Tomcat 5 SSL keytool error: java.lang.Exception: Public key in reply and keystore don't match
I have a tomcat 5 web server setup on CentOS, I am currently working on installing a SSL cert but don't seem to be having any luck. I get the following error: keytool error: java.lang.Exception: Public key in reply and keystore don't match I have reissued the cert through Network Solutions and followed the following instructions to generate and install the cert. I have run out of my patience with them. Is there anything else that I may be missing? Thanks http://www.networksolutions.com/support/csr-for-java-based-webservers-su ch-as-tomcat-using-keytool/ http://www.networksolutions.com/support/installation-for-java-based-webs ervers-such-as-tomcat-using-keytool/ Miguel This email and any files transmitted with it are the confidential property of Focus Holdings, LLC and its subsidiaries, and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 5 SSL keytool error: java.lang.Exception: Public key in reply and keystore don't match
I have a tomcat 5 web server setup on CentOS, I am currently working on installing a SSL cert but don't seem to be having any luck. I get the following error: keytool error: java.lang.Exception: Public key in reply and keystore don't match I have reissued the cert through Network Solutions and followed the following instructions to generate and install the cert. I have run out of my patience with them. Is there anything else that I may be missing? Thanks http://www.networksolutions.com/support/csr-for-java-based-webservers-su ch-as-tomcat-using-keytool/ http://www.networksolutions.com/support/installation-for-java-based-webs ervers-such-as-tomcat-using-keytool/ Miguel This email and any files transmitted with it are the confidential property of Focus Holdings, LLC and its subsidiaries, and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache/Tomcat with SSL
I recently setup a SSL cert on our Apache/Tomcat server. When I load our page, I can see the lock in my browser with all the SSL info, but the page only loads as a the jsp script and not the full page. Is there some configuration setting that I have missed. I can provide snippets from the server.xml, httpd.conf, and ssl.conf. Thanks in advance. Miguel Ortiz Network Engineer x4818 wk: 954-331-4818 bbry: 954-649-1863 miguel.or...@macneillgroup.com This email and any files transmitted with it are the confidential property of Focus Holdings, LLC and its subsidiaries, and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
RE: Apache/Tomcat with SSL
Peter, I have checked the httpd logs. I didn't find anything that says why the page isn't loading. Here is a copy of the results for the various log files. I am running Apache/httpd 2.2.3 and Tomcat 5. Also, I have contacted our web developer to check the css and links for the page. Thanks again. [u...@localhost conf.d]# tail -f /var/log/httpd/ssl_error_log [Mon Sep 28 08:51:41 2009] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/lib/tomcat5/webapps/favicon.ico [Mon Sep 28 08:51:44 2009] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/lib/tomcat5/webapps/favicon.ico [Mon Sep 28 09:03:04 2009] [error] [client xxx.xxx.xxx.xxx] Directory index forbidden by Options directive: /var/lib/tomcat5/webapps/ [Mon Sep 28 09:17:32 2009] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/lib/tomcat5/webapps/favicon.ico [Mon Sep 28 09:17:35 2009] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/lib/tomcat5/webapps/favicon.ico [u...@localhost conf.d]# tail -f /var/log/httpd/ssl_access_log xxx.xxx.xxx.xxx - - [28/Sep/2009:08:51:41 -0400] GET /favicon.ico HTTP/1.1 404 296 xxx.xxx.xxx.xxx - - [28/Sep/2009:08:51:44 -0400] GET /favicon.ico HTTP/1.1 404 296 xxx.xxx.xxx.xxx - - [28/Sep/2009:09:03:04 -0400] GET / HTTP/1.1 403 5043 xxx.xxx.xxx.xxx - - [28/Sep/2009:09:03:04 -0400] GET /icons/apache_pb.gif HTTP/1.1 200 2326 xxx.xxx.xxx.xxx - - [28/Sep/2009:09:03:04 -0400] GET /icons/powered_by_rh.png HTTP/1.1 200 1213 xxx.xxx.xxx.xxx - - [28/Sep/2009:09:17:32 -0400] GET /focus/common/Index.jsp HTTP/1.1 200 12414 xxx.xxx.xxx.xxx - - [28/Sep/2009:09:17:32 -0400] GET /favicon.ico HTTP/1.1 404 296 xxx.xxx.xxx.xxx - - [28/Sep/2009:09:17:35 -0400] GET /favicon.ico HTTP/1.1 404 296 xxx.xxx.xxx.xxx - - [28/Sep/2009:09:49:45 -0400] GET /focus/common/Index.jsp HTTP/1.1 200 12414 xxx.xxx.xxx.xxx - - [28/Sep/2009:09:49:45 -0400] GET /favicon.ico HTTP/1.1 200 21630 [u...@localhost conf.d]# tail -f /var/log/httpd/error_log [Sun Sep 27 04:02:28 2009] [notice] Digest: generating secret for digest authentication ... [Sun Sep 27 04:02:28 2009] [notice] Digest: done [Sun Sep 27 04:02:28 2009] [notice] mod_python: Creating 4 session mutexes based on 150 max processes and 0 max threads. [Sun Sep 27 04:02:28 2009] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations Miguel Ortiz Network Engineer x4818 wk: 954-331-4818 bbry: 954-649-1863 miguel.or...@macneillgroup.com -Original Message- From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Sent: Monday, September 28, 2009 9:03 AM To: Tomcat Users List Subject: Re: Apache/Tomcat with SSL 2009/9/28 Miguel Ortiz miguel.or...@macneillgroup.com I recently setup a SSL cert on our Apache/Tomcat server. When I load our page, I can see the lock in my browser with all the SSL info, but the page only loads as a the jsp script and not the full page. Is there some configuration setting that I have missed. I can provide snippets from the server.xml, httpd.conf, and ssl.conf. Thanks in advance. Have you ensured that all the links to other content on your page (CSS, images etc) are appropriate for SSL access? Are they either relative links or starting with https://... when accessed over SSL? What's in the access logs for httpd (I assume from Apache/Tomcat that you're running httpd in front, though you don't say or give any version information)? What's in the access logs for Tomcat? Do they match, or are some requests being dropped? If you use some appropriate logging tool* from your browser to examine requests, what's happening? - Peter * Fiddler2's good for IE, Firebug works for Firefox, no idea for other browsers! No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.112/2390 - Release Date: 09/28/09 05:51:00 This email and any files transmitted with it are the confidential property of Focus Holdings, LLC and its subsidiaries, and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache/Tomcat with SSL
André, This server was configured by our web development contractors. I was only tasked with setting up the SSL. When I go to the specified URL, firefox throws a server not found. Miguel Ortiz Network Engineer x4818 wk: 954-331-4818 bbry: 954-649-1863 miguel.or...@macneillgroup.com -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, September 28, 2009 11:25 AM To: Tomcat Users List Subject: Re: Apache/Tomcat with SSL Miguel Ortiz wrote: ... [u...@localhost conf.d]# tail -f /var/log/httpd/ssl_error_log [Mon Sep 28 08:51:41 2009] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/lib/tomcat5/webapps/favicon.ico [Mon Sep 28 08:51:44 2009] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/lib/tomcat5/webapps/favicon.ico [Mon Sep 28 09:03:04 2009] [error] [client xxx.xxx.xxx.xxx] Directory index forbidden by Options directive: /var/lib/tomcat5/webapps/ Nothing to, I think, with your problem, but it would seem from the above that you have configured your Apache front-end with something like DocumentRoot /var/lib/tomcat5/webapps which, in principle, is not a good idea. What do you get in your browser when you request http://your-hostname/ROOT/WEB-INF/web.xml (or with https:// as the case may be) ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.112/2390 - Release Date: 09/28/09 05:51:00 This email and any files transmitted with it are the confidential property of Focus Holdings, LLC and its subsidiaries, and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache/Tomcat with SSL
Jorge, I have setup the SSL through Apache and Tomcat, if there is a different procedure for mod_ssl, I will try that as well. The site comes up fine when I access it without the https, however when I use the https, all I see is the jsp script. Miguel Ortiz Network Engineer x4818 wk: 954-331-4818 bbry: 954-649-1863 miguel.or...@macneillgroup.com -Original Message- From: Jorge Medina [mailto:jmed...@e-dialog.com] Sent: Monday, September 28, 2009 10:55 AM To: Tomcat Users List Subject: RE: Apache/Tomcat with SSL Also, in order to configure Apache with SSL you must have the module mod_ssl -Original Message- From: Jorge Medina [mailto:jmed...@e-dialog.com] Sent: Monday, September 28, 2009 10:40 AM To: Tomcat Users List Subject: RE: Apache/Tomcat with SSL Hola Miguel, did you set up SSL in Apache ? Or did you do it in Tomcat ? Or in both ? I am assuming that you want Apache to be the exposed server, therefore SSL must be configured in Apache. You must also have configured Apache to forward the requests to Tomcat by using the Apache modules mod_jk or mod_proxy -Jorge -Original Message- From: Miguel Ortiz [mailto:miguel.or...@macneillgroup.com] Sent: Monday, September 28, 2009 8:32 AM To: users@tomcat.apache.org Subject: Apache/Tomcat with SSL I recently setup a SSL cert on our Apache/Tomcat server. When I load our page, I can see the lock in my browser with all the SSL info, but the page only loads as a the jsp script and not the full page. Is there some configuration setting that I have missed. I can provide snippets from the server.xml, httpd.conf, and ssl.conf. Thanks in advance. Miguel Ortiz Network Engineer x4818 wk: 954-331-4818 bbry: 954-649-1863 miguel.or...@macneillgroup.com This email and any files transmitted with it are the confidential property of Focus Holdings, LLC and its subsidiaries, and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.112/2390 - Release Date: 09/28/09 05:51:00 This email and any files transmitted with it are the confidential property of Focus Holdings, LLC and its subsidiaries, and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache/Tomcat with SSL
André, That is what I did and it still came up with server not found. If you would like to verify. Our site is http://fun.macneillgroup.com. The site we are currently testing is http://fun.macneillgroup.com/focus/common/Index.jsp. This page works, however the https form doesn't seem to produce the desired results. Miguel Ortiz Network Engineer x4818 wk: 954-331-4818 bbry: 954-649-1863 miguel.or...@macneillgroup.com -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, September 28, 2009 3:02 PM To: Tomcat Users List Subject: Re: Apache/Tomcat with SSL Miguel Ortiz wrote: André, This server was configured by our web development contractors. I was only tasked with setting up the SSL. When I go to the specified URL, firefox throws a server not found. When I mentioned the URL http://your-hostname/ROOT/WEB-INF/web.xml I meant for you to replace the your-hostname part by your own host's name. :-) Also, basically I think that this discussion belongs more to the Apache user's list, than Tomcat's, because it seems that the SSL part is done at the Apache httpd level, not at Tomcat's level. It is also not easy to just add SSL to an Apache httpd, if this Apache httpd uses VirtualHosts. In the first responses to your first post, some very relevant questions were asked, which I don't think you have answered fully yet. It is difficult for someone to help you with the partial information you have supplied so far. Tell us : - on which platform (OS) this is running - how Apache httpd and Tomcat are connected together (using mod_jk, mod_proxy_ajp, or mod_proxy_http?) - is (was) your Apache httpd configured with multiple VirtualHost sections ? - can you append your main Apache httpd configuration file (httpd.conf or apache2.conf, depending on platform). Don't put it as an attachment, because chances are this list will strip it. Paste it right into your message. - what exactly did you add, and where, to add the SSL capability ? Miguel Ortiz Network Engineer x4818 wk: 954-331-4818 bbry: 954-649-1863 miguel.or...@macneillgroup.com -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, September 28, 2009 11:25 AM To: Tomcat Users List Subject: Re: Apache/Tomcat with SSL Miguel Ortiz wrote: ... [u...@localhost conf.d]# tail -f /var/log/httpd/ssl_error_log [Mon Sep 28 08:51:41 2009] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/lib/tomcat5/webapps/favicon.ico [Mon Sep 28 08:51:44 2009] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/lib/tomcat5/webapps/favicon.ico [Mon Sep 28 09:03:04 2009] [error] [client xxx.xxx.xxx.xxx] Directory index forbidden by Options directive: /var/lib/tomcat5/webapps/ Nothing to, I think, with your problem, but it would seem from the above that you have configured your Apache front-end with something like DocumentRoot /var/lib/tomcat5/webapps which, in principle, is not a good idea. What do you get in your browser when you request http://your-hostname/ROOT/WEB-INF/web.xml (or with https:// as the case may be) ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.112/2390 - Release Date: 09/28/09 05:51:00 This email and any files transmitted with it are the confidential property of Focus Holdings, LLC and its subsidiaries, and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.112/2390 - Release Date: 09/28/09 05:51:00 This email and any files transmitted with it are the confidential property of Focus Holdings, LLC and its subsidiaries, and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute
