tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lau Eng Huat <tomcath...@gmail.com>
Subject Re: SSL Tomcat 6 & 7
Date Fri, 02 Dec 2011 15:39:39 GMT
I'm still stuck after correcting the recommendation made by Daniel.

  <Listener  className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />

    <Connector
        protocol="org.apache.coyote.http11.Http11AprProtocol"
        port="8443" maxHttpHeaderSize="8192"
        maxThreads="150" minSpareThreads="25"
        enableLookups="false" disableUploadTimeout="true"
        acceptCount="100" scheme="https" secure="true"
        clientAuth="false" sslProtocol="TLS"
SSLEngine="true"
SSLCertificateFile="${catalina.base}\conf\cert.pem"
SSLCertificateKeyFile="${catalina.base}\conf\key.pem"
SSLPassword="tomcat"
     />

 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>

It still gives me this error

WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLEngine' to 'true' did not find a matching property.

i'm running tomcat as localhoat under netbeans.

On Fri, Dec 2, 2011 at 9:57 PM, Daniel Mikusa <dmikusa@vmware.com> wrote:

> On Fri, 2011-12-02 at 01:12 -0800, Lau Eng Huat wrote:
> > Hi everybody,
> >
> > I'm stuck on this SSL over a month. I hope somebody can help me here. I'm
> > getting a Warning on "WARNING:
> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > 'SSLEngine' to 'on' did not find a matching property."
>
> Tomcat is telling you that the property "SSLEngine" does not exist on a
> Connector object.  Note that it is not listed in the documentation
> either.
>
> https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
>
>
> Perhaps you are confused with the "SSLEngine" attribute of the
> AprLifecycleListener?
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
>          SSLEngine="on" />
>
>
> and perhaps you meant SSLEnabled="true" on your Connector?
>
> Example from docs:
>
> <Connector
>           port="8443" maxThreads="200"
>           scheme="https" secure="true" SSLEnabled="true"
>           SSLCertificateFile="/usr/local/ssl/server.crt"
>           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
>           clientAuth="optional" SSLProtocol="TLSv1"/>
>
> https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
>
> Dan
>
>
>
> > I have tried using
> > all this 3 Connection type but it still does not work. I'm running on
> > Tomcat 7.0
> >
> > protocol="org.apache.coyote.http11.Http11Protocol"
> > protocol="org.apache.coyote.http11.Http11NioProtocol"
> > protocol="org.apache.coyote.http11.Http11AprProtocol"
> >
> > 1. # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem
> -out
> > cacert.pem -days 3650 -config ./openssl.cnf
> >
> > Using configuration from ./openssl.cnfGenerating a 1024 bit RSA
> > private key.......++++++..........................++++++writing new
> > private key to 'private/cakey.pem'Enter PEM pass
> > phrase:tomcatVerifying password - Enter PEM pass phrase:tomcat-----You
> > are about to be asked to enter information that will be
> > incorporatedinto your certificate request.What you are about to enter
> > is what is called a Distinguished Name or a DN.There are quite a few
> > fields but you can leave some blankFor some fields there will be a
> > default value,If you enter '.', the field will be left
> > blank.-----Organization Name (company) [The Sample
> > Company]:<enter>Organizational Unit Name (department, division) []:CA
> > DivisionEmail Address []:ca@sample.comLocality Name (city, district)
> > [Metropolis]:<enter>State or Province Name (full name) [New
> > York]:<enter>Country Name (2 letter code) [US]:<enter>Common Name
> > (hostname, IP, or your name) []:TSC Root CA
> >
> > 2.  openssl req -new -nodes -out req.pem -config ./openssl.cnf
> > 3. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem
> >
> > Using configuration from ./openssl.cnfEnter PEM pass phrase:demoCheck
> > that the request matches the signatureSignature okThe Subjects
> > Distinguished Name is as followsorganizationName      :PRINTABLE:'The
> > Sample Company'organizationalUnitName:PRINTABLE:'Mail
> > Server'emailAddress
> > :IA5STRING:'postmaster@sample.com'localityName
> > :PRINTABLE:'Metropolis'stateOrProvinceName   :PRINTABLE:'New
> > York'countryName           :PRINTABLE:'US'commonName
> > :PRINTABLE:'mail.sample.com'Certificate is to be certified until Dec
> > 8 04:37:38 2002 GMT (365 days)Sign the certificate? [y/n]:y
> > 1 out of 1 certificate requests certified, commit? [y/n]yWrite out
> > database with 1 new entriesData Base Updated
> >
> > 4. copy cert.pem tmp.pem5. openssl x509 -in tmp.pem -out cert.pem
> >
> > //====================================== OPENSSL.CFG
> > ======================================================
> > Attached here is the openssl.cfg
> >
> > dir                     = .
> >
> > [ ca ]
> > default_ca              = CA_default
> >
> > [ CA_default ]
> > serial                  = $dir/serial
> > database                = $dir/index.txt
> > new_certs_dir           = $dir/newcerts
> > certificate             = $dir/cacert.pem
> > private_key             = $dir/private/cakey.pem
> > default_days            = 365
> > default_md              = md5
> > preserve                = no
> > email_in_dn             = no
> > nameopt                 = default_ca
> > certopt                 = default_ca
> > policy                  = policy_match
> >
> > [ policy_match ]
> > countryName             = match
> > stateOrProvinceName     = match
> > organizationName        = match
> > organizationalUnitName  = optional
> > commonName              = supplied
> > emailAddress            = optional
> >
> > [ req ]
> > default_bits            = 1024                  # Size of keys
> > default_keyfile         = key.pem               # name of generated keys
> > default_md              = md5                   # message digest
> algorithm
> > string_mask             = nombstr               # permitted characters
> > distinguished_name      = req_distinguished_name
> > req_extensions          = v3_req
> >
> > [ req_distinguished_name ]
> > # Variable name           Prompt string
> > #----------------------   ----------------------------------
> > 0.organizationName      = Organization Name (company)
> > organizationalUnitName  = Organizational Unit Name (department, division)
> > emailAddress            = Email Address
> > emailAddress_max        = 40
> > localityName            = Locality Name (city, district)
> > stateOrProvinceName     = State or Province Name (full name)
> > countryName             = Country Name (2 letter code)
> > countryName_min         = 2
> > countryName_max         = 2
> > commonName              = Common Name (hostname, IP, or your name)
> > commonName_max          = 64
> >
> > # Default values for the above, for consistency and less typing.
> > # Variable name                   Value
> > #------------------------------   ------------------------------
> > 0.organizationName_default      = The Sample Company
> > localityName_default            = Metropolis
> > stateOrProvinceName_default     = New York
> > countryName_default             = US
> >
> > [ v3_ca ]
> > basicConstraints        = CA:TRUE
> > subjectKeyIdentifier    = hash
> > authorityKeyIdentifier  = keyid:always,issuer:always
> >
> > [ v3_req ]
> > basicConstraints        = CA:FALSE
> > subjectKeyIdentifier    = hash
> >
> > ============================================= SERVER.XML
> > ===================================================
> > Attached here is the server.xml
> >
> > <Server port="8025" shutdown="SHUTDOWN">
> >     <Listener SSLEngine="on"
> > className="org.apache.catalina.core.AprLifecycleListener"/>
> >     <Listener className="org.apache.catalina.core.JasperListener"/>
> >     <Listener
> > className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
> >     <Listener
> > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
> >     <Listener
> > className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
> >
> >     <GlobalNamingResources>
> >         <Resource auth="Container" description="User database that can be
> > updated and saved"
> > factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> > name="UserDatabase" pathname="conf/tomcat-users.xml"
> > type="org.apache.catalina.UserDatabase"/>
> >     </GlobalNamingResources>
> >
> >     <Service name="Catalina">
> >         <Connector URIEncoding="utf-8" connectionTimeout="20000"
> > port="8084" protocol="HTTP/1.1" redirectPort="8443"/>
> >
> >
> >     <Connector
> >         protocol="org.apache.coyote.http11.Http11AprProtocol"
> >         port="8443" maxHttpHeaderSize="8192"
> >         maxThreads="150" minSpareThreads="25"
> >         enableLookups="false" disableUploadTimeout="true"
> >         acceptCount="100" scheme="https" secure="true"
> >         clientAuth="false" sslProtocol="TLS"
> > SSLEngine="on"
> > SSLCertificateFile="${catalina.base}\conf\cert.pem"
> > SSLCertificateKeyFile="${catalina.base}\conf\key.pem"
> > SSLPassword="tomcat"
> >      />
> >         <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
> >         <Engine defaultHost="localhost" name="Catalina">
> >             <Realm className="org.apache.catalina.realm.LockOutRealm">
> >                 <Realm
> > className="org.apache.catalina.realm.UserDatabaseRealm"
> > resourceName="UserDatabase"/>
> >             </Realm>
> >             <Host appBase="webapps" autoDeploy="false" name="localhost"
> > unpackWARs="true">
> >                 <Valve
> > className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> > pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log."
> > resolveHosts="false" suffix=".txt"/>
> >             </Host>
> >         </Engine>
> >     </Service>
> > </Server>
> >
> > //================================================= NETBEAN OUTPUT
> > =======================================
> > Using CATALINA_BASE:
> > "C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base"
> > Using CATALINA_HOME:   "D:\WEB_PROGRAMS\Apache Tomcat 7.0.14"
> > Using CATALINA_TMPDIR:
> > "C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\temp"
> > Using JRE_HOME:        "C:\IMPORTANT SOFTWARE\JDK_32"
> > Using CLASSPATH:       "D:\WEB_PROGRAMS\Apache Tomcat
> > 7.0.14\bin\bootstrap.jar;D:\WEB_PROGRAMS\Apache Tomcat
> > 7.0.14\bin\tomcat-juli.jar"
> > Dec 2, 2011 5:04:43 PM org.apache.catalina.core.AprLifecycleListener init
> > INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
> > Dec 2, 2011 5:04:43 PM org.apache.catalina.core.AprLifecycleListener init
> > INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> > [false], random [true].
> > Dec 2, 2011 5:04:43 PM org.apache.catalina.startup.SetAllPropertiesRule
> > begin
> > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
> property
> > 'SSLEngine' to 'on' did not find a matching property.
> > Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
> > INFO: Initializing ProtocolHandler ["http-apr-8084"]
> > Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
> > INFO: Initializing ProtocolHandler ["http-apr-8443"]
> > Dec 2, 2011 5:04:44 PM org.apache.coyote.AbstractProtocolHandler init
> > INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
> > Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.Catalina load
> > INFO: Initialization processed in 953 ms
> > Dec 2, 2011 5:04:44 PM org.apache.catalina.core.StandardService
> > startInternal
> > INFO: Starting service Catalina
> > Dec 2, 2011 5:04:44 PM org.apache.catalina.core.StandardEngine
> startInternal
> > INFO: Starting Servlet Engine: Apache Tomcat/7.0.14
> > Dec 2, 2011 5:04:44 PM org.apache.catalina.startup.HostConfig
> > deployDescriptor
> > INFO: Deploying configuration descriptor ABC_WEBSITE.xml from
> >
> C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
> > Dec 2, 2011 5:04:47 PM com.sun.faces.config.ConfigureListener
> > contextInitialized
> > INFO: Initializing Mojarra 2.1.1 (FCS 20110408) for context
> '/ABC_WEBSITE'
> > Dec 2, 2011 5:04:47 PM com.sun.faces.spi.InjectionProviderFactory
> > createInstance
> > INFO: JSF1048: PostConstruct/PreDestroy annotations present.
>  ManagedBeans
> > methods marked with these annotations will have said annotations
> processed.
> > Dec 2, 2011 5:04:47 PM org.apache.catalina.startup.HostConfig
> > deployDescriptor
> > INFO: Deploying configuration descriptor manager.xml from
> >
> C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
> > Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.HostConfig
> > deployDescriptor
> > INFO: Deploying configuration descriptor ROOT.xml from
> >
> C:\Users\LEH\.netbeans\7.0\apache-tomcat-7.0.14.0_base\conf\Catalina\localhost
> > Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
> > INFO: Starting ProtocolHandler ["http-apr-8084"]
> > Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
> > INFO: Starting ProtocolHandler ["http-apr-8443"]
> > Dec 2, 2011 5:04:48 PM org.apache.coyote.AbstractProtocolHandler start
> > INFO: Starting ProtocolHandler ["ajp-apr-8009"]
> > Dec 2, 2011 5:04:48 PM org.apache.catalina.startup.Catalina start
> >
> > God Bless
> > ENg Huat
> >
> > On Sun, Nov 13, 2011 at 11:19 PM, Pid <pid@pidster.com> wrote:
> >
> > > On 13/11/2011 10:03, Lau Eng Huat wrote:
> > > > Hi everybody,
> > > >
> > > > I have followed this example on setting up the SSL on Tomcat Expert
> > > >
> > >
> http://www.tomcatexpert.com/knowledge-base/using-openssl-configure-ssl-certificates-tomcat
> > > > .
> > > > The question that I have is how do you use Apache Common HttpClient
> to
> > > sent
> > > > and received information from the servlet. I have no idea on how to
> write
> > > > the code for the httpClient and Servlet. Please help me on this , I'm
> > > stuck
> > > > at this for couple of weeks already.
> > >
> > > One of those is a question for the Apache Commons community.
> > > Note: Commons HttpClient has been superceded by Http Components.
> > >
> > >  http://hc.apache.org/httpcomponents-client-ga/index.html
> > >
> > >
> > > If you don't know how to write a Servlet, then you should have a look
> at
> > > the documentation site and examples shipped with your Tomcat version:
> > >
> > >  http://tomcat.apache.org/
> > >
> > >
> > > p
> > >
> > >
> > > --
> > >
> > > [key:62590808]
> > >
> > >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message