Re: Tomcat 6.0.24 SSL Setup issue
On Wed, 2012-10-24 at 11:38 +0100, KumareshGopalsamy wrote: Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystorePass=changeit keystoreFile= C:\apache-tomcat-6.0.24-windows-x64\key \.keystore/ The only thing that looks weird is that space after '\key'. And perhaps the newline after 'keystoreFile='? But maybe I'm reading this too literally. Also, it looks like something is already bound to a port you want to use. --tim I have got the below error message when I restart the Tomcat server Could you please help me on this? 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.19. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra ndom [true]. 22-Oct-2012 11:21:43 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'clie ntAuth' to 'false' did not find a matching property. 22-Oct-2012 11:21:43 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'keys torePass' to 'changeit' did not find a matching property. 22-Oct-2012 11:21:43 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'keys toreFile' to 'C:\.keystore' did not find a matching property. 22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:720) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.jav a:107) at org.apache.catalina.connector.Connector.initialize(Connector.java:100 7) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 22-Oct-2012 11:21:44 org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception : No Certificate file specified or invalid file format at org.apache.catalina.connector.Connector.initialize(Connector.java:100 9) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 22-Oct-2012 11:21:44 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1836 ms 22-Oct-2012 11:21:44 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 22-Oct-2012 11:21:44 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 22-Oct-2012 11:21:44 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml 22-Oct-2012 11:21:44 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor manager.xml 22-Oct-2012 11:21:44
Re: Tomcat 6.0.24 SSL Setup issue
On 24/10/2012 11:38, KumareshGopalsamy wrote: Hi I have followed below steps to setup SSL You are trying to use BIO/NIO (100% Java) SSL configuration for the APR(native) connector. That won't work. Fix your configuration or disable APR. See the SSL How-to, particularly the section on configuration. [1] Mark [1] http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.24 SSL Setup issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kumaresh, On 10/24/12 6:38 AM, KumareshGopalsamy wrote: I have followed below steps to setup SSL Details Tomcat 6.0.24 Windows server 2008 R2 Datacenter Since you are using SSL, I suspect you are interested in protecting your data. You should seriously upgrade to the latest Tomcat 6.0.36, as there are known vulnerabilities with your version: http://tomcat.apache.org/security-6.html Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystorePass=changeit keystoreFile= C:\apache-tomcat-6.0.24-windows-x64\key \.keystore/ This is a JSSE keystore-based certificate configuration. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.19. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. You are using APR (tcnative). INFO: Initializing Coyote HTTP/1.1 on http-8080 22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init Your Connector is auto-choosing APR-based HTTP/1.1 protocol. SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format APR uses a different file format and configuration from the BIO and NIO HTTP/1.1 connectors. So, either you need to re-do your certificates so that you have separate PEM-encoded files on the disk like httpd does, and configure them appropriately (http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS) or you need to change your Connector to use a non-APR connector like this for BIO: Connector protocol=org.apache.coyote.http11.Http11Protocol Or like this for NIO: Connector protocol=org.apache.coyote.http11.Http11NioProtocol Or you can disable APR by commenting-out the Listener in server.xml, or you can just remove the tcnative* binaries from your Tomcat installation. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCH8CYACgkQ9CaO5/Lv0PDVNgCgpOVZad9f/o87to6fWwezplHC 9Y4AnRnh3k72yIizIGQUCJeX7pYZrj61 =QUfe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6.0.24 SSL Setup issue
Hi Tim Thank you for your reply. I have attached Server.xml of my Tomcat. This machine is dedicated tomcat server as no other application runs in this, if any other is using please let me know how to delete/remove Thank you Regards Kumaresh Gopalsamy -Original Message- From: Tim Watts [mailto:t...@cliftonfarm.org] Sent: 24 October 2012 14:17 To: Tomcat Users List Subject: Re: Tomcat 6.0.24 SSL Setup issue On Wed, 2012-10-24 at 11:38 +0100, KumareshGopalsamy wrote: Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystorePass=changeit keystoreFile= C:\apache-tomcat-6.0.24-windows-x64\key \.keystore/ The only thing that looks weird is that space after '\key'. And perhaps the newline after 'keystoreFile='? But maybe I'm reading this too literally. Also, it looks like something is already bound to a port you want to use. --tim I have got the below error message when I restart the Tomcat server Could you please help me on this? 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.19. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra ndom [true]. 22-Oct-2012 11:21:43 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'clie ntAuth' to 'false' did not find a matching property. 22-Oct-2012 11:21:43 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'keys torePass' to 'changeit' did not find a matching property. 22-Oct-2012 11:21:43 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'keys toreFile' to 'C:\.keystore' did not find a matching property. 22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:720) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.jav a:107) at org.apache.catalina.connector.Connector.initialize(Connector.java:100 7) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 22-Oct-2012 11:21:44 org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception : No Certificate file specified or invalid file format at org.apache.catalina.connector.Connector.initialize(Connector.java:100 9) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 22-Oct-2012 11:21:44 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1836 ms 22-Oct-2012 11:21:44 org.apache.catalina.core.StandardService start INFO: Starting service Catalina
RE: Tomcat 6.0.24 SSL Setup issue
Hi Chris We are planning to setup JSSE keystore-based certificate configuration so I have removed tcnative-1.dll file in C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\bin path. Still no success, below are the error message I have attached server.xml in this. Error Message 24-Oct-2012 14:52:36 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performanc e in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_30\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Window s;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\Wi ndowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.6.0_30\bin;. 24-Oct-2012 14:52:36 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:38 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:38 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 2702 ms 24-Oct-2012 14:52:38 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 24-Oct-2012 14:52:38 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 24-Oct-2012 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml 24-Oct-2012 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor manager.xml 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory docs 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory examples 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT 24-Oct-2012 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:40 org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 24-Oct-2012 14:52:40 org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/32 config=null 24-Oct-2012 14:52:40 org.apache.catalina.startup.Catalina start INFO: Server startup in 1986 ms Thank you Regards Kumaresh Gopalsamy -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 October 2012 14:42 To: Tomcat Users List Subject: Re: Tomcat 6.0.24 SSL Setup issue -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kumaresh, On 10/24/12 6:38 AM, KumareshGopalsamy wrote: I have followed below steps to setup SSL Details Tomcat 6.0.24 Windows server 2008 R2 Datacenter Since you are using SSL, I suspect you are interested in protecting your data. You should seriously upgrade to the latest Tomcat 6.0.36, as there are known vulnerabilities with your version: http://tomcat.apache.org/security-6.html Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystorePass=changeit keystoreFile= C:\apache-tomcat-6.0.24-windows-x64\key \.keystore/ This is a JSSE keystore-based certificate configuration. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.19. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. You are using APR (tcnative). INFO: Initializing Coyote HTTP/1.1 on http-8080 22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init Your Connector is auto-choosing APR-based HTTP/1.1 protocol. SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format APR uses a different file format and configuration from the BIO and NIO HTTP/1.1 connectors. So, either you need to re-do your certificates so that you have separate PEM-encoded files on the disk like httpd does, and configure them appropriately (http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS) or you need to change your Connector to use a non-APR connector like this for BIO: Connector protocol=org.apache.coyote.http11.Http11Protocol Or like this for NIO: Connector protocol=org.apache.coyote.http11.Http11NioProtocol Or you can disable APR by commenting-out the Listener in server.xml, or you can just remove the tcnative* binaries from your Tomcat installation. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCH8CYACgkQ9CaO5/Lv0PDVNgCgpOVZad9f/o87to6fWwezplHC
Re: Tomcat 6.0.24 SSL Setup issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/2012 15:00, KumareshGopalsamy wrote: Hi Chris We are planning to setup JSSE keystore-based certificate configuration so I have removed tcnative-1.dll file in C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\bin path. Still no success, below are the error message There are no error messages in the logs quoted below. Mark I have attached server.xml in this. Error Message 24-Oct-2012 14:52:36 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performanc e in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_30\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Window s;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\Wi ndowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.6.0_30\bin;. 24-Oct-2012 14:52:36 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:38 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:38 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 2702 ms 24-Oct-2012 14:52:38 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 24-Oct-2012 14:52:38 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 24-Oct-2012 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml 24-Oct-2012 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor manager.xml 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory docs 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory examples 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT 24-Oct-2012 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:40 org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 24-Oct-2012 14:52:40 org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/32 config=null 24-Oct-2012 14:52:40 org.apache.catalina.startup.Catalina start INFO: Server startup in 1986 ms Thank you Regards Kumaresh Gopalsamy -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 October 2012 14:42 To: Tomcat Users List Subject: Re: Tomcat 6.0.24 SSL Setup issue Kumaresh, On 10/24/12 6:38 AM, KumareshGopalsamy wrote: I have followed below steps to setup SSL Details Tomcat 6.0.24 Windows server 2008 R2 Datacenter Since you are using SSL, I suspect you are interested in protecting your data. You should seriously upgrade to the latest Tomcat 6.0.36, as there are known vulnerabilities with your version: http://tomcat.apache.org/security-6.html Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystorePass=changeit keystoreFile= C:\apache-tomcat-6.0.24-windows-x64\key \.keystore/ This is a JSSE keystore-based certificate configuration. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.19. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. You are using APR (tcnative). INFO: Initializing Coyote HTTP/1.1 on http-8080 22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init Your Connector is auto-choosing APR-based HTTP/1.1 protocol. SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format APR uses a different file format and configuration from the BIO and NIO HTTP/1.1 connectors. So, either you need to re-do your certificates so that you have separate PEM-encoded files on the disk like httpd does, and configure them appropriately (http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS) or you need to change your Connector to use a non-APR connector like this for BIO: Connector protocol=org.apache.coyote.http11.Http11Protocol Or like this for NIO: Connector protocol=org.apache.coyote.http11.Http11NioProtocol Or you can disable APR by commenting-out the Listener in server.xml, or you can just remove the tcnative* binaries from your Tomcat installation. Hope that helps, -chris
RE: Tomcat 6.0.24 SSL Setup issue
Hi Mark Thank you. You are right. It was my mistake as page takes more time to load. But when I shutdown Tomcat from command prompt C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\binshutdown I could see Apache Tomcat homepage in http://localhost:8080/ but not in https://localhost:8443/ Will I continue to see homepage in http://localhost:8080/ after tomcat shutdown? Regards Kumaresh Gopalsamy -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 24 October 2012 15:27 To: Tomcat Users List Subject: Re: Tomcat 6.0.24 SSL Setup issue -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/2012 15:00, KumareshGopalsamy wrote: Hi Chris We are planning to setup JSSE keystore-based certificate configuration so I have removed tcnative-1.dll file in C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\bin path. Still no success, below are the error message There are no error messages in the logs quoted below. Mark I have attached server.xml in this. Error Message 24-Oct-2012 14:52:36 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performanc e in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_30\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32 ;C:\Window s;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\Sys tem32\Wi ndowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.6.0_30\bin;. 24-Oct-2012 14:52:36 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:38 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:38 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 2702 ms 24-Oct-2012 14:52:38 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 24-Oct-2012 14:52:38 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 24-Oct-2012 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml 24-Oct-2012 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor manager.xml 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory docs 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory examples 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT 24-Oct-2012 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:40 org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 24-Oct-2012 14:52:40 org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/32 config=null 24-Oct-2012 14:52:40 org.apache.catalina.startup.Catalina start INFO: Server startup in 1986 ms Thank you Regards Kumaresh Gopalsamy -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 October 2012 14:42 To: Tomcat Users List Subject: Re: Tomcat 6.0.24 SSL Setup issue Kumaresh, On 10/24/12 6:38 AM, KumareshGopalsamy wrote: I have followed below steps to setup SSL Details Tomcat 6.0.24 Windows server 2008 R2 Datacenter Since you are using SSL, I suspect you are interested in protecting your data. You should seriously upgrade to the latest Tomcat 6.0.36, as there are known vulnerabilities with your version: http://tomcat.apache.org/security-6.html Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystorePass=changeit keystoreFile= C:\apache-tomcat-6.0.24-windows-x64\key \.keystore/ This is a JSSE keystore-based certificate configuration. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.19. 22-Oct-2012 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. You are using APR (tcnative). INFO: Initializing Coyote HTTP/1.1 on http-8080 22-Oct-2012 11:21:44 org.apache.coyote.http11.Http11AprProtocol init Your Connector is auto-choosing APR-based HTTP/1.1 protocol. SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format APR uses a different file format and configuration from the BIO and NIO HTTP/1.1 connectors. So, either you need to re-do your certificates so that you have
RE: Tomcat 6.0.24 SSL Setup issue
Mark is correct there are NO tomcat errors in the attached log but your JSSE is complaining about missing cert or you are implementing a certificate from a non-CA authrity you cannot build your KeyMaterial without knowing the full path of the CA-authority issued cert and the keyFile location and the jksPassword and the keyPass public KeyMaterial(File certsFile, File keyFile, char[] jksPass, char[] keyPass) throws GeneralSecurityException, IOException http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/ssl/KeyMaterial.html#KeyMaterial%28java.io.File,%20java.io.File,%20char[],%20char[]%29 Martin __ Please do not alter or disrupt this email comunnication Subject: RE: Tomcat 6.0.24 SSL Setup issue Date: Wed, 24 Oct 2012 15:39:01 +0100 From: kumareshgopals...@phs.co.uk To: users@tomcat.apache.org CC: ma...@apache.org Hi Mark Thank you. You are right. It was my mistake as page takes more time to load. But when I shutdown Tomcat from command prompt C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\binshutdown I could see Apache Tomcat homepage in http://localhost:8080/ but not in https://localhost:8443/ Will I continue to see homepage in http://localhost:8080/ after tomcat shutdown? Regards Kumaresh Gopalsamy -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 24 October 2012 15:27 To: Tomcat Users List Subject: Re: Tomcat 6.0.24 SSL Setup issue -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/2012 15:00, KumareshGopalsamy wrote: Hi Chris We are planning to setup JSSE keystore-based certificate configuration so I have removed tcnative-1.dll file in C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\bin path. Still no success, below are the error message There are no error messages in the logs quoted below. Mark I have attached server.xml in this. Error Message 24-Oct-2012 14:52:36 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performanc e in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_30\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32 ;C:\Window s;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\Sys tem32\Wi ndowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.6.0_30\bin;. 24-Oct-2012 14:52:36 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:38 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:38 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 2702 ms 24-Oct-2012 14:52:38 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 24-Oct-2012 14:52:38 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 24-Oct-2012 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml 24-Oct-2012 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor manager.xml 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory docs 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory examples 24-Oct-2012 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT 24-Oct-2012 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:40 org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 24-Oct-2012 14:52:40 org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/32 config=null 24-Oct-2012 14:52:40 org.apache.catalina.startup.Catalina start INFO: Server startup in 1986 ms Thank you Regards Kumaresh Gopalsamy -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 October 2012 14:42 To: Tomcat Users List Subject: Re: Tomcat 6.0.24 SSL Setup issue Kumaresh, On 10/24/12 6:38 AM, KumareshGopalsamy wrote: I have followed below steps to setup SSL Details Tomcat 6.0.24 Windows server 2008 R2 Datacenter Since you are using SSL, I suspect you are interested in protecting your data. You should seriously upgrade to the latest Tomcat 6.0.36, as there are known vulnerabilities with your version: http://tomcat.apache.org/security-6.html Connector port
Re: Tomcat 6.0.24 SSL Setup issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kumaresh, On 10/24/12 10:39 AM, KumareshGopalsamy wrote: But when I shutdown Tomcat from command prompt C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\binshutdown I could see Apache Tomcat homepage in http://localhost:8080/ but not in https://localhost:8443/ Will I continue to see homepage in http://localhost:8080/ after tomcat shutdown? That depends: do you have more than one server process running? Try using netstat to see what process is listening on port 8080. If you have been changing your configuration around and starting and stopping Tomcat, you might have forgotten to stop it one time and then fixed the config so you did this: 1. Start Tomcat A a. HTTP connector comes up on port 8080 b. HTTPS connector fails to initialize (bad cert config) 2. Start Tomcat B a. HTTP connector fails to bind to port 8080 (Tomcat A is bound) b. HTTPS connector comes up on port 8443 3. Stop Tomcat a. Tomcat B stops b. Tomcat A remains running In this situation, Tomcat A is still running on port 8080. Make sure that everything has stopped and repeat your tests -- with a clean logs/ directory. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCIO7cACgkQ9CaO5/Lv0PASSQCgs3QaEGpBpygyIplXR4B5pgBR SLsAn0fPbrnhojNQg8Fx9P0W94kp0wgd =ki1W -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org