As I continue to plug away on this, I've answered some of my own questions
from yesterday...Am I not able to start Tomcat with SSL enabled without
having the
authentication certificate generated? The answer to this would be NO.
Is there anyway to get around this? I think I may have come up with a
solution, but am coming upon another roadblock...if I save the HTTPS
certificate in the trusted folder on the browser client, the Security Alert
dialog box does not display each time that I access the web application
(which hopefully will get me around my problem...we'll see!)
However, in the directions I found
(http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a00803fe674.html)
there is a note about if you're using localhost to access the application,
which I am; however, I can't seem to get the certificate to save in the
trusted folder for the localhost.....
Note If you use the localhost, the IP address, or the hostname in the
URL to access the application that supports HTTPS, you must save the
certificate in the
trusted folder for each of type of URL (with the local host, IP address,
and so on); otherwise, the Security Alert dialog box displays for each type.
PLEASE, any additional help or instructions would be greatly appreciated!
Thank you.
----- Original Message -----
From: "Jeanna Geier" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, August 29, 2006 4:21 PM
Subject: Re: Slide and Secure Site Access (https)
So I've been working on this issue some more and I have some additional
newbie questions that I'm hoping someone can help me with....
I decided to delete the authentication certificate to verify that thats
what's causing my issue so I cleared out my keystore.
My Slide server.xml file settings are as follows:
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector port="80"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" URIEncoding="UTF-8"/>
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector port="443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" keystorePass="319main"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>
My web.xml file settings are:
<security-constraint>
<web-resource-collection>
<web-resource-name>DAV resource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>COPY</http-method>
.
.
<http-method>POLL</http-method>
<http-method>NOTIFY</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>root</role-name>
<role-name>guest</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<user-data-constraint>
<description>Constrain the entire application to force use of
HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
When I attempt to start the Tomcat Server I get the following errors:
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:368)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:549)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:595)
Aug 29, 2006 4:15:29 PM org.apache.tomcat.util.net.PoolTcpEndpoint
acceptSocket
WARNING: Reinitializing ServerSocket
Aug 29, 2006 4:15:29 PM org.apache.tomcat.util.net.PoolTcpEndpoint
acceptSocket
SEVERE: Endpoint [SSL:
ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=443]]
ignored exception: java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException:
No available certificate or key corresponds to the SSL cipher suites which
are enabled.
However, if I generate a keyfile: "keytool -genkey -alias tomcat -keyalg
RSA", and start Tomcat, this error goes away and the Tomcat Server starts.
Questions: Am I not able to start Tomcat with SSL enabled without having
the authentication certificate generated? Is there anyway to get around
this? If not, could anyone help me with my original issue below (which I
am eventually going to have to address anyways =))?
Thanks much!
----- Original Message -----
From: "Jeanna Geier" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, August 22, 2006 4:24 PM
Subject: Slide and Secure Site Access (https)
Hi, I'm having some problems accessing a secure site and would appreciate
any assistance anyone could give me. I'm a newbie here, so please bear
with me.
When trying to connect using the Slide client run.bat, the following error
is occurring:
[ Slide ] $ open https://localhost/slide/files
connect https://localhost/slide/files/
Error: sun.security.validator.ValidatorException: PKIX path building
failed: sun
.security.provider.certpath.SunCertPathBuilderException: unable to find
valid ce
rtification path to requested target
[ Slide ] $
However, if I try to connect via Internet Explorer, I don't have any
problems (I am able to connect and see the authentication certificate as
expected).
Another issue that I'm running into is that when trying to build the
project using NetBeans, it is returning an error that it can't find the
documents it needs (https://localhost/slide/files/Documents), even though
they are out there. I'm assuming these two issues are related...
These error started occurring after adding the following authentication
info in my jakarta-slide-2.1-tomcat-5.0.28\webapps\slide\WEB-INF\web.xml
file:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>Constrain the entire application to force use of
HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Thanks in advance for any help you can provide!
Jeanna
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
