subject:"Tomcat SSL \- Issue"

RE: Tomcat SSL - Issue

2021-09-28 Thread Kumawat, Priyanka

Hello Christopher/Niranjan,

Thankyou very much for the below information !!!
The issue was with the Java version , we needs to upgrade the java version 
inorder to install the cert .
Thankyou again for your support !!!.

Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology

-Original Message-
From: Christopher Schultz 
Sent: 22 September 2021 02:53
To: users@tomcat.apache.org
Subject: Re: Tomcat SSL - Issue

Priyanka,

On 9/21/21 13:52, Kumawat, Priyanka wrote:
> Hello Team ,
>
> Please find the error details as below -
>
> The site can't provide a secure connection .
>
> xmotam01.phl.com uses an unsupported protocol
>
> ERR_SSL_VERSION or CIPHER MISMATCH
>
> Unsupported protocol - The client and server don;t support a common
> protocol version.

Many versions of Java 1.7 do not support TLSv1.2. Try running this tool under 
your Java 1.7 environment for some good information:

https://clicktime.symantec.com/3Sz9L481YBNoQcbTNkoLGRP7Vc?u=https%3A%2F%2Fgithub.com%2FChristopherSchultz%2Fssltest

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

DXC Technology Company -- This message is transmitted to you by or on behalf of 
DXC Technology Company or one of its affiliates. It is intended exclusively for 
the addressee. The substance of this message, along with any attachments, may 
contain proprietary, confidential or privileged information or information that 
is otherwise legally exempt from disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended recipient 
of this message, you are not authorized to read, print, retain, copy or 
disseminate any part of this message. If you have received this message in 
error, please destroy and delete all copies and notify the sender by return 
e-mail. Regardless of content, this e-mail shall not operate to bind DXC 
Technology Company or any of its affiliates to any order or other contract 
unless pursuant to explicit written agreement or government initiative 
expressly permitting the use of e-mail for such purpose.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL - Issue

2021-09-22 Thread Niranjan Babu Bommu

port where server is listening ssl(8443) and ipaddres of server where
tomcat is running, expect output like this

starting Nmap 6.40 ( http://nmap.org ) at 2021-09-22 14:35 EDT
Nmap scan report for 12.0.0.1
Host is up (0.35s latency).
PORT STATE SERVICEVERSION
8443/tcp open  https-alt?
| ssl-enum-ciphers:
|   TLSv1.0:
| ciphers:
|   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|   TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|   TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| compressors:
|   NULL
|   TLSv1.1:
| ciphers:
|   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|   TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|   TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| compressors:
|   NULL
|   TLSv1.2:
| ciphers:
|   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|   TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|   TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong
|   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
| compressors:
|   NULL
|_  least strength: strong


On Wed, Sep 22, 2021 at 8:48 AM Kumawat, Priyanka 
wrote:

> Hi Niranjan ,
>
> Thankyou.
>
> The script here on the below command will be the ssltest script that Chris
> have given ?
> Also IP address will be the IP of the server .?
>
>
> nmap -sV --script ssl-enum-ciphers -p  
>
> https://clicktime.symantec.com/3Cx1tBjB9n6EQyoUQjHJNWU7Vc?u=https%3A%2
> F%2Fgithub.com%2FChristopherSchultz%2Fssltest
>
>
> Thanks & Regards,
>
> Priyanka Kumawat | Middleware Admin
> T +91.7879364483
> EMail - priyanka.kuma...@dxc.com
> DL - ams-leveraged-webadmin-offsh...@dxc.com
>
> DXC Technology
>
>
>
>
>
>
> -Original Message-
> From: Niranjan Babu Bommu 
> Sent: 22 September 2021 04:53
> To: Tomcat Users List 
> Subject: Re: Tomcat SSL - Issue
>
> Another way you get supported is TLS and the cipher suite.
>
> nmap -sV --script ssl-enum-ciphers -p  
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> nmap -sV --script ssl-enum-ciphers -p  
>
>
>
> On Tue, Sep 21, 2021 at 5:25 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> > Priyanka,
> >
> > On 9/21/21 13:52, Kumawat, Priyanka wrote:
> > > Hello Team ,
> > >
> > > Please find the error details as below -
> > >
> > > The site can’t provide a secure connection .
> > >
> > > xmotam01.phl.com uses an unsupported protocol
> > >
> > > ERR_SSL_VERSION or CIPHER MISMATCH
> > >
> > > Unsupported protocol – The client and server don;t support a common
> > > protocol version.
> >
> > Many versions of Java 1.7 do not support TLSv1.2. Try running this
> > tool under your Java 1.7 environment for some good information:
> >
> > https://clicktime.symantec.com/3Cx1tBjB9n6EQyoUQjHJNWU7Vc?u=https%3A%2
> > F%2Fgithub.com%2FChristopherSchultz%2Fssltest
> >
> > -chris
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
> --
> *Thanks*
> *Niranjan*
>
>
> DXC Technology Company -- This message is transmitted to you by or on
> behalf of DXC Technology Company or one of its affiliates. It is intended
> exclusively for the addressee. The substance of this message, along with
> any attachments, may contain proprietary, confidential or privileged
> information or information that is otherwise legally exempt from
> disclosure. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient of this message, you are
> not authorized to read, print, retain, copy or disseminate any part of this
> message. If you have received this message in error, please destroy and
> delete all copies

Re: Tomcat SSL - Issue

2021-09-22 Thread Christopher Schultz


Niranjan,

On 9/21/21 19:23, Niranjan Babu Bommu wrote:

Another way you get supported is TLS and the cipher suite.

nmap -sV --script ssl-enum-ciphers -p  

nmap -sV --script ssl-enum-ciphers -p  


nmap is great, but it won't tell you what your Java client's 
capabilities are.


-chris


On Tue, Sep 21, 2021 at 5:25 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:


Priyanka,

On 9/21/21 13:52, Kumawat, Priyanka wrote:

Hello Team ,

Please find the error details as below -

The site can’t provide a secure connection .

xmotam01.phl.com uses an unsupported protocol

ERR_SSL_VERSION or CIPHER MISMATCH

Unsupported protocol – The client and server don;t support a common
protocol version.


Many versions of Java 1.7 do not support TLSv1.2. Try running this tool
under your Java 1.7 environment for some good information:

https://github.com/ChristopherSchultz/ssltest

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat SSL - Issue

2021-09-22 Thread Kumawat, Priyanka

Hi Niranjan ,

Thankyou.

The script here on the below command will be the ssltest script that Chris have 
given ?
Also IP address will be the IP of the server .?

nmap -sV --script ssl-enum-ciphers -p  

https://clicktime.symantec.com/3Cx1tBjB9n6EQyoUQjHJNWU7Vc?u=https%3A%2
F%2Fgithub.com%2FChristopherSchultz%2Fssltest

Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology

-Original Message-
From: Niranjan Babu Bommu 
Sent: 22 September 2021 04:53
To: Tomcat Users List 
Subject: Re: Tomcat SSL - Issue

Another way you get supported is TLS and the cipher suite.

nmap -sV --script ssl-enum-ciphers -p  

nmap -sV --script ssl-enum-ciphers -p  

On Tue, Sep 21, 2021 at 5:25 PM Christopher Schultz < 
ch...@christopherschultz.net> wrote:

> Priyanka,
>
> On 9/21/21 13:52, Kumawat, Priyanka wrote:
> > Hello Team ,
> >
> > Please find the error details as below -
> >
> > The site can’t provide a secure connection .
> >
> > xmotam01.phl.com uses an unsupported protocol
> >
> > ERR_SSL_VERSION or CIPHER MISMATCH
> >
> > Unsupported protocol – The client and server don;t support a common
> > protocol version.
>
> Many versions of Java 1.7 do not support TLSv1.2. Try running this
> tool under your Java 1.7 environment for some good information:
>
> https://clicktime.symantec.com/3Cx1tBjB9n6EQyoUQjHJNWU7Vc?u=https%3A%2
> F%2Fgithub.com%2FChristopherSchultz%2Fssltest
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

--
*Thanks*
*Niranjan*

DXC Technology Company -- This message is transmitted to you by or on behalf of 
DXC Technology Company or one of its affiliates. It is intended exclusively for 
the addressee. The substance of this message, along with any attachments, may 
contain proprietary, confidential or privileged information or information that 
is otherwise legally exempt from disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended recipient 
of this message, you are not authorized to read, print, retain, copy or 
disseminate any part of this message. If you have received this message in 
error, please destroy and delete all copies and notify the sender by return 
e-mail. Regardless of content, this e-mail shall not operate to bind DXC 
Technology Company or any of its affiliates to any order or other contract 
unless pursuant to explicit written agreement or government initiative 
expressly permitting the use of e-mail for such purpose.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL - Issue

2021-09-21 Thread Niranjan Babu Bommu

Another way you get supported is TLS and the cipher suite.

nmap -sV --script ssl-enum-ciphers -p  
















nmap -sV --script ssl-enum-ciphers -p  



On Tue, Sep 21, 2021 at 5:25 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Priyanka,
>
> On 9/21/21 13:52, Kumawat, Priyanka wrote:
> > Hello Team ,
> >
> > Please find the error details as below -
> >
> > The site can’t provide a secure connection .
> >
> > xmotam01.phl.com uses an unsupported protocol
> >
> > ERR_SSL_VERSION or CIPHER MISMATCH
> >
> > Unsupported protocol – The client and server don;t support a common
> > protocol version.
>
> Many versions of Java 1.7 do not support TLSv1.2. Try running this tool
> under your Java 1.7 environment for some good information:
>
> https://github.com/ChristopherSchultz/ssltest
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 
*Thanks*
*Niranjan*

Re: Tomcat SSL - Issue

2021-09-21 Thread Christopher Schultz


Priyanka,

On 9/21/21 13:52, Kumawat, Priyanka wrote:

Hello Team ,

Please find the error details as below -

The site can’t provide a secure connection .

xmotam01.phl.com uses an unsupported protocol

ERR_SSL_VERSION or CIPHER MISMATCH

Unsupported protocol – The client and server don;t support a common 
protocol version.


Many versions of Java 1.7 do not support TLSv1.2. Try running this tool 
under your Java 1.7 environment for some good information:


https://github.com/ChristopherSchultz/ssltest

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat SSL - Issue

2021-09-21 Thread Kumawat, Priyanka

Hello Team ,

Please find the error details as below -

The site can't provide a secure connection .
xmotam01.phl.com uses an unsupported protocol

ERR_SSL_VERSION or CIPHER MISMATCH

Unsupported protocol - The client and server don;t support a common protocol 
version.


Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com<mailto:priyanka.kuma...@dxc.com>
DL - 
ams-leveraged-webadmin-offsh...@dxc.com<mailto:ams-leveraged-webadmin-offsh...@dxc.com>

DXC Technology





From: Kumawat, Priyanka
Sent: 21 September 2021 22:50
To: users@tomcat.apache.org
Subject: RE: Tomcat SSL - Issue

Attaching the screenshot again -

[cid:image001.jpg@01D7AF3F.3BF0B470]


Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com<mailto:priyanka.kuma...@dxc.com>
DL - 
ams-leveraged-webadmin-offsh...@dxc.com<mailto:ams-leveraged-webadmin-offsh...@dxc.com>

DXC Technology






From: Kumawat, Priyanka
Sent: 21 September 2021 22:45
To: users@tomcat.apache.org<mailto:users@tomcat.apache.org>
Subject: Tomcat SSL - Issue

Hi Team ,

We are facing Issue while renewing SSL for the Tomcat/Apache application, the 
SSL was renewed and installed using the key tool . After installation when 
checking the https site it is giving error as given on the below screenshot - 
Could you please help us on this issue , is this related with TLS protocol or 
Cipher issue. The TLS using is TLS1.2 , java version - 1.7

[cid:image004.jpg@01D7AF3F.3BF0B470]

Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com<mailto:priyanka.kuma...@dxc.com>
DL - 
ams-leveraged-webadmin-offsh...@dxc.com<mailto:ams-leveraged-webadmin-offsh...@dxc.com>

DXC Technology






DXC Technology Company -- This message is transmitted to you by or on behalf of 
DXC Technology Company or one of its affiliates. It is intended exclusively for 
the addressee. The substance of this message, along with any attachments, may 
contain proprietary, confidential or privileged information or information that 
is otherwise legally exempt from disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended recipient 
of this message, you are not authorized to read, print, retain, copy or 
disseminate any part of this message. If you have received this message in 
error, please destroy and delete all copies and notify the sender by return 
e-mail. Regardless of content, this e-mail shall not operate to bind DXC 
Technology Company or any of its affiliates to any order or other contract 
unless pursuant to explicit written agreement or government initiative 
expressly permitting the use of e-mail for such purpose.

RE: Tomcat SSL - Issue

2021-09-21 Thread Kumawat, Priyanka

Attaching the screenshot again -

[cid:image002.jpg@01D7AF3A.B6F2FA20]


Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com<mailto:priyanka.kuma...@dxc.com>
DL - 
ams-leveraged-webadmin-offsh...@dxc.com<mailto:ams-leveraged-webadmin-offsh...@dxc.com>

DXC Technology






From: Kumawat, Priyanka
Sent: 21 September 2021 22:45
To: users@tomcat.apache.org
Subject: Tomcat SSL - Issue

Hi Team ,

We are facing Issue while renewing SSL for the Tomcat/Apache application, the 
SSL was renewed and installed using the key tool . After installation when 
checking the https site it is giving error as given on the below screenshot - 
Could you please help us on this issue , is this related with TLS protocol or 
Cipher issue. The TLS using is TLS1.2 , java version - 1.7

[cid:image003.jpg@01D7AF3A.B6F2FA20]

Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com<mailto:priyanka.kuma...@dxc.com>
DL - 
ams-leveraged-webadmin-offsh...@dxc.com<mailto:ams-leveraged-webadmin-offsh...@dxc.com>

DXC Technology






DXC Technology Company -- This message is transmitted to you by or on behalf of 
DXC Technology Company or one of its affiliates. It is intended exclusively for 
the addressee. The substance of this message, along with any attachments, may 
contain proprietary, confidential or privileged information or information that 
is otherwise legally exempt from disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended recipient 
of this message, you are not authorized to read, print, retain, copy or 
disseminate any part of this message. If you have received this message in 
error, please destroy and delete all copies and notify the sender by return 
e-mail. Regardless of content, this e-mail shall not operate to bind DXC 
Technology Company or any of its affiliates to any order or other contract 
unless pursuant to explicit written agreement or government initiative 
expressly permitting the use of e-mail for such purpose.

Tomcat SSL - Issue

2021-09-21 Thread Kumawat, Priyanka

Hi Team ,

We are facing Issue while renewing SSL for the Tomcat/Apache application, the 
SSL was renewed and installed using the key tool . After installation when 
checking the https site it is giving error as given on the below screenshot - 
Could you please help us on this issue , is this related with TLS protocol or 
Cipher issue. The TLS using is TLS1.2 , java version - 1.7

[cid:image001.jpg@01D7AF3A.03014DA0]

Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - 
ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology






DXC Technology Company -- This message is transmitted to you by or on behalf of 
DXC Technology Company or one of its affiliates. It is intended exclusively for 
the addressee. The substance of this message, along with any attachments, may 
contain proprietary, confidential or privileged information or information that 
is otherwise legally exempt from disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended recipient 
of this message, you are not authorized to read, print, retain, copy or 
disseminate any part of this message. If you have received this message in 
error, please destroy and delete all copies and notify the sender by return 
e-mail. Regardless of content, this e-mail shall not operate to bind DXC 
Technology Company or any of its affiliates to any order or other contract 
unless pursuant to explicit written agreement or government initiative 
expressly permitting the use of e-mail for such purpose.

RE: Tomcat SSL issue

2017-10-11 Thread Terence M. Bandoian


On 10/10/2017 9:45 AM, John Ellis wrote:


John Ellis

405.285.2500 office


 


http://biz-e.io


-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com]
Sent: Monday, October 9, 2017 4:49 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

On 10/9/2017 10:01 AM, John Ellis wrote:

I posted questions about this a couple of weeks ago I think it was. I
have been trying to get Tomcat running on a secure port with a valid
SSL certificate. We finally got version 9.0.0.M20 setup successfully
on port 9443 and I can go to that IP:port and get a Tomcat webpage but
when I go through all the steps using the keytool commands to submit a
certificate (we use Cacert.org) and try to plug that certificate into
the mix it doesn’t work. I still get an error message telling me that
I will have to create an exception to go to that IP address and port.
Last Friday I even deleted the certificate and all the keystore file,
etc. and got the same exact error. So it appears that Tomcat is not
seeing the certificate at all since I get the same error about having
to add an exception whether or not I have a valid certificate in place
on the server.

The lines we added to the server.xml file to get the secure port
working are-


keystoreFile=home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk
s"

keystorePass=hangeit" />

John Ellis

Thanks for the reply Terence. Yes I get the message about needing to create

a security exception when I first try to open the Tomcat webpage on the
secure port of 9443. I have deleted the certificate and supporting files off
of the server as I was going to start over with a new certificate. I believe
the error said something about not being able to verify the certificate. I
think the main issue is that this is just an internal server here in our
office running RHEL 6. It is not setup as a web server and it just has the
name of "cowboy" (given that name by my boss) so it is hard to figure out
what to call the "First and last name" part when I am creating the CSR to
send to Cacert.org. I can't just use the name "cowboy" as I don't have any
way to validate that. Have you ever run into situations like this? As I said
before I am not a programmer or developer or anything like that. My
background was in computer hardware for over 25 years until I took this
position after being laid off from what was formerly WebMD. We installed
systems in dr's offices, etc. Any light you could shed on this would be
great!
Thanks

Hi, John-

Is it a browser that's displaying the error message and requesting that you
create an exception to continue?  If so, have you looked at the additional
information to determine what problems the browser has detected with the
certificate?

-Terence Bandoian
   http://www.tmbsw.com/



Hi, John-

I would check the error message presented by the browser carefully and 
test with multiple browsers (e.g. Firefox, Chrome, IE, etc.). If you can 
copy the exact error messages to the list, someone might be able to 
offer more assistance.


If you're able to establish an encrypted connection, I would guess that 
Tomcat is at least finding "something" for a certificate.  And, you 
should be able to at least change the error message by altering your 
configuration.  If you can't, then something is amiss in the 
configuration process.  Was Tomcat restarted after the configuration was 
modified?  Is Java using a default location for the keystore? Is the 
keystore you specify in your Tomcat configuration modified when you 
execute the keytool commands?  Can you list the contents of the keystore?


If the browser can't verify the certificate, I'd guess that either 
intermediate certificates aren't available or the browser doesn't trust 
the certificate authority or the wrong address is used to access the 
server from the browser.  Detailed error messages would be helpful.


Instructions to generate a CSR are available on the Internet.  They vary 
though so you may have to dig to find something that works in your 
case.  I've found it best to use the instructions provided by the 
certificate provider.  In some cases, the prompt for first and last name 
is actually a request for the domain name to be secured. Also, a domain 
name that is at least recognized on your intranet will likely be 
required if you want to use a valid certificate.


It's been a while since I've configured Tomcat for SSL so I'm going on 
memory and can't offer much additional help.  There are others on the 
list though that probably can.  Specific details, such as Tomcat 
version, Java version and OS version and exact configuration, commands 
utilized and error messages make receiving that help more likely and 
more likely to result in success.


Hope that gets you started!

-Terence


-
To unsubscribe, e-mail: users-unsubscr...

RE: Tomcat SSL issue

2017-10-10 Thread John Ellis



John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com] 
Sent: Monday, October 9, 2017 4:49 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

On 10/9/2017 10:01 AM, John Ellis wrote:
>
> I posted questions about this a couple of weeks ago I think it was. I 
> have been trying to get Tomcat running on a secure port with a valid 
> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
> on port 9443 and I can go to that IP:port and get a Tomcat webpage but 
> when I go through all the steps using the keytool commands to submit a 
> certificate (we use Cacert.org) and try to plug that certificate into 
> the mix it doesnt work. I still get an error message telling me that 
> I will have to create an exception to go to that IP address and port.
> Last Friday I even deleted the certificate and all the keystore file, 
> etc. and got the same exact error. So it appears that Tomcat is not 
> seeing the certificate at all since I get the same error about having 
> to add an exception whether or not I have a valid certificate in place 
> on the server.
>
> The lines we added to the server.xml file to get the secure port 
> working are-
>
> 
> maxThreads="150" scheme="https" secure="true"
>
> clientAuth="false" sslProtocol="TLS"
>
>
keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk
s"
>
>keystorePass="changeit" />
>
> John Ellis
>
>Terence I have tried putting my name in where it asks for the "first and
last name" part of filling out the certificate info but when I do that the
Cacert.org website says I have to authenticate the actual internal IP
address of this server and there is no way to do that that I know of.
Thanks, 

Hi, John-

Is it a browser that's displaying the error message and requesting that you
create an exception to continue?  If so, have you looked at the additional
information to determine what problems the browser has detected with the
certificate?

-Terence Bandoian
  http://www.tmbsw.com/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat SSL issue

2017-10-10 Thread John Ellis



John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com] 
Sent: Monday, October 9, 2017 4:49 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

On 10/9/2017 10:01 AM, John Ellis wrote:
>
> I posted questions about this a couple of weeks ago I think it was. I 
> have been trying to get Tomcat running on a secure port with a valid 
> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
> on port 9443 and I can go to that IP:port and get a Tomcat webpage but 
> when I go through all the steps using the keytool commands to submit a 
> certificate (we use Cacert.org) and try to plug that certificate into 
> the mix it doesnt work. I still get an error message telling me that 
> I will have to create an exception to go to that IP address and port.
> Last Friday I even deleted the certificate and all the keystore file, 
> etc. and got the same exact error. So it appears that Tomcat is not 
> seeing the certificate at all since I get the same error about having 
> to add an exception whether or not I have a valid certificate in place 
> on the server.
>
> The lines we added to the server.xml file to get the secure port 
> working are-
>
> 
> maxThreads="150" scheme="https" secure="true"
>
> clientAuth="false" sslProtocol="TLS"
>
>
keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk
s"
>
>keystorePass="changeit" />
>
> John Ellis
>
>Thanks for the reply Terence. Yes I get the message about needing to create
a security exception when I first try to open the Tomcat webpage on the
secure port of 9443. I have deleted the certificate and supporting files off
of the server as I was going to start over with a new certificate. I believe
the error said something about not being able to verify the certificate. I
think the main issue is that this is just an internal server here in our
office running RHEL 6. It is not setup as a web server and it just has the
name of "cowboy" (given that name by my boss) so it is hard to figure out
what to call the "First and last name" part when I am creating the CSR to
send to Cacert.org. I can't just use the name "cowboy" as I don't have any
way to validate that. Have you ever run into situations like this? As I said
before I am not a programmer or developer or anything like that. My
background was in computer hardware for over 25 years until I took this
position after being laid off from what was formerly WebMD. We installed
systems in dr's offices, etc. Any light you could shed on this would be
great!
Thanks 

Hi, John-

Is it a browser that's displaying the error message and requesting that you
create an exception to continue?  If so, have you looked at the additional
information to determine what problems the browser has detected with the
certificate?

-Terence Bandoian
  http://www.tmbsw.com/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL issue

2017-10-09 Thread Terence M. Bandoian


On 10/9/2017 10:01 AM, John Ellis wrote:


I posted questions about this a couple of weeks ago I think it was. I 
have been trying to get Tomcat running on a secure port with a valid 
SSL certificate. We finally got version 9.0.0.M20 setup successfully 
on port 9443 and I can go to that IP:port and get a Tomcat webpage but 
when I go through all the steps using the keytool commands to submit a 
certificate (we use Cacert.org) and try to plug that certificate into 
the mix it doesn’t work. I still get an error message telling me that 
I will have to create an exception to go to that IP address and port. 
Last Friday I even deleted the certificate and all the keystore file, 
etc. and got the same exact error. So it appears that Tomcat is not 
seeing the certificate at all since I get the same error about having 
to add an exception whether or not I have a valid certificate in place 
on the server.


The lines we added to the server.xml file to get the secure port 
working are-




John Ellis




Hi, John-

Is it a browser that's displaying the error message and requesting that 
you create an exception to continue?  If so, have you looked at the 
additional information to determine what problems the browser has 
detected with the certificate?


-Terence Bandoian
 http://www.tmbsw.com/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL issue

2017-10-09 Thread Mark Thomas

On 09/10/17 18:48, John Ellis wrote:
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
>     
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org] 
> Sent: Monday, October 9, 2017 12:33 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Tomcat SSL issue
> 
> On 09/10/17 16:01, John Ellis wrote:
>> I posted questions about this a couple of weeks ago I think it was. I 
>> have been trying to get Tomcat running on a secure port with a valid 
>> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
>> on port
>> 9443 and I can go to that IP:port and get a Tomcat webpage but when I 
>> go through all the steps using the keytool commands to submit a 
>> certificate (we use Cacert.org) and try to plug that certificate into 
>> the mix it doesn’t work. I still get an error message telling me that 
>> I will have to create an exception to go to that IP address and port. 
>> Last Friday I even deleted the certificate and all the keystore file, 
>> etc. and got the same exact error. So it appears that Tomcat is not 
>> seeing the certificate at all since I get the same error about having 
>> to add an exception whether or not I have a valid certificate in place on
> the server.
> 
> If you get that error then Tomcat has the certificate but the client doesn't
> trust it. You need to check if:
> 
> - Tomcat is supplying the full certificate chain
> - If the client trusts the issuing CA
> 
> Mark
> 
> OK Mark can you explain to me why we get the same exact error condition with
> no certificate in place at all as when we provide a certificate?

That isn't possible. If no certificate is provided, Tomcat won't even
open the port.

I think you are going to need to provide more details about exactly how
things are configured, how you are testing it and the log messages
Tomcat provides when started (note you have to restart Tomcat after
changing the connector configuration - or anything in server.xml)

Mark


> I'm not arguing that just doesn't make any sense to me but as I said before
> I am not a programmer or developer or anything like that.
> Thanks,
> John 
> 
>>
>> The lines we added to the server.xml file to get the secure port 
>> working
>> are-
>>
>>  
>>
>> >
>>   maxThreads="150" scheme="https" secure="true"
>>
>>   clientAuth="false" sslProtocol="TLS"
>>
>>    
>>
> keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk
> s"
>>
>>     keystorePass="changeit" />
>>
>>  
>>
>> John Ellis
>>
>>  
>>
>> 405.285.2500 office
>>
>>  
>>
>> United States
>>
>> bize-logo-rgb-original_Ryan_Revised_portal size
>>  cid:image002.jpg@01CECFDA.65B42CD0
>>
>>  
>>
>> http://biz-e.io
>>
>>  
>>
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat SSL issue

2017-10-09 Thread John Ellis



John Ellis

405.285.2500 office


    

http://biz-e.io


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Monday, October 9, 2017 12:33 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

On 09/10/17 16:01, John Ellis wrote:
> I posted questions about this a couple of weeks ago I think it was. I 
> have been trying to get Tomcat running on a secure port with a valid 
> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
> on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I 
> go through all the steps using the keytool commands to submit a 
> certificate (we use Cacert.org) and try to plug that certificate into 
> the mix it doesnt work. I still get an error message telling me that 
> I will have to create an exception to go to that IP address and port. 
> Last Friday I even deleted the certificate and all the keystore file, 
> etc. and got the same exact error. So it appears that Tomcat is not 
> seeing the certificate at all since I get the same error about having 
> to add an exception whether or not I have a valid certificate in place on
the server.

If you get that error then Tomcat has the certificate but the client doesn't
trust it. You need to check if:

- Tomcat is supplying the full certificate chain
- If the client trusts the issuing CA

Mark

OK Mark can you explain to me why we get the same exact error condition with
no certificate in place at all as when we provide a certificate? 
I'm not arguing that just doesn't make any sense to me but as I said before
I am not a programmer or developer or anything like that.
Thanks,
John 

> 
> The lines we added to the server.xml file to get the secure port 
> working
> are-
> 
>  
> 
>  
>   maxThreads="150" scheme="https" secure="true"
> 
>   clientAuth="false" sslProtocol="TLS"
> 
>    
>
keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk
s"
> 
>     keystorePass="changeit" />
> 
>  
> 
> John Ellis
> 
>  
> 
> 405.285.2500 office
> 
>  
> 
> United States
> 
> bize-logo-rgb-original_Ryan_Revised_portal size
>  cid:image002.jpg@01CECFDA.65B42CD0
> 
>  
> 
> http://biz-e.io
> 
>  
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL issue

2017-10-09 Thread Mark Thomas

On 09/10/17 16:01, John Ellis wrote:
> I posted questions about this a couple of weeks ago I think it was. I
> have been trying to get Tomcat running on a secure port with a valid SSL
> certificate. We finally got version 9.0.0.M20 setup successfully on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I go
> through all the steps using the keytool commands to submit a certificate
> (we use Cacert.org) and try to plug that certificate into the mix it
> doesn’t work. I still get an error message telling me that I will have
> to create an exception to go to that IP address and port. Last Friday I
> even deleted the certificate and all the keystore file, etc. and got the
> same exact error. So it appears that Tomcat is not seeing the
> certificate at all since I get the same error about having to add an
> exception whether or not I have a valid certificate in place on the server.

If you get that error then Tomcat has the certificate but the client
doesn't trust it. You need to check if:

- Tomcat is supplying the full certificate chain
- If the client trusts the issuing CA

Mark


> 
> The lines we added to the server.xml file to get the secure port working
> are-
> 
>  
> 
>  
>   maxThreads="150" scheme="https" secure="true"
> 
>   clientAuth="false" sslProtocol="TLS"
> 
>    
> keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks"
> 
>     keystorePass="changeit" />
> 
>  
> 
> John Ellis
> 
>  
> 
> 405.285.2500 office
> 
>  
> 
> United States
> 
> bize-logo-rgb-original_Ryan_Revised_portal size  
>  cid:image002.jpg@01CECFDA.65B42CD0
> 
>  
> 
> http://biz-e.io
> 
>  
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat SSL issue

2017-10-09 Thread John Ellis



John Ellis

405.285.2500 office




http://biz-e.io

-Original Message-
From: Jose María Zaragoza [mailto:demablo...@gmail.com] 
Sent: Monday, October 9, 2017 11:25 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

2017-10-09 17:01 GMT+02:00 John Ellis <john.el...@lsgsolutions.com>:

> I posted questions about this a couple of weeks ago I think it was. I 
> have been trying to get Tomcat running on a secure port with a valid 
> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
> on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I 
> go through all the steps using the keytool commands to submit a 
> certificate (we use Cacert.org) and try to plug that certificate into 
> the mix it doesn’t work. I still get an error message telling me that 
> I will have to create an exception to go to that IP address and port. 
> Last Friday I even deleted the certificate and all the keystore file, 
> etc. and got the same exact error. So it appears that Tomcat is not 
> seeing the certificate at all since I get the same error about having 
> to add an exception whether or not I have a valid certificate in place on the 
> server.
>
> The lines we added to the server.xml file to get the secure port 
> working
> are-
>
>
>
> 
>   maxThreads="150" scheme="https" secure="true"
>
>   clientAuth="false" sslProtocol="TLS"
>
> keystoreFile="/home/tomcat9.0.
> 0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks"
>
> keystorePass="changeit" />
>


Maybe you should use  element, do you ?

Read:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig

Each secure connector must define at least one *SSLHostConfig*


I thought that was only for version 9? However I believe we did try that and 
got the same result last week.




>
>
> John Ellis
>
>
>
> 405.285.2500 office
>
>
>
> [image: United States]
>
> [image: bize-logo-rgb-original_Ryan_Revised_portal size][image:
> cid:image002.jpg@01CECFDA.65B42CD0]
>
>
>
> http://biz-e.io
>
>
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL issue

2017-10-09 Thread Jose María Zaragoza

2017-10-09 17:01 GMT+02:00 John Ellis :

> I posted questions about this a couple of weeks ago I think it was. I have
> been trying to get Tomcat running on a secure port with a valid SSL
> certificate. We finally got version 9.0.0.M20 setup successfully on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I go
> through all the steps using the keytool commands to submit a certificate
> (we use Cacert.org) and try to plug that certificate into the mix it
> doesn’t work. I still get an error message telling me that I will have to
> create an exception to go to that IP address and port. Last Friday I even
> deleted the certificate and all the keystore file, etc. and got the same
> exact error. So it appears that Tomcat is not seeing the certificate at all
> since I get the same error about having to add an exception whether or not
> I have a valid certificate in place on the server.
>
> The lines we added to the server.xml file to get the secure port working
> are-
>
>
>
> 
>   maxThreads="150" scheme="https" secure="true"
>
>   clientAuth="false" sslProtocol="TLS"
>
> keystoreFile="/home/tomcat9.0.
> 0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks"
>
> keystorePass="changeit" />
>


Maybe you should use  element, do you ?

Read:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig

Each secure connector must define at least one *SSLHostConfig*





>
>
> John Ellis
>
>
>
> 405.285.2500 office
>
>
>
> [image: United States]
>
> [image: bize-logo-rgb-original_Ryan_Revised_portal size][image:
> cid:image002.jpg@01CECFDA.65B42CD0]
>
>
>
> http://biz-e.io
>
>
>

Tomcat SSL issue

2017-10-09 Thread John Ellis

I posted questions about this a couple of weeks ago I think it was. I have
been trying to get Tomcat running on a secure port with a valid SSL
certificate. We finally got version 9.0.0.M20 setup successfully on port
9443 and I can go to that IP:port and get a Tomcat webpage but when I go
through all the steps using the keytool commands to submit a certificate (we
use Cacert.org) and try to plug that certificate into the mix it doesn't
work. I still get an error message telling me that I will have to create an
exception to go to that IP address and port. Last Friday I even deleted the
certificate and all the keystore file, etc. and got the same exact error. So
it appears that Tomcat is not seeing the certificate at all since I get the
same error about having to add an exception whether or not I have a valid
certificate in place on the server.

The lines we added to the server.xml file to get the secure port working
are-

 



 

John Ellis

 

405.285.2500 office

 





 

http://biz-e.io

RE: Tomcat SSL - Issue

Re: Tomcat SSL - Issue

Re: Tomcat SSL - Issue

RE: Tomcat SSL - Issue

Re: Tomcat SSL - Issue

Re: Tomcat SSL - Issue

RE: Tomcat SSL - Issue

RE: Tomcat SSL - Issue

Tomcat SSL - Issue

RE: Tomcat SSL issue

RE: Tomcat SSL issue

RE: Tomcat SSL issue

Re: Tomcat SSL issue

Re: Tomcat SSL issue

RE: Tomcat SSL issue

Re: Tomcat SSL issue

RE: Tomcat SSL issue

Re: Tomcat SSL issue

Tomcat SSL issue

19 matches

Site Navigation

Mail list logo

Footer information