tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Larose <Justin.Lar...@nexweb.org>
Subject Re: SSL Configuration Errors
Date Thu, 05 Jan 2012 18:22:48 GMT
Sorry. Comments removed.

___________________

<?xml version='1.0' encoding='utf-8'?>
<Server port="8405" shutdown="SHUTDOWN">
   <Listener className="org.apache.catalina.core.JasperListener" />
   <Listener 
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
   <Listener 
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
   <Listener 
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

   <GlobalNamingResources>
     <Resource name="UserDatabase" auth="Container"
               type="org.apache.catalina.UserDatabase"
               description="User database that can be updated and saved"
  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
               pathname="conf/tomcat-users.xml" />
   </GlobalNamingResources>

   <Service name="Catalina">

     <Connector port="18080" protocol="HTTP/1.1"
                connectionTimeout="20000"
                redirectPort="8443" />

  <Connector
    clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
    enableLookups="true" disableUploadTimeout="true"
    acceptCount="100" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
7.0\conf\wcmdev-ssl.jks"
    keystoreType="JKS" keystorePass="******"
    truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
7.0\conf\wcmdev-ssl.jks"
    truststoreType="JKS" truststorePass="******"
    SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" 
sslProtocol="TLS" />

    <Connector port="8409" protocol="AJP/1.3" redirectPort="8443" />


    <Engine name="Catalina" defaultHost="localhost">

    <Realm className="org.apache.catalina.realm.LockOutRealm">
         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                resourceName="UserDatabase"/>
       </Realm>

       <Host name="localhost"  appBase="webapps"
             unpackWARs="true" autoDeploy="true">

         <Valve className="org.apache.catalina.valves.AccessLogValve" 
directory="logs"
                prefix="localhost_access_log." suffix=".txt"
                pattern="%h %l %u %t &quot;%r&quot; %s %b" 
resolveHosts="false"/>

       </Host>
     </Engine>
   </Service>
 </Server>


Thanks,
Justin LaRose




From:   Pid <pid@pidster.com>
To:     Tomcat Users List <users@tomcat.apache.org>
Date:   01/04/2012 03:29 PM
Subject:        Re: SSL Configuration Errors


On 04/01/2012 19:33, Justin Larose wrote:
> Hello Group,
>
> I am seeing this error when starting Tomcat 7 on Windows.
>
> SEVERE: Failed to initialize end point associated with ProtocolHandler
> ["http-bio-8443"]
> java.io.IOException: SSL configuration is invalid due to No available
> certificate or key corresponds to the SSL cipher suites which are 
enabled.
>
> I have 3 certs in the keystore 1 root, 1 intermediate and the one 
received
> from the csr. I also confirmed they are pointing to the correct place 
and
> I can see them if I do a
> "keytool -list -v -keystore keystore.jks -alias mydomain"
>
> I have attached my server.xml below. Anyone know where to start?

By removing the comments?


p

> ___________
>
> <?xml version='1.0' encoding='utf-8'?>
> <Server port="8405" shutdown="SHUTDOWN">
>   <!-- Security listener. Documentation at /docs/config/listeners.html
>   <Listener className="org.apache.catalina.security.SecurityListener" />
>   -->
>   <!--APR library loader. Documentation at /docs/apr.html -->
>   <!-- <Listener 
className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" /> -->
>   <!--Initialize Jasper prior to webapps are loaded. Documentation at
> /docs/jasper-howto.html -->
>   <Listener className="org.apache.catalina.core.JasperListener" />
>   <!-- Prevent memory leaks due to use of particular java/javax APIs-->
>   <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>   <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" 
/>
>   <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" 
/>
>
>   <!-- Global JNDI resources
>        Documentation at /docs/jndi-resources-howto.html
>   -->
>   <GlobalNamingResources>
>     <!-- Editable user database that can also be used by
>          UserDatabaseRealm to authenticate users
>     -->
>     <Resource name="UserDatabase" auth="Container"
>               type="org.apache.catalina.UserDatabase"
>               description="User database that can be updated and saved"
>  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>               pathname="conf/tomcat-users.xml" />
>   </GlobalNamingResources>
>
>   <!-- A "Service" is a collection of one or more "Connectors" that 
share
>        a single "Container" Note:  A "Service" is not itself a
> "Container",
>        so you may not define subcomponents such as "Valves" at this 
level.
>        Documentation at /docs/config/service.html
>    -->
>   <Service name="Catalina">
>
>     <!--The connectors can use a shared executor, you can define one or
> more named thread pools-->
>     <!--
>     <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
>         maxThreads="150" minSpareThreads="4"/>
>     -->
>
>
>     <!-- A "Connector" represents an endpoint by which requests are
> received
>          and responses are returned. Documentation at :
>          Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
>          Java AJP  Connector: /docs/config/ajp.html
>          APR (HTTP/AJP) Connector: /docs/apr.html
>          Define a non-SSL HTTP/1.1 Connector on port 8080
>     -->
>     <Connector port="18080" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="8443" />
>     <!-- A "Connector" using the shared thread pool-->
>     <!--
>     <Connector executor="tomcatThreadPool"
>                port="8080" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="8443" />
>     -->
>     <!-- Define a SSL HTTP/1.1 Connector on port 8443
>          This connector uses the JSSE configuration, when using APR, the
>          connector should be using the OpenSSL style configuration
>          described in the APR documentation -->
>
> <!--
>     <Connector  port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>                 maxThreads="150" scheme="https" secure="true"
>                 clientAuth="false" sslProtocol="TLS" />
>  -->
>
>  <Connector
>    clientAuth="true" port="8443" minSpareThreads="5" 
maxSpareThreads="75"
>    enableLookups="true" disableUploadTimeout="true"
>    acceptCount="100" maxThreads="200"
>    scheme="https" secure="true" SSLEnabled="true"
>    keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
> 7.0\conf\wcmdev-ssl.jks"
>    keystoreType="JKS" keystorePass="******"
>    truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
> 7.0\conf\wcmdev-ssl.jks"
>    truststoreType="JKS" truststorePass="******"
>    SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"
> sslProtocol="TLS"
> />
>
>     <!-- Define an AJP 1.3 Connector on port 8409 -->
>     <Connector port="8409" protocol="AJP/1.3" redirectPort="8443" />
>
>
>     <!-- An Engine represents the entry point (within Catalina) that
> processes
>          every request.  The Engine implementation for Tomcat stand 
alone
>          analyzes the HTTP headers included with the request, and passes
> them
>          on to the appropriate Host (virtual host).
>          Documentation at /docs/config/engine.html -->
>
>     <!-- You should set jvmRoute to support load-balancing via AJP ie :
>     <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>     -->
>     <Engine name="Catalina" defaultHost="localhost">
>
>       <!--For clustering, please take a look at documentation at:
>           /docs/cluster-howto.html  (simple how to)
>           /docs/config/cluster.html (reference documentation) -->
>       <!--
>       <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
>       -->
>
>       <!-- Use the LockOutRealm to prevent attempts to guess user
> passwords
>            via a brute-force attack -->
>       <Realm className="org.apache.catalina.realm.LockOutRealm">
>         <!-- This Realm uses the UserDatabase configured in the global
> JNDI
>              resources under the key "UserDatabase".  Any edits
>              that are performed against this UserDatabase are 
immediately
>              available for use by the Realm.  -->
>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>                resourceName="UserDatabase"/>
>       </Realm>
>
>       <Host name="localhost"  appBase="webapps"
>             unpackWARs="true" autoDeploy="true">
>
>         <!-- SingleSignOn valve, share authentication between web
> applications
>              Documentation at: /docs/config/valve.html -->
>         <!--
>         <Valve 
className="org.apache.catalina.authenticator.SingleSignOn"
> />
>         -->
>
>         <!-- Access log processes all example.
>              Documentation at: /docs/config/valve.html
>              Note: The pattern used is equivalent to using
> pattern="common" -->
>         <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>                prefix="localhost_access_log." suffix=".txt"
>                pattern="%h %l %u %t &quot;%r&quot; %s %b"
> resolveHosts="false"/>
>
>       </Host>
>     </Engine>
>   </Service>
> </Server>
>
>
> Thanks,
> Justin LaRose
> 
******************************************************************************
> This email and any files transmitted with it are intended solely for
> the use of the individual or agency to whom they are addressed.
> If you have received this email in error please notify the Navy
> Exchange Service Command e-mail administrator. This footnote
> also confirms that this email message has been scanned for the
> presence of computer viruses.
>
> Thank You!
> 
******************************************************************************
>
>


--

[key:62590808]

[attachment "signature.asc" deleted by Justin Larose/VAB/HQ/NEXNET] 

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message