tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donie Kelly <donie.ke...@tecnomen.ie>
Subject RE: Configuring SSL for Tomcat 4.0
Date Mon, 17 Jun 2002 10:51:02 GMT
Hi phani

The ROOT context is commented out
	<!--
          <Context path="" docBase="ROOT" debug="0"/>
        -->

But I'm not sure if the Tomcat root pages work or not if that is removed. I
don't have a standard setup and cannot test that easily.

What parse exceptions are you talking about? Did you forget to include them?
Donie


-----Original Message-----
From: phani [mailto:phani@vqindia.com]
Sent: June 17, 2002 11:37
To: Tomcat Users List
Subject: Re: Configuring SSL for Tomcat 4.0


Hi Donie,

I am really SORRY
I forgot to remove the comments.....

Now i removed the comments and it is not working....

Once again sorry for a stupid thing.....

I am getting following screen full of error....
most of them belongs to xml parserexception.

thanks for the help
phani


Here is my server.xml file....
<!-- Example Server Configuration File -->
<!-- Note that component elements are nested corresponding to their
     parent-child relationships with each other -->

<!-- A "Server" is a singleton element that represents the entire JVM,
     which may contain one or more "Service" instances.  The Server
     listens for a shutdown command on the indicated port.

     Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" or "Loggers" at this level.
 -->

<Server port="8005" shutdown="SHUTDOWN" debug="0">


  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" (and therefore the web applications visible
       within that Container).  Normally, that Container is an "Engine",
       but this is not required.

       Note:  A "Service" is not itself a "Container", so you may not
       define subcomponents such as "Valves" or "Loggers" at this level.
   -->

  <!-- Define the Tomcat Stand-Alone Service -->
  <Service name="Tomcat-Standalone">

    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned.  Each Connector passes requests on to
the
         associated "Container" (normally an Engine) for processing.

         By default, a non-SSL HTTP/1.1 Connector is established on port
8080.
         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
         following the instructions below and uncommenting the second
Connector
         entry.  SSL support requires the following steps:
         * Download and install JSSE 1.0.2 or later, and put the JAR files
           into "$JAVA_HOME/jre/lib/ext".
         * Edit "$JAVA_HOME/jre/lib/security/java.security" and add
             security.provider.2=com.sun.net.ssl.internal.ssl.Provider
         * Execute: keytool -genkey -alias tomcat -keyalg RSA
           with a password value of "changeit".

         By default, DNS lookups are enabled when a web application calls
         request.getRemoteHost().  This can have an adverse impact on
         performance, so you can disable it by setting the
         "enableLookups" attribute to "false".  When DNS lookups are
disabled,
         request.getRemoteHost() will return the String version of the
         IP address of the remote client.
    -->

    <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="8080" minProcessors="5" maxProcessors="75"
               enableLookups="true" redirectPort="8443"
               acceptCount="10" debug="0" connectionTimeout="60000"/>
    <!-- Note : To disable connection timeouts, set connectionTimeout value
     to -1 -->

    <!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
    <!--
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
        acceptCount="10" debug="0" scheme="https" secure="true">
      <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
               clientAuth="false" protocol="TLS" keystoreFile="C:\windows\"
keystorePass="changeit"/>
    </Connector>
    -->
     <Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
        acceptCount="10" debug="0" scheme="https" secure="true">
      <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
               clientAuth="false" protocol="TLS" keystoreFile="C:\windows\"
keystorePass="changeit"/>
    </Connector>

    <!-- Define a Proxied HTTP/1.1 Connector on port 8081 -->
    <!-- See proxy documentation for more information about using this. -->
    <!--
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="8081" minProcessors="5" maxProcessors="75"
               enableLookups="true"
               acceptCount="10" debug="0" connectionTimeout="60000"
               proxyPort="80"/>
    -->

    <!-- Define a non-SSL HTTP/1.0 Test Connector on port 8082 -->
    <!--
    <Connector
className="org.apache.catalina.connector.http10.HttpConnector"
               port="8082" minProcessors="5" maxProcessors="75"
               enableLookups="true" redirectPort="8443"
               acceptCount="10" debug="0"/>
    -->

    <!-- An Engine represents the entry point (within Catalina) that
processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes
them
         on to the appropriate Host (virtual host). -->

    <!-- Define the top level container in our container hierarchy -->
    <Engine name="Standalone" defaultHost="localhost" debug="0">

      <!-- The request dumper valve dumps useful debugging information about
           the request headers and cookies that were received, and the
response
           headers and cookies that were sent, for all requests received by
           this instance of Tomcat.  If you care only about requests to a
           particular virtual host, or a particular application, nest this
           element inside the corresponding <Host> or <Context> entry
instead.

           For a similar mechanism that is portable to all Servlet 2.3
           containers, check out the "RequestDumperFilter" Filter in the
           example application (the source for this filter may be found in
           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").

           Request dumping is disabled by default.  Uncomment the following
           element to enable it. -->
      <!--
      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
      -->

      <!-- Global logger unless overridden at lower levels -->
      <Logger className="org.apache.catalina.logger.FileLogger"
              prefix="catalina_log." suffix=".txt"
              timestamp="true"/>

      <!-- Because this Realm is here, an instance will be shared
globally -->

      <Realm className="org.apache.catalina.realm.MemoryRealm" />

      <!-- Replace the above Realm with one of the following to get a Realm
           stored in a database and accessed via JDBC -->

      <!--
      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="org.gjt.mm.mysql.Driver"

connectionURL="jdbc:mysql://localhost/authority?user=test;password=test"
              userTable="users" userNameCol="user_name"
userCredCol="user_pass"
          userRoleTable="user_roles" roleNameCol="role_name" />
      -->

      <!--
      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="oracle.jdbc.driver.OracleDriver"

connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL?user=scott;password=tige
r"
              userTable="users" userNameCol="user_name"
userCredCol="user_pass"
          userRoleTable="user_roles" roleNameCol="role_name" />
      -->

      <!--
      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="sun.jdbc.odbc.JdbcOdbcDriver"
          connectionURL="jdbc:odbc:CATALINA"
              userTable="users" userNameCol="user_name"
userCredCol="user_pass"
          userRoleTable="user_roles" roleNameCol="role_name" />
      -->

      <!-- Define the default virtual host -->
      <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true">

        <!-- Normally, users must authenticate themselves to each web app
             individually.  Uncomment the following entry if you would like
             a user to be authenticated the first time they encounter a
             resource protected by a security constraint, and then have that
             user identity maintained across *all* web applications
contained
             in this virtual host. -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
                   debug="0"/>
        -->

        <!-- Access log processes all requests for this virtual host.  By
             default, log files are created in the "logs" directory relative
to
             $CATALINA_HOME.  If you wish, you can specify a different
             directory with the "directory" attribute.  Specify either a
relative
             (to $CATALINA_HOME) or absolute path to the desired directory.
        -->
        <Valve className="org.apache.catalina.valves.AccessLogValve"
                 directory="logs"  prefix="localhost_access_log."
suffix=".txt"
                 pattern="common"/>

        <!-- Logger shared by all Contexts related to this virtual host.  By
             default (when using FileLogger), log files are created in the
"logs"
             directory relative to $CATALINA_HOME.  If you wish, you can
specify
             a different directory with the "directory" attribute.  Specify
either a
             relative (to $CATALINA_HOME) or absolute path to the desired
             directory.-->
        <Logger className="org.apache.catalina.logger.FileLogger"
                 directory="logs"  prefix="localhost_log." suffix=".txt"
         timestamp="true"/>

        <!-- Define properties for each web application.  This is only
needed
             if you want to set non-default properties, or have web
application
             document roots in places other than the virtual host's appBase
             directory.  -->

        <!-- Tomcat Root Context -->
        <!--
          <Context path="" docBase="ROOT" debug="0"/>
        -->

        <!-- Tomcat Examples Context -->
        <Context path="/examples" docBase="examples" debug="0"
                 reloadable="true">
          <Logger className="org.apache.catalina.logger.FileLogger"
                     prefix="localhost_examples_log." suffix=".txt"
           timestamp="true"/>
          <Ejb   name="ejb/EmplRecord" type="Entity"
                 home="com.wombat.empl.EmployeeRecordHome"
               remote="com.wombat.empl.EmployeeRecord"/>
          <!-- PersistentManager: Uncomment the section below to test
Persistent
         Sessions.

               saveOnRestart: If true, all active sessions will be saved
                 to the Store when Catalina is shutdown, regardless of
                 other settings. All Sessions found in the Store will be
                 loaded on startup. Sessions past their expiration are
                 ignored in both cases.
               maxActiveSessions: If 0 or greater, having too many active
                 sessions will result in some being swapped out. minIdleSwap
                 limits this. -1 means unlimited sessions are allowed.
                 0 means sessions will almost always be swapped out after
                 use - this will be noticeably slow for your users.
               minIdleSwap: Sessions must be idle for at least this long
                 (in seconds) before they will be swapped out due to
               maxActiveSessions. This avoids thrashing when the site is
                 highly active. -1 or 0 means there is no minimum - sessions
                 can be swapped out at any time.
               maxIdleSwap: Sessions will be swapped out if idle for this
                 long (in seconds). If minIdleSwap is higher, then it will
                 override this. This isn't exact: it is checked
periodically.
                 -1 means sessions won't be swapped out for this reason,
                 although they may be swapped out for maxActiveSessions.
                 If set to >= 0, guarantees that all sessions found in the
                 Store will be loaded on startup.
               maxIdleBackup: Sessions will be backed up (saved to the
Store,
                 but left in active memory) if idle for this long (in
seconds),
                 and all sessions found in the Store will be loaded on
startup.
                 If set to -1 sessions will not be backed up, 0 means they
                 should be backed up shortly after being used.

               To clear sessions from the Store, set maxActiveSessions,
maxIdleSwap,
               and minIdleBackup all to -1, saveOnRestart to false, then
restart
               Catalina.
          -->
    <!--
          <Manager className="org.apache.catalina.session.PersistentManager"
              debug="0"
              saveOnRestart="true"
              maxActiveSessions="-1"
              minIdleSwap="-1"
              maxIdleSwap="-1"
              maxIdleBackup="-1">
                <Store className="org.apache.catalina.session.FileStore"/>
          </Manager>
    -->
          <Environment name="maxExemptions" type="java.lang.Integer"
                      value="15"/>
          <Parameter name="context.param.name" value="context.param.value"
                     override="false"/>
          <Resource name="jdbc/EmployeeAppDb" auth="SERVLET"
                    type="javax.sql.DataSource"/>
          <ResourceParams name="jdbc/TestDB">
            <parameter><name>user</name><value>sa</value></parameter>
            <parameter><name>password</name><value></value></parameter>
            <parameter><name>driverClassName</name>
              <value>org.hsql.jdbcDriver</value></parameter>
            <parameter><name>driverName</name>
              <value>jdbc:HypersonicSQL:database</value></parameter>
          </ResourceParams>
          <Resource name="mail/Session" auth="Container"
                    type="javax.mail.Session"/>
          <ResourceParams name="mail/session">
            <parameter>
              <name>mail.smtp.host</name>
              <value>192.168.1.91</value>
            </parameter>
          </ResourceParams>
        </Context>

      </Host>

    </Engine>

  </Service>

  <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat
4.0
       as its servlet container. Please read the README.txt file coming with
       the WebApp Module distribution on how to build it.
       (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)

       To configure the Apache side, you must ensure that you have the
       "ServerName" and "Port" directives defined in "httpd.conf".  Then,
       lines like these to the bottom of your "httpd.conf" file:

         LoadModule webapp_module libexec/mod_webapp.so
         WebAppConnection warpConnection warp localhost:8008
         WebAppDeploy examples warpConnection /examples/

       The next time you restart Apache (after restarting Tomcat, if needed)
       the connection will be established, and all applications you make
       visible via "WebAppDeploy" directives can be accessed through Apache.
  -->

  <!-- Define an Apache-Connector Service -->
  <Service name="Tomcat-Apache">

    <Connector className="org.apache.catalina.connector.warp.WarpConnector"
     port="8008" minProcessors="5" maxProcessors="75"
     enableLookups="true"
     acceptCount="10" debug="0"/>

    <!-- Replace "localhost" with what your Apache "ServerName" is set
to -->
    <Engine className="org.apache.catalina.connector.warp.WarpEngine"
     name="Apache" debug="0" appBase="webapps">

      <!-- Global logger unless overridden at lower levels -->
      <Logger className="org.apache.catalina.logger.FileLogger"
              prefix="apache_log." suffix=".txt"
              timestamp="true"/>

      <!-- Because this Realm is here, an instance will be shared
globally -->
      <Realm className="org.apache.catalina.realm.MemoryRealm" />

    </Engine>

  </Service>

</Server>


----- Original Message -----
From: Donie Kelly <donie.kelly@tecnomen.ie>
To: 'Tomcat Users List' <tomcat-user@jakarta.apache.org>
Sent: Monday, June 17, 2002 3:46 PM
Subject: RE: Configuring SSL for Tomcat 4.0


> Can you post us the full server.xml? Check if something is being logged...
>
> Donie
>
>
> -----Original Message-----
> From: phani [mailto:phani@vqindia.com]
> Sent: June 17, 2002 11:20
> To: Tomcat Users List
> Subject: Re: Configuring SSL for Tomcat 4.0
>
>
> Hi Donie,
>
> Every thing is working fine except ssl.
> ie i am able to get the file using http://localhost:8080/
> and http://192.168.1.110:8080/
> for both the url i am getting the tomcat home page.
>
> Thanks for the help
> phani
> ----- Original Message -----
> From: Donie Kelly <donie.kelly@tecnomen.ie>
> To: 'Tomcat Users List' <tomcat-user@jakarta.apache.org>
> Sent: Monday, June 17, 2002 3:39 PM
> Subject: RE: Configuring SSL for Tomcat 4.0
>
>
> > Was the splash page working before you added the SSL stuff? If it was
I'm
> > not sure what the problem is. Comment out the SLL stuff and see if it
> works.
> >
> >
> > Can "localhost" be resolved on windows? Try it in a command window
first.
> > Check the logs in %TOMCAT_HOME%/logs. Delete the log before you start
and
> > have a look after the request is complete. It may shed some light.
> >
> > Donie
> >
> >
> > -----Original Message-----
> > From: phani [mailto:phani@vqindia.com]
> > Sent: June 17, 2002 11:07
> > To: Tomcat Users List
> > Subject: Re: Configureing SSL for Tomcat 4.0
> >
> >
> > Hi Donie,
> >
> >  Thanks for the help.
> >
> > I changed the Factory attributes.
> >  keystoreFile="C:\windows"
> >  keystorePass="changeit"
> >
> > Now i am able to run the tomcat.
> >
> > But when i try to acces the home page https://localhost:8443/
> > i am getting page cannot be displayed
> > when i try to acces through id https://192.168.1.110:8443/
> > i am getting a blank page.... nothing is displayed.
> >
> > As per the bellow doc it is saying that try: https://localhost:8443
> > and you should see the usual Tomcat splash page (unless you have
modified
> > the ROOT web application)
> >
> > doc: url
> >
>
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html#Edit%20the%20
> > Tomcat%20Configuration%20File
> >
> > What is the problem?... the tomcat is running fine and no error are
> > displayed
> >
> > Thanks for the help in advace.
> >
> > phani
> >
> > ----- Original Message -----
> > From: Donie Kelly <donie.kelly@tecnomen.ie>
> > To: 'Tomcat Users List' <tomcat-user@jakarta.apache.org>
> > Sent: Monday, June 17, 2002 3:07 PM
> > Subject: RE: Configureing SSL for Tomcat 4.0
> >
> >
> > > Hi phani
> > >
> > > To run tomcat so that you can see the errors. Type 'catalina run'
> > >
> > > I think the password is wrong. I think the default is "changit". I
could
> > be
> > > wrong. The error message should tell you.
> > >
> > > Use the following example if your password is different. Note that you
> can
> > > specify the location of the keystore. Better to tell it exactly where
it
> > is
> > > in my opinion...
> > >
> > > <Connector
className="org.apache.catalina.connector.http.HttpConnector"
> > > port="443" minProcessors="5" maxProcessors="75"
> > > enableLookups="true"
> > > acceptCount="10" scheme="https" secure="true"
> > > allowChunking="false" >
> > > <Factory
> > > className="org.apache.catalina.net.SSLServerSocketFactory"
> > > clientAuth="false" protocol="TLS"
> > > keystoreFile="c:\tomcat4.0\.keystore"
> > > keystorePass="changit" />
> > > </Connector>
> > >
> > > Give us the error output if you're having more troubles...
> > > Donie
> > >
> > >
> > > -----Original Message-----
> > > From: phani [mailto:phani@vqindia.com]
> > > Sent: June 17, 2002 10:31
> > > To: tomcat-user
> > > Subject: Configureing SSL for Tomcat 4.0
> > >
> > >
> > > hi,
> > >
> > >   I am trying to configure tomcat4.0 for standalone mode but no
> luck.When
> > i
> > > try to run tomcat the window pops up and closes.I am unable to see the
> > error
> > > messages.
> > >
> > > My environmet is : win 98; jdk1.4, tomcat4.0
> > >
> > > I followed the bellow steps to configure the tomcat.
> > >
> > > created a certificate using the bellow command
> > >
> > > c:\keytool -genkey -alias tomcat -keyalg RSA
> > >
> > > and i gave the password  changeit  .The certificate is generated on my
> > user
> > > home dir c:\windows
> > >
> > > Now i removed the comments for Connector in server.xml
> > >
> > > <Connector
className="org.apache.catalina.connector.http.HttpConnector"
> > >                port="8443" minProcessors="5" maxProcessors="75"
> > >                enableLookups="true"
> > >         acceptCount="10" debug="0" scheme="https" secure="true">
> > >       <Factory
> className="org.apache.catalina.net.SSLServerSocketFactory"
> > >                clientAuth="false" protocol="TLS"/>
> > >     </Connector>
> > >
> > > But i am getting the above said error.
> > >
> > > Can some one guide me where i went wrong....
> > >
> > > Thanks for any help
> > > phani
> > >
> > > --
> > > To unsubscribe, e-mail:
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
> > <mailto:tomcat-user-help@jakarta.apache.org>
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:tomcat-user-help@jakarta.apache.org>
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message