcat.apache.org

>> Subject: Re: tomcat ssl setup

>> 

>> On 19.09.2017 20:17, John Ellis wrote:

>>> Here are the tomcat 9 log file DropBox links-

>>> 

>>>  <https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl>
https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl

>>> =

>>> 0

>> 

>> Well, there you go. It tells you explicitly where you made the 

>> mistakes, up to the file and line  numbers

RE: tomcat ssl setup

2017-09-20 Thread John Ellis
All of what I have done so far has been in Tomcat version 9, which I
downloaded from the Apache Tomcat website. The way I start tomcat is by
running the command ./startup.sh from within the apache-tomcat-9.0.0.M26/bin
directory. I stop it by running the command ./shutdown.sh from the same
directory.

John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Wednesday, September 20, 2017 10:02 AM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

On 20.09.2017 15:20, John Ellis wrote:
> Andre can you tell me which log file you are saying tells where the 
> problem is?

That's the one you uploaded to the dropbox :
 >> https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl=0

I have of course no idea at this point, which tomcat or which server.xml
this was related to, but i suppose you do.

I am not seeing it but I may not be even looking for the right thing. I
> did open the server.xml file up in an XML file editor program and it 
> didn't give any errors.

Then it must be that this tomcat who wrote the logfile, is not looking at
the same server.xml file than the one you're looking at.
(Or else your XML file editor is not really good)

How do you start this tomcat, on your server ?
And where did you get this tomcat from ? Is it the one from the tomcat
website ?

>
> John Ellis
>
> 405.285.2500 office
>
>
>
>
> http://biz-e.io
>
>
> -Original Message-
> From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
> Sent: Tuesday, September 19, 2017 3:47 PM
> To: users@tomcat.apache.org
> Subject: Re: tomcat ssl setup
>
> On 19.09.2017 20:17, John Ellis wrote:
>> Here are the tomcat 9 log file DropBox links-
>>
>> https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl=
>> 0
>
> Well, there you go. It tells you explicitly where you made the 
> mistakes, up to the file and line  numbers.
> I can't see your server.xml, but I would bet that you have modified 
> it, by surrounding some XML comment sections by another comment pair 
>  That crashes because XML does not allow that.
> You cannot have this kind of thing :
>
>   -->
>
>
>>
>> https://www.dropbox.com/s/yj93ub9woxdoie0/localhost_access_log.2017-0
>> 9
>> -19.txt?dl=0
>>
>> Thanks,
>>
>> John Ellis
>>
>> 405.285.2500 office
>>
>> United States
>>
>> bize-logo-rgb-original_Ryan_Revised_portal
>> sizecid:image002.jpg@01CECFDA.65B42CD0
>>
>> http://biz-e.io
>>
>> *From:*Alejandro Vargas M. [mailto:alejandro.var...@kymsolutions.com]
>> *Sent:* Tuesday, September 19, 2017 11:10 AM
>> *To:* users@tomcat.apache.org
>> *Subject:* Re: tomcat ssl setup
>>
>> Do you see what's on the log files, they can tell you what's the 
>> problem in. Maybe you can share those files too.
>>
>> I also saw on line 117 this "|  -->|"  Looks like there's left over.
>>
>> On 09/19/2017 09:31 AM, John Ellis wrote:
>>
>>  I have been trying to setup SSL for tomcat 9.00.M26 on a RHEL 
>> (version
> 6.4) server for
>>  testing purposes. I downloaded & installed Tomcat9 fine and I 
>> get a
> proper webpage on
>>  port 8080 but when I used the keytool commands and created a
> certificate from
>>  cacert.org and then edited the server.xml file to setup the ssl
> configuration to run
>>  on port 8443 I cannot get a webpage on that port; it defaults 
>> back to
> port 8080. If I
>>  am not providing all the needed info or asking a wrong question 
>> please
> forgive me. I
>>  am not a programmer. My background is in computer hardware. I 
>> have
> just been forced to
>>  learn this to support two products that we use here in our 
>> office;
> Jira and
>>  Confluence. I have actually been working on setting them up for 
>> an SSL
> connection on a
>>  different server. I got Confluence working on a secure port but 
>> not
> Jira so my boss
>>  suggested troubleshooting the issue by trying to first get SSL 
>> setup
> for Tomcat on
>>  this other server.
>>
>>  I am providing a copy of the Tomcat9 server.sml file here on a 
>> DropBox
> link-
>>  https://www.dropbox.com/s/k3l07w9p4n81fas/server.xml?dl=0
>>
>>  Thanks in advance!
>>
>>  John Ellis
>>
>>  405.285.2500 office
>>
>>  United States
>>
>>  bize-logo-rgb-original_Ryan_Revised_portal
>> sizecid:image002.jpg@01CECFDA.65B42CD0
>>
>>  http://biz-e.io
>

RE: tomcat ssl setup

2017-09-20 Thread John Ellis
Andre can you tell me which log file you are saying tells where the problem
is? I am not seeing it but I may not be even looking for the right thing. I
did open the server.xml file up in an XML file editor program and it didn't
give any errors. 

John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Tuesday, September 19, 2017 3:47 PM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

On 19.09.2017 20:17, John Ellis wrote:
> Here are the tomcat 9 log file DropBox links-
>
> https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl=0

Well, there you go. It tells you explicitly where you made the mistakes, up
to the file and line  numbers.
I can't see your server.xml, but I would bet that you have modified it, by
surrounding some XML comment sections by another comment pair 
That crashes because XML does not allow that.
You cannot have this kind of thing :

  -->


>
> https://www.dropbox.com/s/yj93ub9woxdoie0/localhost_access_log.2017-09
> -19.txt?dl=0
>
> Thanks,
>
> John Ellis
>
> 405.285.2500 office
>
> United States
>
> bize-logo-rgb-original_Ryan_Revised_portal 
> sizecid:image002.jpg@01CECFDA.65B42CD0
>
> http://biz-e.io
>
> *From:*Alejandro Vargas M. [mailto:alejandro.var...@kymsolutions.com]
> *Sent:* Tuesday, September 19, 2017 11:10 AM
> *To:* users@tomcat.apache.org
> *Subject:* Re: tomcat ssl setup
>
> Do you see what's on the log files, they can tell you what's the 
> problem in. Maybe you can share those files too.
>
> I also saw on line 117 this "|  -->|"  Looks like there's left over.
>
> On 09/19/2017 09:31 AM, John Ellis wrote:
>
> I have been trying to setup SSL for tomcat 9.00.M26 on a RHEL (version
6.4) server for
> testing purposes. I downloaded & installed Tomcat9 fine and I get a
proper webpage on
> port 8080 but when I used the keytool commands and created a
certificate from
> cacert.org and then edited the server.xml file to setup the ssl
configuration to run
> on port 8443 I cannot get a webpage on that port; it defaults back to
port 8080. If I
> am not providing all the needed info or asking a wrong question please
forgive me. I
> am not a programmer. My background is in computer hardware. I have
just been forced to
> learn this to support two products that we use here in our office;
Jira and
> Confluence. I have actually been working on setting them up for an SSL
connection on a
> different server. I got Confluence working on a secure port but not
Jira so my boss
> suggested troubleshooting the issue by trying to first get SSL setup
for Tomcat on
> this other server.
>
> I am providing a copy of the Tomcat9 server.sml file here on a DropBox
link-
> https://www.dropbox.com/s/k3l07w9p4n81fas/server.xml?dl=0
>
> Thanks in advance!
>
> John Ellis
>
> 405.285.2500 office
>
> United States
>
> bize-logo-rgb-original_Ryan_Revised_portal 
> sizecid:image002.jpg@01CECFDA.65B42CD0
>
> http://biz-e.io
>
> --
>
>
>
> Alejandro Vargas Mayorga
> */Gerente Desarrollo C.A. & C./*
> *Tel. 506- 7232-3366*
> *Email:**alejandro.var...@kymsolutions.com* 
> <mailto:%20alejandro.var...@kymsolutions.com>*
> **www.kymsolutions.com* <http://www.kymsolutions.com/>* Visite nuestra 
> aula virtual! *
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-20 Thread John Ellis
The Dropbox link to the tomcat server.xml file is back in this email thread.

John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Tuesday, September 19, 2017 3:47 PM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

On 19.09.2017 20:17, John Ellis wrote:
> Here are the tomcat 9 log file DropBox links-
>
> https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl=0

Well, there you go. It tells you explicitly where you made the mistakes, up
to the file and line  numbers.
I can't see your server.xml, but I would bet that you have modified it, by
surrounding some XML comment sections by another comment pair 
That crashes because XML does not allow that.
You cannot have this kind of thing :

  -->


>
> https://www.dropbox.com/s/yj93ub9woxdoie0/localhost_access_log.2017-09
> -19.txt?dl=0
>
> Thanks,
>
> John Ellis
>
> 405.285.2500 office
>
> United States
>
> bize-logo-rgb-original_Ryan_Revised_portal 
> sizecid:image002.jpg@01CECFDA.65B42CD0
>
> http://biz-e.io
>
> *From:*Alejandro Vargas M. [mailto:alejandro.var...@kymsolutions.com]
> *Sent:* Tuesday, September 19, 2017 11:10 AM
> *To:* users@tomcat.apache.org
> *Subject:* Re: tomcat ssl setup
>
> Do you see what's on the log files, they can tell you what's the 
> problem in. Maybe you can share those files too.
>
> I also saw on line 117 this "|  -->|"  Looks like there's left over.
>
> On 09/19/2017 09:31 AM, John Ellis wrote:
>
> I have been trying to setup SSL for tomcat 9.00.M26 on a RHEL (version
6.4) server for
> testing purposes. I downloaded & installed Tomcat9 fine and I get a
proper webpage on
> port 8080 but when I used the keytool commands and created a
certificate from
> cacert.org and then edited the server.xml file to setup the ssl
configuration to run
> on port 8443 I cannot get a webpage on that port; it defaults back to
port 8080. If I
> am not providing all the needed info or asking a wrong question please
forgive me. I
> am not a programmer. My background is in computer hardware. I have
just been forced to
> learn this to support two products that we use here in our office;
Jira and
> Confluence. I have actually been working on setting them up for an SSL
connection on a
> different server. I got Confluence working on a secure port but not
Jira so my boss
> suggested troubleshooting the issue by trying to first get SSL setup
for Tomcat on
> this other server.
>
> I am providing a copy of the Tomcat9 server.sml file here on a DropBox
link-
> https://www.dropbox.com/s/k3l07w9p4n81fas/server.xml?dl=0
>
> Thanks in advance!
>
> John Ellis
>
> 405.285.2500 office
>
> United States
>
> bize-logo-rgb-original_Ryan_Revised_portal 
> sizecid:image002.jpg@01CECFDA.65B42CD0
>
> http://biz-e.io
>
> --
>
>
>
> Alejandro Vargas Mayorga
> */Gerente Desarrollo C.A. & C./*
> *Tel. 506- 7232-3366*
> *Email:**alejandro.var...@kymsolutions.com* 
> <mailto:%20alejandro.var...@kymsolutions.com>*
> **www.kymsolutions.com* <http://www.kymsolutions.com/>* Visite nuestra 
> aula virtual! *
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-19 Thread John Ellis
Andre at this point Alan, my boss, only has had me setup Tomcat 9 on this
server; not jira or confluence. He thought it might be easier to get the SSL
port working just on Tomcat first and then work with Jira and Confluence on
this server. 

John Ellis

405.285.2500 office


    

http://biz-e.io

-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Sent: Tuesday, September 19, 2017 10:57 AM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

On 19.09.2017 17:31, John Ellis wrote:
> I have been trying to setup SSL for tomcat 9.00.M26 on a RHEL (version 
> 6.4) server for testing purposes. I downloaded & installed Tomcat9 
> fine and I get a proper webpage on port
> 8080 but when I used the keytool commands and created a certificate 
> from cacert.org and then edited the server.xml file to setup the ssl 
> configuration to run on port 8443 I cannot get a webpage on that port; 
> it defaults back to port 8080. If I am not providing all the needed info
or asking a wrong question please forgive me. I am not a programmer.
> My background is in computer hardware. I have just been forced to 
> learn this to support two products that we use here in our office; 
> Jira and Confluence. I have actually been working on setting them up 
> for an SSL connection on a different server. I got Confluence working 
> on a secure port but not Jira so my boss suggested troubleshooting the
issue by trying to first get SSL setup for Tomcat on this other server.
>
> I am providing a copy of the Tomcat9 server.sml file here on a DropBox 
> link-
> https://www.dropbox.com/s/k3l07w9p4n81fas/server.xml?dl=0
>
> Thanks in advance!
>

Hi. No problem, and no need to apologise, we try to help everyone here. (Any
tomcat user, at least).
No matter what tomcat you are running or where you instlled it, it should be
writing logfiles somewhere, in which it should tell you at start, what may
be wrong. Have you found and looked at these files yet ?
Maybe something else : I am no expert, but I believe that by default, each
of Confluence and Jira sets up its own "private" tomcat server. Are you sure
that you are looking at the right one ?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat ssl setup

2017-09-19 Thread John Ellis
Here are the tomcat 9 log file DropBox links-

 

https://www.dropbox.com/s/hlcg3cycddteyaz/catalina.2017-09-08.log?dl=0

 

https://www.dropbox.com/s/yj93ub9woxdoie0/localhost_access_log.2017-09-19.tx
t?dl=0

 

Thanks,

 

John Ellis

 

405.285.2500 office

 





 

http://biz-e.io

 

From: Alejandro Vargas M. [mailto:alejandro.var...@kymsolutions.com] 
Sent: Tuesday, September 19, 2017 11:10 AM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

 

Do you see what's on the log files, they can tell you what's the problem in.
Maybe you can share those files too.

I also saw on line 117 this "  -->"  Looks like there's left over.

 

 

On 09/19/2017 09:31 AM, John Ellis wrote:

I have been trying to setup SSL for tomcat 9.00.M26 on a RHEL (version 6.4)
server for testing purposes. I downloaded & installed Tomcat9 fine and I get
a proper webpage on port 8080 but when I used the keytool commands and
created a certificate from cacert.org and then edited the server.xml file to
setup the ssl configuration to run on port 8443 I cannot get a webpage on
that port; it defaults back to port 8080. If I am not providing all the
needed info or asking a wrong question please forgive me. I am not a
programmer. My background is in computer hardware. I have just been forced
to learn this to support two products that we use here in our office; Jira
and Confluence. I have actually been working on setting them up for an SSL
connection on a different server. I got Confluence working on a secure port
but not Jira so my boss suggested troubleshooting the issue by trying to
first get SSL setup for Tomcat on this other server. 

I am providing a copy of the Tomcat9 server.sml file here on a DropBox link-
https://www.dropbox.com/s/k3l07w9p4n81fas/server.xml?dl=0

 

Thanks in advance!  

 

John Ellis

 

405.285.2500 office

 





 

http://biz-e.io

 

 

-- 







Alejandro Vargas Mayorga
Gerente Desarrollo C.A. & C.
Tel. 506- 7232-3366
Email: <mailto:%20alejandro.var...@kymsolutions.com>
alejandro.var...@kymsolutions.com
 <http://www.kymsolutions.com/> www.kymsolutions.com
Visite nuestra aula virtual! 



RE: tomcat ssl setup

2017-09-19 Thread John Ellis
Yes I will put the log files on DropBox as well when I get back from lunch.

Thanks,

 

John Ellis

 

405.285.2500 office

 





 

http://biz-e.io

 

From: Alejandro Vargas M. [mailto:alejandro.var...@kymsolutions.com] 
Sent: Tuesday, September 19, 2017 11:10 AM
To: users@tomcat.apache.org
Subject: Re: tomcat ssl setup

 

Do you see what's on the log files, they can tell you what's the problem in.
Maybe you can share those files too.

I also saw on line 117 this "  -->"  Looks like there's left over.

 

 

On 09/19/2017 09:31 AM, John Ellis wrote:

I have been trying to setup SSL for tomcat 9.00.M26 on a RHEL (version 6.4)
server for testing purposes. I downloaded & installed Tomcat9 fine and I get
a proper webpage on port 8080 but when I used the keytool commands and
created a certificate from cacert.org and then edited the server.xml file to
setup the ssl configuration to run on port 8443 I cannot get a webpage on
that port; it defaults back to port 8080. If I am not providing all the
needed info or asking a wrong question please forgive me. I am not a
programmer. My background is in computer hardware. I have just been forced
to learn this to support two products that we use here in our office; Jira
and Confluence. I have actually been working on setting them up for an SSL
connection on a different server. I got Confluence working on a secure port
but not Jira so my boss suggested troubleshooting the issue by trying to
first get SSL setup for Tomcat on this other server. 

I am providing a copy of the Tomcat9 server.sml file here on a DropBox link-
https://www.dropbox.com/s/k3l07w9p4n81fas/server.xml?dl=0

 

Thanks in advance!  

 

John Ellis

 

405.285.2500 office

 





 

http://biz-e.io

 

 

-- 







Alejandro Vargas Mayorga
Gerente Desarrollo C.A. & C.
Tel. 506- 7232-3366
Email: <mailto:%20alejandro.var...@kymsolutions.com>
alejandro.var...@kymsolutions.com
 <http://www.kymsolutions.com/> www.kymsolutions.com
Visite nuestra aula virtual! 



tomcat ssl setup

2017-09-19 Thread John Ellis
I have been trying to setup SSL for tomcat 9.00.M26 on a RHEL (version 6.4)
server for testing purposes. I downloaded & installed Tomcat9 fine and I get
a proper webpage on port 8080 but when I used the keytool commands and
created a certificate from cacert.org and then edited the server.xml file to
setup the ssl configuration to run on port 8443 I cannot get a webpage on
that port; it defaults back to port 8080. If I am not providing all the
needed info or asking a wrong question please forgive me. I am not a
programmer. My background is in computer hardware. I have just been forced
to learn this to support two products that we use here in our office; Jira
and Confluence. I have actually been working on setting them up for an SSL
connection on a different server. I got Confluence working on a secure port
but not Jira so my boss suggested troubleshooting the issue by trying to
first get SSL setup for Tomcat on this other server. 

I am providing a copy of the Tomcat9 server.sml file here on a DropBox link-
https://www.dropbox.com/s/k3l07w9p4n81fas/server.xml?dl=0

 

Thanks in advance!  

 

John Ellis

 

405.285.2500 office

 





 

http://biz-e.io