tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: SSL configuration using PFX as keystore
Date Fri, 19 Jun 2015 13:14:33 GMT
Daniel Mikusa wrote:
> On Fri, Jun 19, 2015 at 12:42 AM, Michael Salisbury <Michael@skypoint.co.nz>
> wrote:
> 
>>  Hi there,
>>
>> I’m trying to get the above working using Tomcat 8.0, previously working
>> with 7.0.  This is part of a WebDAV connector in Confluence.
>>
>> It seems I can connect from anything other than a Windows Mini Redirector
>> client (Windows 7 or 8.1, x86 or x64).  Using a web browser or 3rd party
>> client (CyberDuck for instance) connects OK.
>>

You should do a search in Google for "Windows and DAV".
The various implementations over the years of DAV in MS Windows are a real horror story.
As far as I know (but it varies according to Windows versions and patches, and even 
according to whatever other software is installed on the workstation) :
- recent version of Windows will only accept to connect to DAV folders via HTTPS
- recent and less recent versions of Windows will only accept to connect to a DAV folder,

if that DAV folder is at the "document root" of the webserver

In other words, for all practical purposes, you /have to/ use a third-party client.
(WebDrive is another one which I know works)

And if you don't, be prepared for a lot of support calls..

> 
> What happens when you try to connect with the Windows Mini Redirector?  Do
> you get a client error?  If so, what?  Do you get any errors or messages in
> the Tomcat logs?  If not, you might try running wireshark to investigate
> further.  Capture packets from a working client and packets from the MS
> client then look to see what's different.
> 
> That said, the fact that it's working for a large selection of clients
> except one, seems to point to a problem with the client and not your Tomcat
> setup.  What makes you think this is a Tomcat issue?  Was there something
> specific you had to do in Tomcat 7 to make the MS client work?
> 
> Dan
> 
> 
>> There are some registry keys in Windows one needs to enable to get this
>> working first:
>>
>>
>>
>> [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet]
>>
>> "BasicAuthLevel"=dword:00000001
>>
>>
>>
>> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters]
>>
>> "BasicAuthLevel"=dword:00000001
>>
>> "UseBasicAuth"=dword:00000001
>>
>>
>>
>> Server.xml
>>
>> <Connector port="9443" maxHttpHeaderSize="8192"
>>
>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>>
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>
>> enableLookups="false" disableUploadTimeout="true"
>>
>> acceptCount="100" scheme="https" secure="true"
>>
>> clientAuth="false" sslProtocols="TLS" SSLEnabled="true"
>>
>> URIEncoding="UTF-8"
>>
>> keystoreType="PKCS12"
>>
>> keystoreFile="${catalina.base}/conf/certname.pfx"
>>
>> keystorePass="keypassword"/>
>>
>>
>>
>> I’m fairly new to this, but have done a fair bit of reading to get it
>> working previously in Tomcat7…so any help would be greatly appreciated.
>>
>>
>>
>> Kind regards
>>
>>
>>
>> *Michael Salisbury*
>>
>>
>>
>> *Senior Systems Architect*   |   *P*  07 960 7011  |   *E*
>> michael@skypoint.co.nz   |   *W*  skypoint.co.nz
>>
>>
>>
>> Waikato Innovation Park, Ruakura Rd, PO Box 9466, Hamilton 3240, NZ
>>
>>
>>
>>
>>
>> [image: cid:image001.png@01CF0265.772EC520]
>>
>>
>>
>> Please send any support enquiries to *E* support@skypoint.co.nz
>>
>>
>>
>> [image: MCSA_2013(rgb)_14802]          [image: HP Accredited Technical
>> Professional]
>>
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message