Sorry. Comments removed.
___________________
<?xml version='1.0' encoding='utf-8'?>
<Server port="8405" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="18080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector
clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
7.0\conf\wcmdev-ssl.jks"
keystoreType="JKS" keystorePass="******"
truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
7.0\conf\wcmdev-ssl.jks"
truststoreType="JKS" truststorePass="******"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"
sslProtocol="TLS" />
<Connector port="8409" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b"
resolveHosts="false"/>
</Host>
</Engine>
</Service>
</Server>
Thanks,
Justin LaRose
From: Pid <pid@pidster.com>
To: Tomcat Users List <users@tomcat.apache.org>
Date: 01/04/2012 03:29 PM
Subject: Re: SSL Configuration Errors
On 04/01/2012 19:33, Justin Larose wrote:
> Hello Group,
>
> I am seeing this error when starting Tomcat 7 on Windows.
>
> SEVERE: Failed to initialize end point associated with ProtocolHandler
> ["http-bio-8443"]
> java.io.IOException: SSL configuration is invalid due to No available
> certificate or key corresponds to the SSL cipher suites which are
enabled.
>
> I have 3 certs in the keystore 1 root, 1 intermediate and the one
received
> from the csr. I also confirmed they are pointing to the correct place
and
> I can see them if I do a
> "keytool -list -v -keystore keystore.jks -alias mydomain"
>
> I have attached my server.xml below. Anyone know where to start?
By removing the comments?
p
> ___________
>
> <?xml version='1.0' encoding='utf-8'?>
> <Server port="8405" shutdown="SHUTDOWN">
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!--APR library loader. Documentation at /docs/apr.html -->
> <!-- <Listener
className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" /> -->
> <!--Initialize Jasper prior to webapps are loaded. Documentation at
> /docs/jasper-howto.html -->
> <Listener className="org.apache.catalina.core.JasperListener" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
/>
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
/>
>
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
>
> <!-- A "Service" is a collection of one or more "Connectors" that
share
> a single "Container" Note: A "Service" is not itself a
> "Container",
> so you may not define subcomponents such as "Valves" at this
level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one or
> more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are
> received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL HTTP/1.1 Connector on port 8080
> -->
> <Connector port="18080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> This connector uses the JSSE configuration, when using APR, the
> connector should be using the OpenSSL style configuration
> described in the APR documentation -->
>
> <!--
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />
> -->
>
> <Connector
> clientAuth="true" port="8443" minSpareThreads="5"
maxSpareThreads="75"
> enableLookups="true" disableUploadTimeout="true"
> acceptCount="100" maxThreads="200"
> scheme="https" secure="true" SSLEnabled="true"
> keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
> 7.0\conf\wcmdev-ssl.jks"
> keystoreType="JKS" keystorePass="******"
> truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
> 7.0\conf\wcmdev-ssl.jks"
> truststoreType="JKS" truststorePass="******"
> SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"
> sslProtocol="TLS"
> />
>
> <!-- Define an AJP 1.3 Connector on port 8409 -->
> <Connector port="8409" protocol="AJP/1.3" redirectPort="8443" />
>
>
> <!-- An Engine represents the entry point (within Catalina) that
> processes
> every request. The Engine implementation for Tomcat stand
alone
> analyzes the HTTP headers included with the request, and passes
> them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
>
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
> <!-- Use the LockOutRealm to prevent attempts to guess user
> passwords
> via a brute-force attack -->
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global
> JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are
immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Realm>
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
>
> <!-- SingleSignOn valve, share authentication between web
> applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve
className="org.apache.catalina.authenticator.SingleSignOn"
> />
> -->
>
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using
> pattern="common" -->
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> prefix="localhost_access_log." suffix=".txt"
> pattern="%h %l %u %t "%r" %s %b"
> resolveHosts="false"/>
>
> </Host>
> </Engine>
> </Service>
> </Server>
>
>
> Thanks,
> Justin LaRose
>
******************************************************************************
> This email and any files transmitted with it are intended solely for
> the use of the individual or agency to whom they are addressed.
> If you have received this email in error please notify the Navy
> Exchange Service Command e-mail administrator. This footnote
> also confirms that this email message has been scanned for the
> presence of computer viruses.
>
> Thank You!
>
******************************************************************************
>
>
--
[key:62590808]
[attachment "signature.asc" deleted by Justin Larose/VAB/HQ/NEXNET]
|