RE: My web application to use SSL (JSSE - RSA)
We switched from JSSE to the APR and OpenSSL about 6 months. We converted all existing keys and certs to the format required by OpenSSL. It was not hard. Some people say it can't be done, but they're wrong. After 6 months with openSSL, I say it's easier to use than JSSE. We use not only server-side certs, we also require client certificate authentication and perform certificate revocation checking. -Original Message- From: users-return-225336-STEVEN.J.ADAMUS=saic@tomcat.apache.org [mailto:users-return-225336-STEVEN.J.ADAMUS=saic@tomcat.apache.org] On Behalf Of Pid Sent: Friday, June 10, 2011 1:37 PM To: Tomcat Users List Subject: Re: My web application to use SSL (JSSE - RSA) On 10/06/2011 21:29, Patrick Flaherty wrote: > Hi, > > Is APR/native Connector dramatically faster then Java Nio Blocking > Connector or is it marginal ? APR+SSL is a little faster, if I remember correctly, Chris? > I'd love faster SSL but all my keys and certs are java based (keytool). > Will APR ever support Java SSL ? No. > I find Java keytool to be reasonably easy to use. Is OpenSSL as easy > to use ? Yes. p > Thanks for any input. > > Pat > > On Jun 10, 2011, at 3:59 PM, Christopher Schultz wrote: > > Charles, > > On 6/10/2011 9:25 AM, Charles Van Damme wrote: >>>> 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener >>>> init >>>> INFO: The APR based Apache Tomcat Native library which allows >>>> optimal performance in production environments was not found on the >>>> java.library.path: [...] > > FWIW, that's just an INFO message, but if you are going to be using > SSL, you might want to go ahead and install the APR library: your > performance will improve measurably. Note that > configuration for an APR connector using SSL is completely different > if you choose to go this route. > > If you are not going to be using APR, you can disable the APR > lifecycle listener because you aren't using it. > >>>> java.security.NoSuchAlgorithmException: RSA SSLContext not >>>> available > > As Pid points out, it's pretty obvious that "RSA" is not a valid > algorithm in this situation: > >>>> at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) >>>> at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) >>>> at >>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext( >>>> JSSESocketFactory.java:490) >>>> > > So, it's an SSL configuration problem. Let's look at your SSL > : > >>>> >>>> >>> port="443" >>>>maxThreads="150" scheme="https" secure="true" >>>> SSLEnabled="true" >>>>keystoreFile="C:/Documents and Settings/Papa/.keystore" >>>> keystorePass="changeit" >>>>clientAuth="false" sslProtocol="RSA" /> > > SO, you have sslProtocol="RSA"... seems like a good place to look. If > you check the documentation, you can see that there are > only a few recognized protocols you can choose. > > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support > > Note that "protocol" refers to the protocol used for SSL, not for any > specific cipher, key exchange strategy, etc. Unfortunately, the Tomcat > documentation does not list all the available protocols, nor should it: > the protocols available to you are determined by JVM support. > > The Javadoc for javax.net.ssl.SSLContext.getInstance has a pointer to > documentation for "standard names" (which takes you through several > hops > to) here: > http://download.oracle.com/javase/6/docs/technotes/guides/security/Sta > ndardNames.html#SSLContext > > > Those are the valid ssl protocol names you can choose. > > If you want use only ciphers that use the RSA algorithm (which is > really limiting, IMO), you can look up their names here (after > scrolling a bit > downward): > > http://download.oracle.com/javase/6/docs/technotes/guides/security/Sta > ndardNames.html#jssenames > > > Just look for stuff like SSL_DH_DSS_blah_blah_blah. > > Of course, support for a certain algorithm might not be available in > your environment. It's best to find out what your JVM supports and use > that. > > I wrote a short bit of code a while back to determine the supported > algorithms and the default cipher suite for an SSLSocketFactory. I'll > try to dig it up and post it.
Re: My web application to use SSL (JSSE - RSA)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 6/10/2011 4:37 PM, Pid wrote: > On 10/06/2011 21:29, Patrick Flaherty wrote: >> Hi, >> >> Is APR/native Connector dramatically faster then Java Nio Blocking >> Connector or is it marginal ? > > APR+SSL is a little faster, if I remember correctly, Chris? I haven't benchmarked SSL configurations, only cleartext HTTP. Both the APR and NIO connectors were /way/ faster than the BIO connector with serving static content. >> I'd love faster SSL but all my keys and certs are java based (keytool). >> Will APR ever support Java SSL ? > > No. Converting certs between formats is pretty trivial. >> I find Java keytool to be reasonably easy to use. Is OpenSSL as easy to >> use ? > > Yes. You don't even have to use OpenSSL for anything directly. I like the APR/SSL configuration better because you don't have to muck-around with keytool, certificate stores, etc... you just have plain-old PEM files, just like Apache httpd uses (APR is httpd code, so there you go). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3yglMACgkQ9CaO5/Lv0PCRUgCfW0po4Z/BusvAOq9sQOV4QQ5n 4TMAoJeptHzms7bw8/IvQUcW7KURZxuc =XB/x -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
On 10/06/2011 21:29, Patrick Flaherty wrote: > Hi, > > Is APR/native Connector dramatically faster then Java Nio Blocking > Connector or is it marginal ? APR+SSL is a little faster, if I remember correctly, Chris? > I'd love faster SSL but all my keys and certs are java based (keytool). > Will APR ever support Java SSL ? No. > I find Java keytool to be reasonably easy to use. Is OpenSSL as easy to > use ? Yes. p > Thanks for any input. > > Pat > > On Jun 10, 2011, at 3:59 PM, Christopher Schultz wrote: > > Charles, > > On 6/10/2011 9:25 AM, Charles Van Damme wrote: 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [...] > > FWIW, that's just an INFO message, but if you are going to be using SSL, > you might want to go ahead and install the APR library: your performance > will improve measurably. Note that configuration for an APR > connector using SSL is completely different if you choose to go this > route. > > If you are not going to be using APR, you can disable the APR lifecycle > listener because you aren't using it. > java.security.NoSuchAlgorithmException: RSA SSLContext not available > > As Pid points out, it's pretty obvious that "RSA" is not a valid > algorithm in this situation: > at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:490) > > So, it's an SSL configuration problem. Let's look at your SSL > : > >>> port="443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:/Documents and Settings/Papa/.keystore" keystorePass="changeit" clientAuth="false" sslProtocol="RSA" /> > > SO, you have sslProtocol="RSA"... seems like a good place to look. If > you check the documentation, you can see that there are only > a few recognized protocols you can choose. > > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support > > Note that "protocol" refers to the protocol used for SSL, not for any > specific cipher, key exchange strategy, etc. Unfortunately, the Tomcat > documentation does not list all the available protocols, nor should it: > the protocols available to you are determined by JVM support. > > The Javadoc for javax.net.ssl.SSLContext.getInstance has a pointer to > documentation for "standard names" (which takes you through several hops > to) here: > http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext > > > Those are the valid ssl protocol names you can choose. > > If you want use only ciphers that use the RSA algorithm (which is really > limiting, IMO), you can look up their names here (after scrolling a bit > downward): > > http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames > > > Just look for stuff like SSL_DH_DSS_blah_blah_blah. > > Of course, support for a certain algorithm might not be available in > your environment. It's best to find out what your JVM supports and use > that. > > I wrote a short bit of code a while back to determine the supported > algorithms and the default cipher suite for an SSLSocketFactory. I'll > try to dig it up and post it. > > > If you aren't using AJP, then disable the extra connector. > Hoping you are not overwhelmed. Anything else ? > > You had other errors in the log file. After you get SSL working > properly, stop Tomcat, delete all your logs and re-launch it. Anything > that looks like an error should be investigated and fixed. > > Feel free to come back to the list for help on those additional issues: > just remember start a new thread if you do. > > -chris >> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org >> > Patrick Flaherty > Rampage Systems Inc. > 411 Waverley Oaks Rd. > Suite 138 > Waltham, MA. 02452-8405 > 781-891-9400 x239 > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: My web application to use SSL (JSSE - RSA)
Hi, Is APR/native Connector dramatically faster then Java Nio Blocking Connector or is it marginal ? I'd love faster SSL but all my keys and certs are java based (keytool). Will APR ever support Java SSL ? I find Java keytool to be reasonably easy to use. Is OpenSSL as easy to use ? Thanks for any input. Pat On Jun 10, 2011, at 3:59 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles, On 6/10/2011 9:25 AM, Charles Van Damme wrote: 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [...] FWIW, that's just an INFO message, but if you are going to be using SSL, you might want to go ahead and install the APR library: your performance will improve measurably. Note that configuration for an APR connector using SSL is completely different if you choose to go this route. If you are not going to be using APR, you can disable the APR lifecycle listener because you aren't using it. java.security.NoSuchAlgorithmException: RSA SSLContext not available As Pid points out, it's pretty obvious that "RSA" is not a valid algorithm in this situation: at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext (JSSESocketFactory.java:490) So, it's an SSL configuration problem. Let's look at your SSL : keystoreFile="C:/Documents and Settings/ Papa/.keystore" keystorePass="changeit" clientAuth="false" sslProtocol="RSA" /> SO, you have sslProtocol="RSA"... seems like a good place to look. If you check the documentation, you can see that there are only a few recognized protocols you can choose. http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support Note that "protocol" refers to the protocol used for SSL, not for any specific cipher, key exchange strategy, etc. Unfortunately, the Tomcat documentation does not list all the available protocols, nor should it: the protocols available to you are determined by JVM support. The Javadoc for javax.net.ssl.SSLContext.getInstance has a pointer to documentation for "standard names" (which takes you through several hops to) here: http://download.oracle.com/javase/6/docs/technotes/guides/security/ StandardNames.html#SSLContext Those are the valid ssl protocol names you can choose. If you want use only ciphers that use the RSA algorithm (which is really limiting, IMO), you can look up their names here (after scrolling a bit downward): http://download.oracle.com/javase/6/docs/technotes/guides/security/ StandardNames.html#jssenames Just look for stuff like SSL_DH_DSS_blah_blah_blah. Of course, support for a certain algorithm might not be available in your environment. It's best to find out what your JVM supports and use that. I wrote a short bit of code a while back to determine the supported algorithms and the default cipher suite for an SSLSocketFactory. I'll try to dig it up and post it. If you aren't using AJP, then disable the extra connector. Hoping you are not overwhelmed. Anything else ? You had other errors in the log file. After you get SSL working properly, stop Tomcat, delete all your logs and re-launch it. Anything that looks like an error should be investigated and fixed. Feel free to come back to the list for help on those additional issues: just remember start a new thread if you do. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3yd5IACgkQ9CaO5/Lv0PCSwQCggfhTML/aJwMtBlw1pVJ+mJIt rg8AoJOrh9amZcTCiLFrXjZQtFRGQbd0 =fu8H -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Patrick Flaherty Rampage Systems Inc. 411 Waverley Oaks Rd. Suite 138 Waltham, MA. 02452-8405 781-891-9400 x239 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
On 6/10/2011 3:59 PM, Christopher Schultz wrote:
> It's best to find out what your JVM supports and use that.
>
> I wrote a short bit of code a while back to determine the supported
> algorithms and the default cipher suite for an SSLSocketFactory.
As promised, see below. No warranty. Free license. Attributions appreciated.
- -chris
package com.chadis.tools.security;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import java.security.Provider;
import java.security.Security;
import javax.net.ssl.SSLServerSocketFactory;
public class SSLInfo
{
public static void main(String[] args)
throws Exception
{
boolean enumeratedProviders = (null != args && 0 < args.length);
// Get SSL protocol info
String providerName = null;
Provider providers[];
if(enumeratedProviders)
{
providers = new Provider[args.length];
for(int i = 0; i < args.length; i++)
providers[i] = Security.getProvider(args[i]);
} else {
providers = Security.getProviders();
}
System.out.println("Supported SSL Protocols:");
boolean foundProtocol = false;
for(int i = 0; i < providers.length; i++)
{
Provider p = providers[i];
// Skip any providers that don't actually exist
if(null == p) continue;
ArrayList keys = new ArrayList(p.keySet());
Collections.sort(keys);
for(Iterator j = keys.iterator(); j.hasNext(); )
{
String key = (String)j.next();
if(key.startsWith("SSLContext.")
&& !"SSLContext.Default".equals(key))
{
foundProtocol |= true;
System.out.print(" ");
System.out.print(key.substring("SSLContext.".length()));
System.out.print(" (");
System.out.print(p.getName());
System.out.println(")");
}
}
}
if(!foundProtocol)
if(enumeratedProviders)
System.out.println(" ! No SSL protocols supported by any
requested provider");
else
System.out.println(" ! No SSL protocols supported by any
provider");
// Get cipher suite info
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
String[] defaultCiphers = ssf.getDefaultCipherSuites();
String[] availableCiphers = ssf.getSupportedCipherSuites();
TreeMap ciphers = new TreeMap();
for(int i=0; ihttp://enigmail.mozdev.org/
iEYEARECAAYFAk3yfN8ACgkQ9CaO5/Lv0PCLdwCffjuhJ/EznrfRr3EqfGHijSyK
GtQAnAnWSmk8g8luGF73lPWWXdrTssc+
=0/80
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles, On 6/10/2011 9:25 AM, Charles Van Damme wrote: > 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener init > INFO: The APR based Apache Tomcat Native library which allows optimal > performance in production environments was not found on the > java.library.path: [...] FWIW, that's just an INFO message, but if you are going to be using SSL, you might want to go ahead and install the APR library: your performance will improve measurably. Note that configuration for an APR connector using SSL is completely different if you choose to go this route. If you are not going to be using APR, you can disable the APR lifecycle listener because you aren't using it. > java.security.NoSuchAlgorithmException: RSA SSLContext not available As Pid points out, it's pretty obvious that "RSA" is not a valid algorithm in this situation: > at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) > at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:490) So, it's an SSL configuration problem. Let's look at your SSL : > > port="443" >maxThreads="150" scheme="https" secure="true" > SSLEnabled="true" >keystoreFile="C:/Documents and Settings/Papa/.keystore" > keystorePass="changeit" >clientAuth="false" sslProtocol="RSA" /> SO, you have sslProtocol="RSA"... seems like a good place to look. If you check the documentation, you can see that there are only a few recognized protocols you can choose. http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support Note that "protocol" refers to the protocol used for SSL, not for any specific cipher, key exchange strategy, etc. Unfortunately, the Tomcat documentation does not list all the available protocols, nor should it: the protocols available to you are determined by JVM support. The Javadoc for javax.net.ssl.SSLContext.getInstance has a pointer to documentation for "standard names" (which takes you through several hops to) here: http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext Those are the valid ssl protocol names you can choose. If you want use only ciphers that use the RSA algorithm (which is really limiting, IMO), you can look up their names here (after scrolling a bit downward): http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames Just look for stuff like SSL_DH_DSS_blah_blah_blah. Of course, support for a certain algorithm might not be available in your environment. It's best to find out what your JVM supports and use that. I wrote a short bit of code a while back to determine the supported algorithms and the default cipher suite for an SSLSocketFactory. I'll try to dig it up and post it. > > If you aren't using AJP, then disable the extra connector. > Hoping you are not overwhelmed. Anything else ? You had other errors in the log file. After you get SSL working properly, stop Tomcat, delete all your logs and re-launch it. Anything that looks like an error should be investigated and fixed. Feel free to come back to the list for help on those additional issues: just remember start a new thread if you do. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3yd5IACgkQ9CaO5/Lv0PCSwQCggfhTML/aJwMtBlw1pVJ+mJIt rg8AoJOrh9amZcTCiLFrXjZQtFRGQbd0 =fu8H -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
Charles, you are facing multiple problems here. One is with the RSA, and the other is with starting Tomcat instances. On Fri, Jun 10, 2011 at 8:48 PM, Charles Van Damme wrote: > At which moment does NetBeans start the Tomcat server ? > If I operate a shutdown.bat and a startup.bat from start > Cmd , how does it > interfere with the Tomcat server thread started up by NetBeans ? Regardless of how you start Tomcat (batch file or within Netbeans), if you start Tomcat with the default config and get it to bind to port 443, then the operating system will give it port 443. If you now start another Tomcat instance, and get that too to bind to port 443, then the OS will tell this second Tomcat that the port is already in use. This is why you see "Starting of Tomcat failed, the server port 443 is already in use." You need to run exactly one Tomcat instance on port 443 for now. As you get more familiar with Tomcat, you'll be able to do interesting things like work with SSL on ports other than 443 (and there by run multiple Tomcat instances serving SSL, etc). > > Thanks. > Chavadam > > -- Sriram -- == Belenix: www.belenix.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
Dear Pid, Yes, RSA fails, and I'm wondering why. Meantime, in 'server.xml' (see my previous email sending, I changed RSA by TLS. Only that. Output tabs : 1.1) Tomcat 7.0 : Using CATALINA_BASE: "C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11" Using CATALINA_HOME: "C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11" Using CATALINA_TMPDIR: "C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11\temp" Using JRE_HOME:"C:\Program Files\Java\jdk1.6.0_22" Using CLASSPATH: "C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11\bin\bootstrap.jar;C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11\bin\tomcat-juli.jar" 10-jun-2011 17:13:56 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_22\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\System32\Wbem;C:\Program Files\Java\jdk1.6.0_22\bin;C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11 10-jun-2011 17:13:57 org.apache.coyote.AbstractProtocolHandler init INFO: Initializing ProtocolHandler ["http-nio-443"] 10-jun-2011 17:13:57 org.apache.coyote.AbstractProtocolHandler init SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio-443"] java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:311) at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121) at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38) at java.security.KeyStore.getKey(KeyStore.java:763) at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:113) at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48) at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:568) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:479) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483) at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:910) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.startup.Catalina.load(Catalina.java:572) at org.apache.catalina.startup.Catalina.load(Catalina.java:595) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430) 10-jun-2011 17:13:57 org.apache.catalina.core.StandardService initInternal SEVERE: Failed to initialize connector [Connector[org.apache.coyote.http11.Http11NioProtocol-443]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:912) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.startup.Catalina.load(Catalina.java:572) at org.apache.catalina.startup.Catalina.load(Catalina.java:595) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430) Caused by: java.security.UnrecoverableKeyException: Cannot recover key at sun.
Re: My web application to use SSL (JSSE - RSA)
On 10/06/2011 14:25, Charles Van Damme wrote: > java.security.NoSuchAlgorithmException: RSA SSLContext not available It seems pretty clear that "RSA" isn't accepted by Java as a valid algorithm. p signature.asc Description: OpenPGP digital signature
Re: My web application to use SSL (JSSE - RSA)
OK Christopher: 1) Output tabs of NetBeans IDE 1.1) Tomcat 7.0 : Using CATALINA_BASE: "C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11" Using CATALINA_HOME: "C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11" Using CATALINA_TMPDIR: "C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11\temp" Using JRE_HOME:"C:\Program Files\Java\jdk1.6.0_22" Using CLASSPATH: "C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11\bin\bootstrap.jar;C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11\bin\tomcat-juli.jar" 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_22\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\System32\Wbem;C:\Program Files\Java\jdk1.6.0_22\bin;C:\Program Files\ApacheSoftwFound\Apache Tomcat 7.0.11 10-jun-2011 15:14:11 org.apache.coyote.AbstractProtocolHandler init INFO: Initializing ProtocolHandler ["http-nio-443"] 10-jun-2011 15:14:12 org.apache.coyote.AbstractProtocolHandler init SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio-443"] java.security.NoSuchAlgorithmException: RSA SSLContext not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:490) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:478) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483) at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:910) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.startup.Catalina.load(Catalina.java:572) at org.apache.catalina.startup.Catalina.load(Catalina.java:595) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430) 10-jun-2011 15:14:12 org.apache.catalina.core.StandardService initInternal SEVERE: Failed to initialize connector [Connector[org.apache.coyote.http11.Http11NioProtocol-443]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:912) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.startup.Catalina.load(Catalina.java:572) at org.apache.catalina.startup.Catalina.load(Catalina.java:595) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430) Caused by: java.security.NoSuchAlgorithmException: RSA SSLContext not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:490) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:478) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483) at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Conn
Re: My web application to use SSL (JSSE - RSA)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles, On 6/8/2011 3:03 PM, Charles Van Damme wrote: > 1) I'm trying first with JSSE. Please see
Re: My web application to use SSL (JSSE - RSA)
Dear, 1) I'm trying first with JSSE. Please see To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: My web application to use SSL (JSSE - RSA)
> From: Charles Van Damme [mailto:chava...@gmail.com] > Subject: My web application to use SSL (JSSE - RSA) > I'm trying to get my first applic using SSL started. I read > therefor SSL Configuration HOW-TO n times. Including the part about there being *two* SSL mechanisms? Which one are you actually using, APR or pure Java? > When I compile and run my 'Test1' applic inside the IDE When diagnosing problems, simplify the environment as much as possible: get the IDE out of the picture. Go ahead and build your webapp with the IDE, but run Tomcat separately. IDEs have a nasty habit of using their own configurations for servers, ignoring what you think you've got set. > Pls, see a copy of my 'Tomcat 7.0' output window in the attached > WordPad file (8-jun-2011 18:05:11 Tomcat issue.rtf). Stripped, thankfully. (See below about viruses.) > Why doesn't Apache Tomcat use a usual forum application on a > website for all his support questions ? Because forums are crap. > My mailbox is getting quickly much too full ... Learn where the delete key is. > No provision for "Quote" neither "Code" inserts ... Or viruses. Messages are all in plain text. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
