Hi Scott, Let me start from beginning so that it will be easy for you to understand everything by reading this email only.
Enviroment: Tomcat 5.5.12 J2SE 1.5.x ------------------------------------------------ Overview: (1) Generate key and certificate request (csr). (2) Submit csr (and may be key) to Verisign or Thawte to get signed certificate. If you dont want to use paid service, then you have to use self-signed certificate. This is either-or ways. You dont need to generate self-signed certificate if you get one from Verisign or Thawte. After this step, you have key and certificate (either selfsigned or Versign-signed) with you. (3) Configure tomcat according to key and certificate that you have. (4) Restart the tomcat and SSL is enabled. Test it. (5) Read the documentation for more configuration option or how to use SSL in your webapplication. ------------------------------------------------ Explanation: There are two ways of configuring SSL with Tomcat: (1) Using JSSE (which is included in J2SE 1.4 or higher. In this method, you have to generate key and certificate request (csr) using keytool which is provied by J2SE. After you have generated certificate request, you have to submit that csr to Verisign or Thawte for real signed certificate. Then you have to use that certificate in your Tomcat SSL configuration. I will mention how to configure tomcat using later in this email. Based upon my understanding, this is good for testing purpose. For production environment, you need something more stable and secure. That's when OpenSSL comes in. Also if you want to use JSSE, you can't able to use APR (Apache Portable Runtime) with your Tomcat 5.5.12 because APR uses OpenSSL to provide SSL service. (2) Using OpenSSL Here you have to use SSL to generate key and csr. Again you have to submit it to Verisign or Thawte to get signed certificate or you can generate self-sign certificate using OpenSSL too. This option is more secure then JSSE and it is preferrable in production environment. It is not difficult to configure. Using this option, you can use APR but for that you need OpenSSL and other libraries. It is not difficult but few more steps, which we will see later in this email. ------------------------------------------------ I believe that you generated key and csr using JSSE (keytool). Then you have submitted that csr to Verisign. You got certificate from them. So this cerficate is actually generated using JSSE. It means that you can't use this cerficate to configure Tomcat with APR. Also you can't mix above two SSL opentions (ie. generate key/csr and obtained certificate from Verisign using JSSE and use it in APR configuration). Now let's take alook at how to configure it using both ways. ------------------------------------------------ Configuration: (1) Using JSSE The configuration using JSSE is relatively easy. Follow Tomcat documentation page at http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html and you will be able to make it enable. One excellent link that I found on Tomcat mailing list is http://marc.theaimsgroup.com/?l=tomcat-user&m=106293430225790&w=2 . It describes hybrid technique of OpenSSL and JSSE to generate keystore. APR can NOT be used in this configuration. You must be thinking that if it uses OpenSSL why I can't use APR. This document is very old (though it works) and when it was written there was not any APR. So it does not reflact APR. Also this is hybrid technique to generate and self-sign certificate. If you want to use APR, you have to use ONLY OpenSSL. There is no JSSE involved in this process. (2) Using OpenSSL (with APR) You already know the configuration but I am listing here one more time. Also this is standalone tomcat configuration, no apache or mod_jk is involved. (Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 ) (a) openssl req -new -out server.csr (This will generate csr and private key. Make sure you feel the values correctly on openssl command prompt.) (b) openssl rsa -in privkey.pem -out server.key (This removes the passphrase from the private key. Also delete generated .rnd file) (c) Here there are two (either or) possibilities: (i) save the key and submit this csr to Verisign. They will sign it and give you the final certificate (.crt format may be). You may also need to give them key. (this is paid option but mostly used in production environment) (ii) create self-signed certificate. openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 (this is free but it can be used in production environment. You dont need to perform this step if you have certificate from Versign) (d) After step-(c) you have key and certificate. Now let's configure tomcat 5.5.12. Download openssl.exe and tcnative-1.dll from http://tomcat.heanet.ie/native/ . Make sure you select appropriate windows platform. (32bit or 64 bit). Put those file in TOMCAT_HOME\bin. (e) Edit the server.xml in Tomcat and make changes in SSL connector following way: <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" scheme="https" secure="true" SSLEngine="on" SSLCertificateFile="path_to_server.crt" SSLCertificateKeyFile="path_to_server.key" /> Also you can customize the port number as I explained earlier. (f) Restart the tomcat and test SSL. --------------------------------------- Further reading: JSSE + OpenSSL Hybrid Approch: http://marc.theaimsgroup.com/?l=tomcat-user&m=106293430225790&w=2 Tomcat thread (Nate's messages about more explanation) http://www.mail-archive.com/users%40tomcat.apache.org/msg02402.html More detail information about key and cerficates (Nate's explanation) http://www.mail-archive.com/users%40tomcat.apache.org/msg02329.html Tomcat + OpenSSL Documentation http://tomcat.apache.org/tomcat-5.5-doc/index.html http://www.openssl.org Enabling SSL in Apahe as well as running openssl.exe (provied by tomcat APR binaries) on Windows machine http://www.fatofthelan.com/articles/articles.php?pid=12 ------------------------------------------------ Scott, since you are interested enableing APR, let's forget about keytool and JSSE for now and only concentrate/use OpenSSL. I think if you generate new key and csr using OpenSSL and request Verisign to issue new cerficate based upon that key and csr, they will give you new cerficate. Then you can use that cerficate (certificate.crt) with key in your tomcat configuration. Since you know that with self-signed certificate, things are working so they should work with Verisign-signed certificate also. Let us know how it goes. Regards, D --> --- Scott Purcell <[EMAIL PROTECTED]> wrote: > Do you think Verisign should be able to supply me with a openSSL > certificate? Maybe that would help. I just don't know enough about this to > make any logical sense. I will email Verisign and see what they say. > > Thanks, > Scott > > PS, did you have Nates earlier email you described below? If so could you > email me it? > > Thanks > > > ----- Original Message ----- > From: "Dhaval Patel" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Saturday, December 03, 2005 1:13 PM > Subject: Re: SSL InvalidKeystore Format? > > > > Scott, > > > > You might have to use OpenSSL instead of keytool. OpenSSL is > recommended in production > > environment. Also if you want to use APR+SSL, you might have to use > OpenSSL (I am not sure about > > it). So you have to generate key using openssl and then supplied key to > Verisign. If you have > > time, read my and Nate's previous messages. Nate's message explains a lot > about key, certificate > > and encoding. > > > > I am not quite sure wheter this key+certificate will work with APR+SSL > since they were > > generated using keytool. But you can try. > > > > Let us know if it works or not. > > > > Regards, > > D > > > > --- Scott Purcell <[EMAIL PROTECTED]> wrote: > > > > > Just found this in my email mess: Thanks for responding: > > > Here is what I supplied to verisign for my certificate: > > > > > > 1) Prepared the Keystore: > > > keytool -genkey -keystore myKeystore -alias keystoreAlias > > > (it asked for me for passwords, etc.); > > > > > > 2) Generated a CSR > > > a) keytool -genkey -alias keystoreAlias -keyalg RSA -keystore > myKeystore > > > b) keytool -certreq -keyalg RSA -alias keystoreAlias -file > > > certreq.csr -keystore myKeystore > > > > > > .... so it looks like I used keytool, and not openssl. > > > > > > Then they send me back a > > > cert.cer file in my email: > > > > > > ####### > > > 2) I was not able to download it from anywhere, as it came in my email: > > > > > > 3) I was able to get the SSL running in a ssl format using the supplied > link > > > from fatofthelan.com article pid=12 > > > and currently have a generic certificate running. > > > > > > > > > Thanks, > > > Scott > > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > From: "Nate Rock" <[EMAIL PROTECTED]> > > > To: "Tomcat Users List" <users@tomcat.apache.org> > > > Sent: Friday, December 02, 2005 8:50 AM > > > Subject: RE: SSL InvalidKeystore Format? > > > > > > > > > Dhaval your explincation was excellent! I think with a bit more > information > > > about how exactly Scott got his certificate from verisign, I think we > can > > > help him out a bit more. > > > > > > 1. What did you use to create your Certificate Request (csr) to > verisign? > > > > > > -IIS > > > -java keytool > > > -openssl > > > > > > 2. after you received your signed certificate back from verisign, what > > > format did you download it in? > > > > > > -PKCS7 - signed cert only - DER binary encoding > > > -PEM - signed cert only > > > > > > 3. After you got the signed certificate what format is your keystore? > > > > > > -PKCS12 - pub/priv keys + signed certificate > > > -JKS - pub/priv keys + signed certificate (sun specific format > > > -PEM - single file with both PEM encoded (RSA formatted, non > encrypted!) > > > private key concatinated on to the PEM encoded signed cert > > > -PEM - two files > > > 1. one contain the PEM encoded (RSA formattd, non-encrypted private > key - > > > server.key > > > 2. one containing the PEM encoded signed cert > > > > > > The native ARP connector only supports the last two file formats, so if > you > > > have a PKCS12 refer to my previous posting expliaining how to split a > PKCS12 > > > file into multiple PEM Encoded files. > > > > > > Just for the record, I belive you can go back to verisign and download > your > > > signed certificate in multiple formats... > > > > > > I am also in the process of parsing out a signed by verisign certificate > to > > > see if it's even possible. We may be stuck using self signed > certificates > > > for now because the APR connector doesn't support he following > attributes > > > yet: > > > > > > SSLCACertificateFile > > > SSLCACertificatePath > > > > > > These attributes are supported allowing you to specify which CA's you > accept > > > outside of the "default" ones (who's location I am still trying to > > > trackdown). > > > > > > -rOcK > > > > > > -----Original Message----- > > > From: Dhaval Patel [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, December 01, 2005 8:48 PM > > > To: Tomcat Users List > > > Subject: Re: SSL InvalidKeystore Format? > > > > > > Hi Scott, > > > > > > Good to hear that it works. Thank also go to Remy and Nate Rock. > > > > > > You have purchased SSL. In this purchase process, did you submit > > > Certificate Request (csr) to Verisign? As far as I know the process of > > > getting signed SSL certificate is first you have to generate certificate > > > request (csr), then you have to submit this csr to Verisign or Thawte, > then > > > they will give you actual signed certificate (.crt) and then you have to > use > > > that crt in this process. > > > > > > Based upon my knowledge,to incorporate Verisign certificate, steps are > as > > > follows: > > > (Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 ) > > > (1) openssl req -new -out server.csr (This will generate csr and private > > > key. Make sure you feel the values correctly on openssl command > prompt. ) > > > (2) openssl rsa -in privkey.pem -out server.key (This removes the > passphrase > > > from the private key. > > > Also delete generated .rnd file) > > > (3) Here there are two (either or) possibilities: > > > > > > (a) save the key and submit this csr to Verisign. They will sign it > and > > > give you the final certificate (.crt format may be). You may also need > to > > > give them key. (this is paid option but mostly used in production > > > environment) > > > (b) create self-signed certificate. > > > openssl x509 -in server.csr -out server.crt -req -signkey > server.key -days > > > 365 > > > (this is free but it can be used in production environment. You dont > need > > > to perform this step if you have certificate from Versign) > > > > > > Is the self signed certificate good? Yes and may be no. > > > > > > Yes. It is nearly same as Verisign certificate and if you use it, the > SSL > > > will be enabled as it is going to be enabled using Verisign. The only > > > problem you will face, is when you open the website in any browser it > will > > > complain about authenticity of the certificate. Browser can not verify > it > > > and so it will ask user if he/she wants to proceed further or not. The > > > communication is still SSL enabled and secure. This method is more > preferred > > > in testing environment. I have seen many web projects using it in > production > > > environment also. > > > > > > May be no. Again if you have good professional website, it is almost > > > standard now that you use signed certificate from Verisign or Thawte. > For > > > example, if you do any online shopping from amazon or any store, you > will > > > visit the SSL page and they dont display any warning or anything. > > > > > > So the choice is in your hand. There is no harm involved in any of the > > > above method. > > > > > > Again all of above explanation is based upon my reading. I would like > > > users to comment about it so that I also can update myself and you have > > > correct and better answer. > > > > > > Hope it helps you understanding SSL a bit further. > > > > > > Regards, > > > D > > > > > > --- Scott Purcell <[EMAIL PROTECTED]> wrote: > > > > > > > Hard to believe ... but Dhaval the below steps actually worked, and my > > > > site appears to have SSL. Thank you so much. But of course this draws > > > > me to another question. > > > > > > > > I had just purchased a "Verisign" certificate and do not know how to > > > > handle this? Can I just call the Verisign certificate when doing this: > > > > openssl x509 -in server.csr -out server.crt -req -signkey server.key > > > > -days > > > > 365 and using the one verisign gave me here? > > > > > > > > Also, is this a good certificate? Do I need the Verisign one? > > > > > > > > As you may be able to tell, I am very confused and could use a little > > > > explanation if possible. > > > > > > > > Thanks much > > > > Scott > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Dhaval Patel" <[EMAIL PROTECTED]> > > > > To: "Tomcat Users List" <users@tomcat.apache.org> > > > > Sent: Thursday, December 01, 2005 2:08 PM > > > > Subject: RE: SSL InvalidKeystore Format? > > > > > > > > > > > > > Hi, > > > > > > > > > > I should have mention that I am running tomcat as a standalone > > > > > server. I > > > > mentioned the link > > > > > (http://www.fatofthelan.com/articles/articles.php?pid=12) as a > > > > > reference > > > > to generate self-signed > > > > > certificate with OpenSSL on windows. Even though it is very nice > > > > > article > > > > about how to setup SSL > > > > > with Apache. I only applied part-3 (Generate a test certificate) > > > > > from that > > > > article to my > > > > > Tomcat+SSL procedure. > > > > > > > > > > One thing that I found intersting on that article is part-4 > > > > > (Configuring > > > > Apache and mod_ssl). In > > > > > this part, if you look at changes in httpd.conf, as mentioned below, > > > > > > > > > > SSLEngine o���n > > > > > SSLCertificateFile conf/ssl/server.cert SSLCertificateKeyFile > > > > > conf/ssl/server.key > > > > > > > > > > which is the same parameter that Remy has suggested. If I have > > > > > found > > > > this article early, I may > > > > > be able to solve the issue. But again since I figured it out, I like > > > > > it > > > > now. > > > > > > > > > > Regards. > > > > > D > > > > > > > > > > > > > > > > > > > > --- Scott Purcell <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > Hello Dhaval, > > > > > > > > > > > > I was reading the article below, and it looks you you are not > > > > > > running > > > > Tomcat as standalone? Are > > > > > > you running Apache behind the scenes? > > > > > > > > > > > > I was just curious. > > > > > > > > > > > > Scott > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Dhaval Patel [mailto:[EMAIL PROTECTED] > > > > > > Sent: Thursday, December 01, 2005 8:49 AM > > > > > > To: Tomcat Users List > > > > > > Subject: Re: SSL InvalidKeystore Format? > > > > > > > > > > > > > > > > > > Hi Scott, > > > > > > > > > > > > I am not tomcat expert as well as I can not help you about the > > > > > > error > > > > you are getting. > > > > > > After Remy's last message on SSL with APR, I finally got my > > > > > > windows xp > > > > + tomcat 5.5.12 + APR + > > > > > > SSL working. Following are the steps that I have followed: > > > > > > > > > > > > (1) Install Tomcat 5.5.12 and make sure it is working. > > > > > > (2) Download APR component (openssl.exe and tcnative-1.dll) and > > > > > > put it > > > > in %TOMCAT_HOME%\bin. > > > > > > (http://tomcat.heanet.ie/native/1.1.0/binaries/win32/) > > > > > > (3) I generated server.key and server.cert following guide at > > > > > > http://www.fatofthelan.com/articles/articles.php?pid=12 .I have > > > > > > put them > > > > in %TOMCAT_HOME%\bin > > > > > > only. > > > > > > (Make sure you follow the guide. I had trouble setting openssl.exe > > > > > > on > > > > windows xp. The answer is > > > > > > on > > > > > > that page only. You have to download openssl.cnf from google and > > > > > > place > > > > it in some folder and > > > > > > make > > > > > > a new environment OPENSSL_CONF pointing to that file. Trust me > > > > > > that link > > > > is very good.) > > > > > > (4) Change the server.xml in following way: > > > > > > <Connector port="443" maxHttpHeaderSize="8192" > > > > > > maxThreads="150" minSpareThreads="25" > > > > maxSpareThreads="75" > > > > > > enableLookups="false" disableUploadTimeout="true" > > > > > > scheme="https" secure="true" > > > > > > SSLEngine="on" > > > > > > SSLCertificateFile="C:\Tomcat5.5\bin\server.crt" > > > > > > SSLCertificateKeyFile="C:\Tomcat5.5\bin\server.key" > > > > > > /> > > > > > > (5) Restart the tomcat and SSL is enabled. > > > > > > > > > > > > I dont know if you have did the same way and you have issues. > > > > > > If you > > > > want to try, you can > > > > > > follow the above steps on some other windows xp machine. It worked > > > > > > for > > > > me so it should work for > > > > > > you. If you start from scratch, it may take about 30-40 mins to > > > > > > setup > > > > above things. > > > > > > > > > > > > Let me know how it goes. > > > > > > > > > > > > Regards, > > > > > > D > > > > > > > > > > > > --- Scott Purcell <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > Well, after wasting much time trying to get the SSL running on > > > > > > > 5.5.12, > > > > on XP, and finding out > > > > > > > about the bad tcnative-1.dll, I thought I was out of the woods > > > > > > > on my > > > > SSL configuration. But it > > > > > > > appears I have one last issue (hopefully) Since I renamed the > > > > > > > tcnative-1.dll, I am getting logs in regards to my > > > > SSL (I was not getting > > > > > > > those prior, see earlier posts) and I am receiving this error: I > > > > believe I have a good > > > > > > keystore, > > > > > > > because my public key from Verisign was happy with it, but for > > > > > > > some > > > > reason, Tomcat is stikll > > > > > > not > > > > > > > happy with it. > > > > > > > Any ideas why this error may occur? > > > > > > > Nov 30, 2005 10:44:53 PM > > > > > > > org.apache.coyote.http11.Http11BaseProtocol > > > > init > > > > > > > INFO: Initializing Coyote HTTP/1.1 on http-80 Nov 30, 2005 > > > > > > > 10:44:54 PM org.apache.coyote.http11.Http11BaseProtocol > > > > init > > > > > > > SEVERE: Error initializing endpoint > > > > > > > java.io.IOException: Invalid keystore format at > > > > > > > sun.security.provider.JavaKeyStore.engineLoad(Unknown Source) at > > > > > > > java.security.KeyStore.load(Unknown Source) at > > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketF > > > > actory > > > > .java:282) > > > > > > > at > > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESo > > > > cketFa > > > > ctory.java:256) > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getTrustManagers(J > > > > SSE14S > > > > ocketFactory.java:174) > > > > > > > at > > > > org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketF > > > > actory > > > > .java:109) > > > > > > > at > > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESoc > > > > ketFac > > > > tory.java:88) > > > > > > > at > > > > org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoin > > > > t.java > > > > :292) > > > > > > > at > > > > org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.ja > > > > va:137 > > > > ) > > > > > > > at > > > > org.apache.catalina.connector.Connector.initialize(Connector.java:1016 > > > > ) > > > > > > > at > > > > org.apache.catalina.core.StandardService.initialize(StandardService.ja > > > > va:580 > > > > ) > > > > > > > at > > > > org.apache.catalina.core.StandardServer.initialize(StandardServer.java > > > > :762) > > > > > > > at org.apache.catalina.startup.Catalina.load(Catalina.java:488) > > > > > > > at org.apache.catalina.startup.Catalina.load(Catalina.java:508) > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > > > > > > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > > > > > > > Source) at java.lang.reflect.Method.invoke(Unknown Source) at > > > > > > > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) > > > > > > > at > > > > > > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) > > > > > > > Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina > > > > > > > load > > > > > > > SEVERE: Catalina.start > > > > > > > LifecycleException: Protocol handler initialization failed: > > > > java.io.IOException: Invalid > > > > > > > keystore format > > > > > > > at > > > > org.apache.catalina.connector.Connector.initialize(Connector.java:1018 > > > > ) > > > > > > > at > > > > org.apache.catalina.core.StandardService.initialize(StandardService.ja > > > > va:580 > > > > ) > > > > > > > at > > > > org.apache.catalina.core.StandardServer.initialize(StandardServer.java > > > > :762) > > > > > > > at org.apache.catalina.startup.Catalina.load(Catalina.java:488) > > > > > > > at org.apache.catalina.startup.Catalina.load(Catalina.java:508) > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > > > > > > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > > > > > > > Source) at java.lang.reflect.Method.invoke(Unknown Source) at > > > > > > > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) > > > > > > > at > > > > > > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) > > > > > > > Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina > > > > > > > load > > > > > > > INFO: Initialization processed in 1890 ms Nov 30, 2005 10:44:54 > > > > > > > PM org.apache.catalina.core.StandardService > > > > start > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ---------------------------------------------------------------- > > > > > > > ----- To unsubscribe, e-mail: > > > > > > > [EMAIL PROTECTED] > > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > __________________________________ > > > > > > Yahoo! Music Unlimited > > > > > > Access over 1 million songs. Try it free. > > > > > > http://music.yahoo.com/unlimited/ > > > > > > > > > > > > ------------------------------------------------------------------ > > > > > > --- To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------ > > > > > > --- To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > __________________________________ > > > > > Start your day with Yahoo! - Make it your home page! > > > > > http://www.yahoo.com/r/hs > > > > > > > > > > -------------------------------------------------------------------- > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > __________________________________________ > > > Yahoo! DSL - Something to write home about. > > > Just $16.99/mo. or less. > > > dsl.yahoo.com > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > __________________________________ > > Start your day with Yahoo! - Make it your home page! > > http://www.yahoo.com/r/hs > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]