tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lau Eng Huat <tomcath...@gmail.com>
Subject Re: SSL Tomcat 6 & 7
Date Fri, 02 Dec 2011 09:12:48 GMT
Hi everybody,

I'm stuck on this SSL over a month. I hope somebody can help me here. I'm
getting a Warning on "WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLEngine' to 'on' did not find a matching property." I have tried using
all this 3 Connection type but it still does not work. I'm running on
Tomcat 7.0

protocol="org.apache.coyote.http11.Http11Protocol"
protocol="org.apache.coyote.http11.Http11NioProtocol"
protocol="org.apache.coyote.http11.Http11AprProtocol"

1. # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out
cacert.pem -days 3650 -config ./openssl.cnf

Using configuration from ./openssl.cnfGenerating a 1024 bit RSA
private key.......++++++..........................++++++writing new
private key to 'private/cakey.pem'Enter PEM pass
phrase:tomcatVerifying password - Enter PEM pass phrase:tomcat-----You
are about to be asked to enter information that will be
incorporatedinto your certificate request.What you are about to enter
is what is called a Distinguished Name or a DN.There are quite a few
fields but you can leave some blankFor some fields there will be a
default value,If you enter '.', the field will be left
blank.-----Organization Name (company) [The Sample
Company]:<enter>Organizational Unit Name (department, division) []:CA
DivisionEmail Address []:ca@sample.comLocality Name (city, district)
[Metropolis]:<enter>State or Province Name (full name) [New
York]:<enter>Country Name (2 letter code) [US]:<enter>Common Name
(hostname, IP, or your name) []:TSC Root CA

2.  openssl req -new -nodes -out req.pem -config ./openssl.cnf
3. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem

Using configuration from ./openssl.cnfEnter PEM pass phrase:demoCheck
that the request matches the signatureSignature okThe Subjects
Distinguished Name is as followsorganizationName      :PRINTABLE:'The
Sample Company'organizationalUnitName:PRINTABLE:'Mail
Server'emailAddress
:IA5STRING:'postmaster@sample.com'localityName
:PRINTABLE:'Metropolis'stateOrProvinceName   :PRINTABLE:'New
York'countryName           :PRINTABLE:'US'commonName
:PRINTABLE:'mail.sample.com'Certificate is to be certified until Dec
8 04:37:38 2002 GMT (365 days)Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]yWrite out
database with 1 new entriesData Base Updated

4. copy cert.pem tmp.pem5. openssl x509 -in tmp.pem -out cert.pem

//====================================== OPENSSL.CFG
======================================================
Attached here is the openssl.cfg

dir                     = .

[ ca ]
default_ca              = CA_default

[ CA_default ]
serial                  = $dir/serial
database                = $dir/index.txt
new_certs_dir           = $dir/newcerts
certificate             = $dir/cacert.pem
private_key             = $dir/private/cakey.pem
default_days            = 365
default_md              = md5
preserve                = no
email_in_dn             = no
nameopt                 = default_ca
certopt                 = default_ca
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]
default_bits            = 1024                  # Size of keys
default_keyfile         = key.pem               # name of generated keys
default_md              = md5                   # message digest algorithm
string_mask             = nombstr               # permitted characters
distinguished_name      = req_distinguished_name
req_extensions          = v3_req

[ req_distinguished_name ]
# Variable name           Prompt string
#----------------------   ----------------------------------
0.organizationName      = Organization Name (company)
organizationalUnitName  = Organizational Unit Name (department, division)
emailAddress            = Email Address
emailAddress_max        = 40
localityName            = Locality Name (city, district)
stateOrProvinceName     = State or Province Name (full name)
countryName             = Country Name (2 letter code)
countryName_min         = 2
countryName_max         = 2
commonName              = Common Name (hostname, IP, or your name)
commonName_max          = 64

# Default values for the above, for consistency and less typing.
# Variable name                   Value
#------------------------------   ------------------------------
0.organizationName_default      = The Sample Company
localityName_default            = Metropolis
stateOrProvinceName_default     = New York
countryName_default             = US

[ v3_ca ]
basicConstraints        = CA:TRUE
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always,issuer:always

[ v3_req ]
basicConstraints        = CA:FALSE
subjectKeyIdentifier    = hash

============================================= SERVER.XML
===================================================
Attached here is the server.xml

<Server port="8025" shutdown="SHUTDOWN">
    <Listener SSLEngine="on"
className="org.apache.catalina.core.AprLifecycleListener"/>
    <Listener className="org.apache.catalina.core.JasperListener"/>
    <Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
    <Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
    <Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

    <GlobalNamingResources>
        <Resource auth="Container" description="User database that can be
updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase" pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase"/>
    </GlobalNamingResources>

    <Service name="Catalina">
        <Connector URIEncoding="utf-8" connectionTimeout="20000"
port="8084" protocol="HTTP/1.1" redirectPort="8443"/>


    <Connector
        protocol="org.apache.coyote.http11.Http11AprProtocol"
        port="8443" maxHttpHeaderSize="8192"
        maxThreads="150" minSpareThreads="25"
        enableLookups="false" disableUploadTimeout="true"
        acceptCount="100" scheme="https" secure="true"
        clientAuth="false" sslProtocol="TLS"
SSLEngine="on"
SSLCertificateFile="${catalina.base}\conf\cert.pem"
SSLCertificateKeyFile="${catalina.base}\conf\key.pem"
SSLPassword="tomcat"
     />
        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
        <Engine defaultHost="localhost" name="Catalina">
            <Realm className="org.apache.catalina.realm.LockOutRealm">
                <Realm
className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
            </Realm>
            <Host appBase="webapps" autoDeploy="false" name="localhost"
unpackWARs="true">
                <Valve
className="org.apache.catalina.valves.AccessLogValve" directory="logs"
pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log."
resolveHosts="false" suffix=".txt"/>
            </Host>
        </Engine>
    </Service>
</Server>

//================================================= NETBEAN OUTPUT
=======================================
Using CATALINA_BASE:
"C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base"
Using CATALINA_HOME:   "D:\WEB_PROGRAMS\Apache Tomcat 7.0.14"
Using CATALINA_TMPDIR:
"C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\temp"
Using JRE_HOME:        "C:\IMPORTANT SOFTWARE\JDK_32"
Using CLASSPATH:       "D:\WEB_PROGRAMS\Apache Tomcat
7.0.14\bin\bootstrap.jar;D:\WEB_PROGRAMS\Apache Tomcat
7.0.14\bin\tomcat-juli.jar"
Dec 2, 2011 5:04:43 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Dec 2, 2011 5:04:43 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Dec 2, 2011 5:04:43 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLEngine' to 'on' did not find a matching property.
Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-apr-8084"]
Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 953 ms
Dec 2, 2011 5:04:44 PM org.apache.catalina.core.StandardService
startInternal
INFO: Starting service Catalina
Dec 2, 2011 5:04:44 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.14
Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deploying configuration descriptor ABC_WEBSITE.xml from
C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
Dec 2, 2011 5:04:47 PM com.sun.faces.config.ConfigureListener
contextInitialized
INFO: Initializing Mojarra 2.1.1 (FCS 20110408) for context '/ABC_WEBSITE'
Dec 2, 2011 5:04:47 PM com.sun.faces.spi.InjectionProviderFactory
createInstance
INFO: JSF1048: PostConstruct/PreDestroy annotations present.  ManagedBeans
methods marked with these annotations will have said annotations processed.
Dec 2, 2011 5:04:47 PM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deploying configuration descriptor manager.xml from
C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deploying configuration descriptor ROOT.xml from
C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
INFO: Starting ProtocolHandler ["http-apr-8084"]
Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
INFO: Starting ProtocolHandler ["http-apr-8443"]
Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
INFO: Starting ProtocolHandler ["ajp-apr-8009"]
Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.Catalina start

God Bless
ENg Huat

On Sun, Nov 13, 2011 at 11:19 PM, Pid <pid@pidster.com> wrote:

> On 13/11/2011 10:03, Lau Eng Huat wrote:
> > Hi everybody,
> >
> > I have followed this example on setting up the SSL on Tomcat Expert
> >
> http://www.tomcatexpert.com/knowledge-base/using-openssl-configure-ssl-certificates-tomcat
> > .
> > The question that I have is how do you use Apache Common HttpClient to
> sent
> > and received information from the servlet. I have no idea on how to write
> > the code for the httpClient and Servlet. Please help me on this , I'm
> stuck
> > at this for couple of weeks already.
>
> One of those is a question for the Apache Commons community.
> Note: Commons HttpClient has been superceded by Http Components.
>
>  http://hc.apache.org/httpcomponents-client-ga/index.html
>
>
> If you don't know how to write a Servlet, then you should have a look at
> the documentation site and examples shipped with your Tomcat version:
>
>  http://tomcat.apache.org/
>
>
> p
>
>
> --
>
> [key:62590808]
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message