tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lau Eng Huat <tomcath...@gmail.com>
Subject Re: SSL Tomcat 6 & 7
Date Fri, 02 Dec 2011 15:59:45 GMT
Thank You, God Bless You a Thousand Fold !!!!!!!

On Fri, Dec 2, 2011 at 11:43 PM, David kerber <dckerber@verizon.net> wrote:

> On 12/2/2011 10:39 AM, Lau Eng Huat wrote:
>
>> I'm still stuck after correcting the recommendation made by Daniel.
>>
>>   <Listener  className="org.apache.**catalina.core.**
>> AprLifecycleListener"
>> SSLEngine="on" />
>>
>>     <Connector
>>         protocol="org.apache.coyote.**http11.Http11AprProtocol"
>>         port="8443" maxHttpHeaderSize="8192"
>>         maxThreads="150" minSpareThreads="25"
>>         enableLookups="false" disableUploadTimeout="true"
>>         acceptCount="100" scheme="https" secure="true"
>>         clientAuth="false" sslProtocol="TLS"
>> SSLEngine="true"
>>
>
> ^^^^^^^^^^^^^^^^^^
>
> You still have SSLEngine set in the connector, where it doesn't belong.
>
>
>
>  SSLCertificateFile="${**catalina.base}\conf\cert.pem"
>> SSLCertificateKeyFile="${**catalina.base}\conf\key.pem"
>> SSLPassword="tomcat"
>>      />
>>
>>  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
>>
>> It still gives me this error
>>
>> WARNING: [SetAllPropertiesRule]{Server/**Service/Connector} Setting
>> property
>> 'SSLEngine' to 'true' did not find a matching property.
>>
>> i'm running tomcat as localhoat under netbeans.
>>
>> On Fri, Dec 2, 2011 at 9:57 PM, Daniel Mikusa<dmikusa@vmware.com>  wrote:
>>
>>  On Fri, 2011-12-02 at 01:12 -0800, Lau Eng Huat wrote:
>>>
>>>> Hi everybody,
>>>>
>>>> I'm stuck on this SSL over a month. I hope somebody can help me here.
>>>> I'm
>>>> getting a Warning on "WARNING:
>>>> [SetAllPropertiesRule]{Server/**Service/Connector} Setting property
>>>> 'SSLEngine' to 'on' did not find a matching property."
>>>>
>>>
>>> Tomcat is telling you that the property "SSLEngine" does not exist on a
>>> Connector object.  Note that it is not listed in the documentation
>>> either.
>>>
>>> https://tomcat.apache.org/**tomcat-7.0-doc/config/http.**
>>> html#SSL_Support<https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support>
>>>
>>>
>>> Perhaps you are confused with the "SSLEngine" attribute of the
>>> AprLifecycleListener?
>>>
>>> <Listener className="org.apache.**catalina.core.**AprLifecycleListener"
>>>          SSLEngine="on" />
>>>
>>>
>>> and perhaps you meant SSLEnabled="true" on your Connector?
>>>
>>> Example from docs:
>>>
>>> <Connector
>>>           port="8443" maxThreads="200"
>>>           scheme="https" secure="true" SSLEnabled="true"
>>>           SSLCertificateFile="/usr/**local/ssl/server.crt"
>>>           SSLCertificateKeyFile="/usr/**local/ssl/server.pem"
>>>           clientAuth="optional" SSLProtocol="TLSv1"/>
>>>
>>> https://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.html<https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html>
>>>
>>> Dan
>>>
>>>
>>>
>>>  I have tried using
>>>> all this 3 Connection type but it still does not work. I'm running on
>>>> Tomcat 7.0
>>>>
>>>> protocol="org.apache.coyote.**http11.Http11Protocol"
>>>> protocol="org.apache.coyote.**http11.Http11NioProtocol"
>>>> protocol="org.apache.coyote.**http11.Http11AprProtocol"
>>>>
>>>> 1. # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem
>>>>
>>> -out
>>>
>>>> cacert.pem -days 3650 -config ./openssl.cnf
>>>>
>>>> Using configuration from ./openssl.cnfGenerating a 1024 bit RSA
>>>> private key.......++++++..............**............++++++writing new
>>>> private key to 'private/cakey.pem'Enter PEM pass
>>>> phrase:tomcatVerifying password - Enter PEM pass phrase:tomcat-----You
>>>> are about to be asked to enter information that will be
>>>> incorporatedinto your certificate request.What you are about to enter
>>>> is what is called a Distinguished Name or a DN.There are quite a few
>>>> fields but you can leave some blankFor some fields there will be a
>>>> default value,If you enter '.', the field will be left
>>>> blank.-----Organization Name (company) [The Sample
>>>> Company]:<enter>Organizational Unit Name (department, division) []:CA
>>>> DivisionEmail Address []:ca@sample.comLocality Name (city, district)
>>>> [Metropolis]:<enter>State or Province Name (full name) [New
>>>> York]:<enter>Country Name (2 letter code) [US]:<enter>Common
Name
>>>> (hostname, IP, or your name) []:TSC Root CA
>>>>
>>>> 2.  openssl req -new -nodes -out req.pem -config ./openssl.cnf
>>>> 3. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem
>>>>
>>>> Using configuration from ./openssl.cnfEnter PEM pass phrase:demoCheck
>>>> that the request matches the signatureSignature okThe Subjects
>>>> Distinguished Name is as followsorganizationName      :PRINTABLE:'The
>>>> Sample Company'**organizationalUnitName:**PRINTABLE:'Mail
>>>> Server'emailAddress
>>>> :IA5STRING:'postmaster@sample.**com<IA5STRING%3A%27postmaster@sample.com>
>>>> 'localityName
>>>> :PRINTABLE:'Metropolis'**stateOrProvinceName   :PRINTABLE:'New
>>>> York'countryName           :PRINTABLE:'US'commonName
>>>> :PRINTABLE:'mail.sample.com'**Certificate is to be certified until Dec
>>>> 8 04:37:38 2002 GMT (365 days)Sign the certificate? [y/n]:y
>>>> 1 out of 1 certificate requests certified, commit? [y/n]yWrite out
>>>> database with 1 new entriesData Base Updated
>>>>
>>>> 4. copy cert.pem tmp.pem5. openssl x509 -in tmp.pem -out cert.pem
>>>>
>>>> //============================**========== OPENSSL.CFG
>>>> ==============================**========================
>>>> Attached here is the openssl.cfg
>>>>
>>>> dir                     = .
>>>>
>>>> [ ca ]
>>>> default_ca              = CA_default
>>>>
>>>> [ CA_default ]
>>>> serial                  = $dir/serial
>>>> database                = $dir/index.txt
>>>> new_certs_dir           = $dir/newcerts
>>>> certificate             = $dir/cacert.pem
>>>> private_key             = $dir/private/cakey.pem
>>>> default_days            = 365
>>>> default_md              = md5
>>>> preserve                = no
>>>> email_in_dn             = no
>>>> nameopt                 = default_ca
>>>> certopt                 = default_ca
>>>> policy                  = policy_match
>>>>
>>>> [ policy_match ]
>>>> countryName             = match
>>>> stateOrProvinceName     = match
>>>> organizationName        = match
>>>> organizationalUnitName  = optional
>>>> commonName              = supplied
>>>> emailAddress            = optional
>>>>
>>>> [ req ]
>>>> default_bits            = 1024                  # Size of keys
>>>> default_keyfile         = key.pem               # name of generated keys
>>>> default_md              = md5                   # message digest
>>>>
>>> algorithm
>>>
>>>> string_mask             = nombstr               # permitted characters
>>>> distinguished_name      = req_distinguished_name
>>>> req_extensions          = v3_req
>>>>
>>>> [ req_distinguished_name ]
>>>> # Variable name           Prompt string
>>>> #----------------------   ------------------------------**----
>>>> 0.organizationName      = Organization Name (company)
>>>> organizationalUnitName  = Organizational Unit Name (department,
>>>> division)
>>>> emailAddress            = Email Address
>>>> emailAddress_max        = 40
>>>> localityName            = Locality Name (city, district)
>>>> stateOrProvinceName     = State or Province Name (full name)
>>>> countryName             = Country Name (2 letter code)
>>>> countryName_min         = 2
>>>> countryName_max         = 2
>>>> commonName              = Common Name (hostname, IP, or your name)
>>>> commonName_max          = 64
>>>>
>>>> # Default values for the above, for consistency and less typing.
>>>> # Variable name                   Value
>>>> #-----------------------------**-   ------------------------------
>>>> 0.organizationName_default      = The Sample Company
>>>> localityName_default            = Metropolis
>>>> stateOrProvinceName_default     = New York
>>>> countryName_default             = US
>>>>
>>>> [ v3_ca ]
>>>> basicConstraints        = CA:TRUE
>>>> subjectKeyIdentifier    = hash
>>>> authorityKeyIdentifier  = keyid:always,issuer:always
>>>>
>>>> [ v3_req ]
>>>> basicConstraints        = CA:FALSE
>>>> subjectKeyIdentifier    = hash
>>>>
>>>> ==============================**=============== SERVER.XML
>>>> ==============================**=====================
>>>> Attached here is the server.xml
>>>>
>>>> <Server port="8025" shutdown="SHUTDOWN">
>>>>     <Listener SSLEngine="on"
>>>> className="org.apache.**catalina.core.**AprLifecycleListener"/>
>>>>     <Listener className="org.apache.**catalina.core.JasperListener"/**>
>>>>     <Listener
>>>> className="org.apache.**catalina.core.**JreMemoryLeakPreventionListene*
>>>> *r"/>
>>>>     <Listener
>>>> className="org.apache.**catalina.mbeans.**
>>>> GlobalResourcesLifecycleListen**er"/>
>>>>     <Listener
>>>> className="org.apache.**catalina.core.**ThreadLocalLeakPreventionListe*
>>>> *ner"/>
>>>>
>>>>     <GlobalNamingResources>
>>>>         <Resource auth="Container" description="User database that can
>>>> be
>>>> updated and saved"
>>>> factory="org.apache.catalina.**users.**MemoryUserDatabaseFactory"
>>>> name="UserDatabase" pathname="conf/tomcat-users.**xml"
>>>> type="org.apache.catalina.**UserDatabase"/>
>>>>     </GlobalNamingResources>
>>>>
>>>>     <Service name="Catalina">
>>>>         <Connector URIEncoding="utf-8" connectionTimeout="20000"
>>>> port="8084" protocol="HTTP/1.1" redirectPort="8443"/>
>>>>
>>>>
>>>>     <Connector
>>>>         protocol="org.apache.coyote.**http11.Http11AprProtocol"
>>>>         port="8443" maxHttpHeaderSize="8192"
>>>>         maxThreads="150" minSpareThreads="25"
>>>>         enableLookups="false" disableUploadTimeout="true"
>>>>         acceptCount="100" scheme="https" secure="true"
>>>>         clientAuth="false" sslProtocol="TLS"
>>>> SSLEngine="on"
>>>> SSLCertificateFile="${**catalina.base}\conf\cert.pem"
>>>> SSLCertificateKeyFile="${**catalina.base}\conf\key.pem"
>>>> SSLPassword="tomcat"
>>>>      />
>>>>         <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
>>>>         <Engine defaultHost="localhost" name="Catalina">
>>>>             <Realm className="org.apache.**
>>>> catalina.realm.LockOutRealm">
>>>>                 <Realm
>>>> className="org.apache.**catalina.realm.**UserDatabaseRealm"
>>>> resourceName="UserDatabase"/>
>>>>             </Realm>
>>>>             <Host appBase="webapps" autoDeploy="false" name="localhost"
>>>> unpackWARs="true">
>>>>                 <Valve
>>>> className="org.apache.**catalina.valves.**AccessLogValve"
>>>> directory="logs"
>>>> pattern="%h %l %u %t&quot;%r&quot; %s %b" prefix="localhost_access_log."
>>>>
>>>> resolveHosts="false" suffix=".txt"/>
>>>>             </Host>
>>>>         </Engine>
>>>>     </Service>
>>>> </Server>
>>>>
>>>> //============================**===================== NETBEAN OUTPUT
>>>> ==============================**=========
>>>> Using CATALINA_BASE:
>>>> "C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base"
>>>> Using CATALINA_HOME:   "D:\WEB_PROGRAMS\Apache Tomcat 7.0.14"
>>>> Using CATALINA_TMPDIR:
>>>> "C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base\**temp"
>>>> Using JRE_HOME:        "C:\IMPORTANT SOFTWARE\JDK_32"
>>>> Using CLASSPATH:       "D:\WEB_PROGRAMS\Apache Tomcat
>>>> 7.0.14\bin\bootstrap.jar;D:\**WEB_PROGRAMS\Apache Tomcat
>>>> 7.0.14\bin\tomcat-juli.jar"
>>>> Dec 2, 2011 5:04:43 PM org.apache.catalina.core.**AprLifecycleListener
>>>> init
>>>> INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
>>>> Dec 2, 2011 5:04:43 PM org.apache.catalina.core.**AprLifecycleListener
>>>> init
>>>> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
>>>> [false], random [true].
>>>> Dec 2, 2011 5:04:43 PM org.apache.catalina.startup.**
>>>> SetAllPropertiesRule
>>>> begin
>>>> WARNING: [SetAllPropertiesRule]{Server/**Service/Connector} Setting
>>>>
>>> property
>>>
>>>> 'SSLEngine' to 'on' did not find a matching property.
>>>> Dec 2, 2011 5:04:44 PM org.apache.coyote.**AbstractProtocolHandler init
>>>> INFO: Initializing ProtocolHandler ["http-apr-8084"]
>>>> Dec 2, 2011 5:04:44 PM org.apache.coyote.**AbstractProtocolHandler init
>>>> INFO: Initializing ProtocolHandler ["http-apr-8443"]
>>>> Dec 2, 2011 5:04:44 PM org.apache.coyote.**AbstractProtocolHandler init
>>>> INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
>>>> Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.**Catalina load
>>>> INFO: Initialization processed in 953 ms
>>>> Dec 2, 2011 5:04:44 PM org.apache.catalina.core.**StandardService
>>>> startInternal
>>>> INFO: Starting service Catalina
>>>> Dec 2, 2011 5:04:44 PM org.apache.catalina.core.**StandardEngine
>>>>
>>> startInternal
>>>
>>>> INFO: Starting Servlet Engine: Apache Tomcat/7.0.14
>>>> Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.**HostConfig
>>>> deployDescriptor
>>>> INFO: Deploying configuration descriptor ABC_WEBSITE.xml from
>>>>
>>>>  C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base\**
>>> conf\Catalina\localhost
>>>
>>>> Dec 2, 2011 5:04:47 PM com.sun.faces.config.**ConfigureListener
>>>> contextInitialized
>>>> INFO: Initializing Mojarra 2.1.1 (FCS 20110408) for context
>>>>
>>> '/ABC_WEBSITE'
>>>
>>>> Dec 2, 2011 5:04:47 PM com.sun.faces.spi.**InjectionProviderFactory
>>>> createInstance
>>>> INFO: JSF1048: PostConstruct/PreDestroy annotations present.
>>>>
>>>  ManagedBeans
>>>
>>>> methods marked with these annotations will have said annotations
>>>>
>>> processed.
>>>
>>>> Dec 2, 2011 5:04:47 PM org.apache.catalina.startup.**HostConfig
>>>> deployDescriptor
>>>> INFO: Deploying configuration descriptor manager.xml from
>>>>
>>>>  C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base\**
>>> conf\Catalina\localhost
>>>
>>>> Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.**HostConfig
>>>> deployDescriptor
>>>> INFO: Deploying configuration descriptor ROOT.xml from
>>>>
>>>>  C:\Users\LEH\.netbeans\7.0\**apache-tomcat-7.0.14.0_base\**
>>> conf\Catalina\localhost
>>>
>>>> Dec 2, 2011 5:04:48 PM org.apache.coyote.**AbstractProtocolHandler
>>>> start
>>>> INFO: Starting ProtocolHandler ["http-apr-8084"]
>>>> Dec 2, 2011 5:04:48 PM org.apache.coyote.**AbstractProtocolHandler
>>>> start
>>>> INFO: Starting ProtocolHandler ["http-apr-8443"]
>>>> Dec 2, 2011 5:04:48 PM org.apache.coyote.**AbstractProtocolHandler
>>>> start
>>>> INFO: Starting ProtocolHandler ["ajp-apr-8009"]
>>>> Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.**Catalina start
>>>>
>>>> God Bless
>>>> ENg Huat
>>>>
>>>> On Sun, Nov 13, 2011 at 11:19 PM, Pid<pid@pidster.com>  wrote:
>>>>
>>>>  On 13/11/2011 10:03, Lau Eng Huat wrote:
>>>>>
>>>>>> Hi everybody,
>>>>>>
>>>>>> I have followed this example on setting up the SSL on Tomcat Expert
>>>>>>
>>>>>>
>>>>>  http://www.tomcatexpert.com/**knowledge-base/using-openssl-**
>>> configure-ssl-certificates-**tomcat<http://www.tomcatexpert.com/knowledge-base/using-openssl-configure-ssl-certificates-tomcat>
>>>
>>>> .
>>>>>> The question that I have is how do you use Apache Common HttpClient
>>>>>>
>>>>> to
>>>
>>>> sent
>>>>>
>>>>>> and received information from the servlet. I have no idea on how
to
>>>>>>
>>>>> write
>>>
>>>> the code for the httpClient and Servlet. Please help me on this , I'm
>>>>>>
>>>>> stuck
>>>>>
>>>>>> at this for couple of weeks already.
>>>>>>
>>>>>
>>>>> One of those is a question for the Apache Commons community.
>>>>> Note: Commons HttpClient has been superceded by Http Components.
>>>>>
>>>>>  http://hc.apache.org/**httpcomponents-client-ga/**index.html<http://hc.apache.org/httpcomponents-client-ga/index.html>
>>>>>
>>>>>
>>>>> If you don't know how to write a Servlet, then you should have a look
>>>>>
>>>> at
>>>
>>>> the documentation site and examples shipped with your Tomcat version:
>>>>>
>>>>>  http://tomcat.apache.org/
>>>>>
>>>>>
>>>>> p
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> [key:62590808]
>>>>>
>>>>>
>>>>>
>>>
>>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message