Re: SSL client cert selection dialog not showing up on cloned deployment of tomcat 7 for windows x64

2016-01-20 Thread Gael Abadin
None of us had. Now both of us have, and still the same result ¯\_(ツ)_/¯

The DNS response is all the same, because for development we are using
internal lan ip access (or localhost), not domain-based. And self-signed
certificates.

I thought maybe it was some Java security configuration, but looking at it
on the Windows Control Panel widget we also have the same

Anyway, thanks for the tips! :-)




2016-01-19 16:49 GMT+01:00 Christopher Schultz :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Gael,
>
> On 1/19/16 6:37 AM, Gael Abadin wrote:
> > Thanks for the reply :-)
> >
> > I've checked for all that!
> >
> > I even ended up copying my tomcat folder and my eclipse tomcat
> > configuration folder from my computer to his,
> >
> > So they are literally the same configuration.
> >
> > I know the connector configuration is being read because if, for
> > example, I remove the .keystore file I get an error. Or if I change
> > the port the SSL connector starts listening on that port on
> > deployment.
> >
> > Also, I made sure we are launching using the same JRE.
> >
> > I tried clientAuth="true" instead of "want". And accesing from my
> > browser on my computer. Still no client certificate request. Log
> > files don't show any errors.
> >
> > We even tried to reboot the system ^^'.
> >
> > Eclipse versions differ, but I don't see how that could result in
> > tomcat not requesting SSL client certs...
> >
> > Anyway, since we couldn't find the cause I recommended him to use a
> > fresh tomcat 7 install, download the last eclipse-JEE and java SDK,
> > using a new workbench, and starting a new project redownloading the
> > source files from the repo. It's a little overkill, but that should
> > do it...
>
> Is it possible that one of you has added-on for instance the
> "unlimited encryption" setting in the JRE and the other has not?
>
> I'm grasping at straws here because it seems like you've looked at all
> the usual things that could have gone wrong.
>
> Bad DNS response? (!!?)
>
> - -chris
>
> > 2016-01-19 1:59 GMT+01:00 Christopher Schultz
> >  :
> >
> >> Gael,
> >>
> >> On 1/11/16 11:46 AM, Gael Abadin wrote:
> >>> The server certificate is self signed. Appart from the typical
> >>> warning we see no errors when we check it.
> >>>
> >>> His system (windows) clock is synchronized using microsoft's
> >>> NTP server, same as mine.
> >>>
> >>> This is really weird because I have already delopoyed the same
> >>> app and config in two other systems, appart from mine, without
> >>> any issues, and
> >> his
> >>> and mine are basically the same...
> >>
> >> Run "diff" on the two conf/server.xml files from the two
> >> servers? Different conf/context.xml file? How about a
> >> conf/[engine]/[host]/[app].xml file making a difference in one or
> >> the other environment?
> >>
> >> -chris
> >>
> >> -
> >>
> >>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> >
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlaeWvEACgkQ9CaO5/Lv0PD+ZwCdEckChNr97VUhice9tPr5BnE9
> lp4AoILZ9L0uycFJx+hf4Tt7CMpDTPX7
> =2t5+
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 



.

Alberto Gael Abadin Martinez
Junior Developer

[image: IMATIA]

www.imatia.com

*Tel: *+34 986 342 774 ext 4531

*Email: *gael.aba...@imatia.com
Edificio CITEXVI
Fonte das Abelleiras, s/n - Local 27
36310 Vigo (Pontevedra)
España

.



.

Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
contener información confidencial, siendo para uso exclusivo del
destinatario. Queda prohibida su divulgación copia o distribución a
terceros sin la autorización expresa del remitente. Si usted ha recibido
este mensaje erróneamente, se ruega lo notifique al remitente y proceda a
su borrado. Gracias por su colaboración.
This message, and in the case of any file annexed to it, can have
confidential information, and it is exclusively for the use of the
addressee of the message. It is strictly forbidden to spread a copy or
distribute to third parties, without the express order of the sender. If
you have received this message mistakenly, we request you to notify to the
sender, and please be sure to erase it. Thank you for your collaboration.

.


Re: SSL client cert selection dialog not showing up on cloned deployment of tomcat 7 for windows x64

2016-01-19 Thread Gael Abadin
Thanks for the reply :-)

I've checked for all that!

I even ended up copying my tomcat folder and my eclipse tomcat
configuration folder from my computer to his,

So they are literally the same configuration.

I know the connector configuration is being read because if, for example, I
remove the .keystore file I get an error. Or if I change the port the SSL
connector starts listening on that port on deployment.

Also, I made sure we are launching using the same JRE.

I tried clientAuth="true" instead of "want". And accesing from my browser
on my computer. Still no client certificate request. Log files don't show
any errors.

We even tried to reboot the system ^^'.

Eclipse versions differ, but I don't see how that could result in tomcat
not requesting SSL client certs...

Anyway, since we couldn't find the cause I recommended him to use a fresh
tomcat 7 install, download the last eclipse-JEE and java SDK, using a new
workbench, and starting a new project redownloading the source files from
the repo. It's a little overkill, but that should do it...

2016-01-19 1:59 GMT+01:00 Christopher Schultz 
:

> Gael,
>
> On 1/11/16 11:46 AM, Gael Abadin wrote:
> > The server certificate is self signed. Appart from the typical warning we
> > see no errors when we check it.
> >
> > His system (windows) clock is synchronized using microsoft's NTP server,
> > same as mine.
> >
> > This is really weird because I have already delopoyed the same app and
> > config in two other systems, appart from mine, without any issues, and
> his
> > and mine are basically the same...
>
> Run "diff" on the two conf/server.xml files from the two servers?
> Different conf/context.xml file? How about a
> conf/[engine]/[host]/[app].xml file making a difference in one or the
> other environment?
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 



.

Alberto Gael Abadin Martinez
Junior Developer

[image: IMATIA]

www.imatia.com

*Tel: *+34 986 342 774 ext 4531

*Email: *gael.aba...@imatia.com
Edificio CITEXVI
Fonte das Abelleiras, s/n - Local 27
36310 Vigo (Pontevedra)
España

.



.

Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
contener información confidencial, siendo para uso exclusivo del
destinatario. Queda prohibida su divulgación copia o distribución a
terceros sin la autorización expresa del remitente. Si usted ha recibido
este mensaje erróneamente, se ruega lo notifique al remitente y proceda a
su borrado. Gracias por su colaboración.
This message, and in the case of any file annexed to it, can have
confidential information, and it is exclusively for the use of the
addressee of the message. It is strictly forbidden to spread a copy or
distribute to third parties, without the express order of the sender. If
you have received this message mistakenly, we request you to notify to the
sender, and please be sure to erase it. Thank you for your collaboration.

.


Re: SSL client cert selection dialog not showing up on cloned deployment of tomcat 7 for windows x64

2016-01-19 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gael,

On 1/19/16 6:37 AM, Gael Abadin wrote:
> Thanks for the reply :-)
> 
> I've checked for all that!
> 
> I even ended up copying my tomcat folder and my eclipse tomcat 
> configuration folder from my computer to his,
> 
> So they are literally the same configuration.
> 
> I know the connector configuration is being read because if, for
> example, I remove the .keystore file I get an error. Or if I change
> the port the SSL connector starts listening on that port on
> deployment.
> 
> Also, I made sure we are launching using the same JRE.
> 
> I tried clientAuth="true" instead of "want". And accesing from my
> browser on my computer. Still no client certificate request. Log
> files don't show any errors.
> 
> We even tried to reboot the system ^^'.
> 
> Eclipse versions differ, but I don't see how that could result in
> tomcat not requesting SSL client certs...
> 
> Anyway, since we couldn't find the cause I recommended him to use a
> fresh tomcat 7 install, download the last eclipse-JEE and java SDK,
> using a new workbench, and starting a new project redownloading the
> source files from the repo. It's a little overkill, but that should
> do it...

Is it possible that one of you has added-on for instance the
"unlimited encryption" setting in the JRE and the other has not?

I'm grasping at straws here because it seems like you've looked at all
the usual things that could have gone wrong.

Bad DNS response? (!!?)

- -chris

> 2016-01-19 1:59 GMT+01:00 Christopher Schultz
>  :
> 
>> Gael,
>> 
>> On 1/11/16 11:46 AM, Gael Abadin wrote:
>>> The server certificate is self signed. Appart from the typical
>>> warning we see no errors when we check it.
>>> 
>>> His system (windows) clock is synchronized using microsoft's
>>> NTP server, same as mine.
>>> 
>>> This is really weird because I have already delopoyed the same
>>> app and config in two other systems, appart from mine, without
>>> any issues, and
>> his
>>> and mine are basically the same...
>> 
>> Run "diff" on the two conf/server.xml files from the two
>> servers? Different conf/context.xml file? How about a 
>> conf/[engine]/[host]/[app].xml file making a difference in one or
>> the other environment?
>> 
>> -chris
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
> 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlaeWvEACgkQ9CaO5/Lv0PD+ZwCdEckChNr97VUhice9tPr5BnE9
lp4AoILZ9L0uycFJx+hf4Tt7CMpDTPX7
=2t5+
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: SSL client cert selection dialog not showing up on cloned deployment of tomcat 7 for windows x64

2016-01-18 Thread Christopher Schultz
Gael,

On 1/11/16 11:46 AM, Gael Abadin wrote:
> The server certificate is self signed. Appart from the typical warning we
> see no errors when we check it.
> 
> His system (windows) clock is synchronized using microsoft's NTP server,
> same as mine.
> 
> This is really weird because I have already delopoyed the same app and
> config in two other systems, appart from mine, without any issues, and his
> and mine are basically the same...

Run "diff" on the two conf/server.xml files from the two servers?
Different conf/context.xml file? How about a
conf/[engine]/[host]/[app].xml file making a difference in one or the
other environment?

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



SSL client cert selection dialog not showing up on cloned deployment of tomcat 7 for windows x64

2016-01-11 Thread Gael Abadin
A colleague was having trouble setting up client cert auth on this web app
we are developing. He tried the latest tomcat 6 and 7 win32 installs using
java 6 and 7 SDKs. He was able to bring up the app on HTTPS, launching it
from eclipse, but even though the SSL connector had clientAuth="want" there
was no client cert request when establishing the SSL connection.

I had a similar problem before because of an expired self-signed server
certificate so I sent him my .keystore file with the new cert that I am
using and he replaced his with mine. Still a no go.

Then I sent him my own tomcat and eclipse tomcat x64 deployment config and
we switched his runtime to the same as mine (latest Java 8 x64). Same
problem.

At this point I don't know what else to try. His setup is exactly the same
as mine, but I can't get the client auth to work on his.

Any ideas?



-- 



.

Alberto Gael Abadin Martinez
Junior Developer

[image: IMATIA]

www.imatia.com

*Tel: *+34 986 342 774 ext 4531

*Email: *gael.aba...@imatia.com
Edificio CITEXVI
Fonte das Abelleiras, s/n - Local 27
36310 Vigo (Pontevedra)
España

.



.

Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
contener información confidencial, siendo para uso exclusivo del
destinatario. Queda prohibida su divulgación copia o distribución a
terceros sin la autorización expresa del remitente. Si usted ha recibido
este mensaje erróneamente, se ruega lo notifique al remitente y proceda a
su borrado. Gracias por su colaboración.
This message, and in the case of any file annexed to it, can have
confidential information, and it is exclusively for the use of the
addressee of the message. It is strictly forbidden to spread a copy or
distribute to third parties, without the express order of the sender. If
you have received this message mistakenly, we request you to notify to the
sender, and please be sure to erase it. Thank you for your collaboration.

.


Re: SSL client cert selection dialog not showing up on cloned deployment of tomcat 7 for windows x64

2016-01-11 Thread Gael Abadin
The server certificate is self signed. Appart from the typical warning we
see no errors when we check it.

His system (windows) clock is synchronized using microsoft's NTP server,
same as mine.

This is really weird because I have already delopoyed the same app and
config in two other systems, appart from mine, without any issues, and his
and mine are basically the same...

2016-01-11 16:51 GMT+01:00 David Balažic :

> Wrong system clock?
>
> What does the client say? (about the server certificate. Is it valid?
> Expired?)
>
> Regards,
> David Balažic
> Software Engineer
> www.comtrade.com
>
> > -Original Message-
> > From: Gael Abadin [mailto:gael.aba...@imatia.com]
> > Sent: 11. January 2016 10:16
> > To: Tomcat Users List
> > Subject: SSL client cert selection dialog not showing up on cloned
> > deployment of tomcat 7 for windows x64
> > Importance: Low
> >
> > A colleague was having trouble setting up client cert auth on this web
> app
> > we are developing. He tried the latest tomcat 6 and 7 win32 installs
> using
> > java 6 and 7 SDKs. He was able to bring up the app on HTTPS, launching it
> > from eclipse, but even though the SSL connector had clientAuth="want"
> > there
> > was no client cert request when establishing the SSL connection.
> >
> > I had a similar problem before because of an expired self-signed server
> > certificate so I sent him my .keystore file with the new cert that I am
> > using and he replaced his with mine. Still a no go.
> >
> > Then I sent him my own tomcat and eclipse tomcat x64 deployment config
> > and
> > we switched his runtime to the same as mine (latest Java 8 x64). Same
> > problem.
> >
> > At this point I don't know what else to try. His setup is exactly the
> same
> > as mine, but I can't get the client auth to work on his.
> >
> > Any ideas?
> >
> >
> >
> > --
> >
> >
> >
> > .
> >
> > Alberto Gael Abadin Martinez
> > Junior Developer
> >
> > [image: IMATIA]
> >
> > www.imatia.com
> >
> > *Tel: *+34 986 342 774 ext 4531
> >
> > *Email: *gael.aba...@imatia.com
> > Edificio CITEXVI
> > Fonte das Abelleiras, s/n - Local 27
> > 36310 Vigo (Pontevedra)
> > España
> >
> > .
> > 
> > 
> >
> > .
> >
> > Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
> > contener información confidencial, siendo para uso exclusivo del
> > destinatario. Queda prohibida su divulgación copia o distribución a
> > terceros sin la autorización expresa del remitente. Si usted ha recibido
> > este mensaje erróneamente, se ruega lo notifique al remitente y proceda a
> > su borrado. Gracias por su colaboración.
> > This message, and in the case of any file annexed to it, can have
> > confidential information, and it is exclusively for the use of the
> > addressee of the message. It is strictly forbidden to spread a copy or
> > distribute to third parties, without the express order of the sender. If
> > you have received this message mistakenly, we request you to notify to
> the
> > sender, and please be sure to erase it. Thank you for your collaboration.
> >
> > .
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 



.

Alberto Gael Abadin Martinez
Junior Developer

[image: IMATIA]

www.imatia.com

*Tel: *+34 986 342 774 ext 4531

*Email: *gael.aba...@imatia.com
Edificio CITEXVI
Fonte das Abelleiras, s/n - Local 27
36310 Vigo (Pontevedra)
España

.



.

Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
contener información confidencial, siendo para uso exclusivo del
destinatario. Queda prohibida su divulgación copia o distribución a
terceros sin la autorización expresa del remitente. Si usted ha recibido
este mensaje erróneamente, se ruega lo notifique al remitente y proceda a
su borrado. Gracias por su colaboración.
This message, and in the case of any file annexed to it, can have
confidential information, and it is exclusively for the use of the
addressee of the message. It is strictly forbidden to spread a copy or
distribute to third parties, without the express order of the sender. If
you have received this message mistakenly, we request you to notify to the
sender, and please be sure to erase it. Thank you for your collaboration.

.


RE: SSL client cert selection dialog not showing up on cloned deployment of tomcat 7 for windows x64

2016-01-11 Thread David Balažic
Wrong system clock?

What does the client say? (about the server certificate. Is it valid? Expired?)

Regards,
David Balažic
Software Engineer
www.comtrade.com

> -Original Message-
> From: Gael Abadin [mailto:gael.aba...@imatia.com]
> Sent: 11. January 2016 10:16
> To: Tomcat Users List
> Subject: SSL client cert selection dialog not showing up on cloned
> deployment of tomcat 7 for windows x64
> Importance: Low
> 
> A colleague was having trouble setting up client cert auth on this web app
> we are developing. He tried the latest tomcat 6 and 7 win32 installs using
> java 6 and 7 SDKs. He was able to bring up the app on HTTPS, launching it
> from eclipse, but even though the SSL connector had clientAuth="want"
> there
> was no client cert request when establishing the SSL connection.
> 
> I had a similar problem before because of an expired self-signed server
> certificate so I sent him my .keystore file with the new cert that I am
> using and he replaced his with mine. Still a no go.
> 
> Then I sent him my own tomcat and eclipse tomcat x64 deployment config
> and
> we switched his runtime to the same as mine (latest Java 8 x64). Same
> problem.
> 
> At this point I don't know what else to try. His setup is exactly the same
> as mine, but I can't get the client auth to work on his.
> 
> Any ideas?
> 
> 
> 
> --
> 
> 
> 
> .
> 
> Alberto Gael Abadin Martinez
> Junior Developer
> 
> [image: IMATIA]
> 
> www.imatia.com
> 
> *Tel: *+34 986 342 774 ext 4531
> 
> *Email: *gael.aba...@imatia.com
> Edificio CITEXVI
> Fonte das Abelleiras, s/n - Local 27
> 36310 Vigo (Pontevedra)
> España
> 
> .
> 
> 
> 
> .
> 
> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
> contener información confidencial, siendo para uso exclusivo del
> destinatario. Queda prohibida su divulgación copia o distribución a
> terceros sin la autorización expresa del remitente. Si usted ha recibido
> este mensaje erróneamente, se ruega lo notifique al remitente y proceda a
> su borrado. Gracias por su colaboración.
> This message, and in the case of any file annexed to it, can have
> confidential information, and it is exclusively for the use of the
> addressee of the message. It is strictly forbidden to spread a copy or
> distribute to third parties, without the express order of the sender. If
> you have received this message mistakenly, we request you to notify to the
> sender, and please be sure to erase it. Thank you for your collaboration.
> 
> .

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org