You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Charles Van Damme <ch...@gmail.com> on 2011/06/08 18:29:43 UTC
My web application to use SSL (JSSE - RSA)
Dear caring souls,
I'm just subscribed in 'Tomcat users List'.
I'm trying to get my first applic using SSL started. I read therefor SSL
Configuration HOW-TO<http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration>n
times.
I'm using
- Apache Tomcat 7.0.11
- NetBeans IDE 7.0 (Build 201104080000)
- Java: 1.6.0_22; Java HotSpot(TM) Client VM 17.1-b03 ; and its included JRE
(C:\Program Files\Java\jdk1.6.0_22\jre)
- System: Windows XP version 5.1 running on x86; Cp1252; fr_BE (nb)
on my desktop PC with AMD Athlon(tm) 64 Processor ...
Please, here my question :
When I compile and run my 'Test1' applic inside the IDE, I get:
"Starting of Tomcat failed"
"BUILD FAILED ..."
"SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-nio-443"]"
"SEVERE: Failed to initialize connector
[Connector[org.apache.coyote.http11.Http11NioProtocol-443]]"
"SEVERE: Error starting static Resources"
a s o
Pls, see a copy of my 'Tomcat 7.0' output window in the attached WordPad
file (8-jun-2011 18:05:11 Tomcat issue.rtf).
I also attached my 'server.xml' file
Thanks a lot for trying to help me.
Chavadam
P.S.: Why doesn't Apache Tomcat use a usual forum application on a website
for all his support questions ? (Like NetBeans, Oracle, mySQL, ...)
My mailbox is getting quickly much too full ... No provision for "Quote"
neither "Code" inserts ...
Re: My web application to use SSL (JSSE - RSA)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
On 6/10/2011 3:59 PM, Christopher Schultz wrote:
> It's best to find out what your JVM supports and use that.
>
> I wrote a short bit of code a while back to determine the supported
> algorithms and the default cipher suite for an SSLSocketFactory.
As promised, see below. No warranty. Free license. Attributions appreciated.
- -chris
package com.chadis.tools.security;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import java.security.Provider;
import java.security.Security;
import javax.net.ssl.SSLServerSocketFactory;
public class SSLInfo
{
public static void main(String[] args)
throws Exception
{
boolean enumeratedProviders = (null != args && 0 < args.length);
// Get SSL protocol info
String providerName = null;
Provider providers[];
if(enumeratedProviders)
{
providers = new Provider[args.length];
for(int i = 0; i < args.length; i++)
providers[i] = Security.getProvider(args[i]);
} else {
providers = Security.getProviders();
}
System.out.println("Supported SSL Protocols:");
boolean foundProtocol = false;
for(int i = 0; i < providers.length; i++)
{
Provider p = providers[i];
// Skip any providers that don't actually exist
if(null == p) continue;
ArrayList keys = new ArrayList(p.keySet());
Collections.sort(keys);
for(Iterator j = keys.iterator(); j.hasNext(); )
{
String key = (String)j.next();
if(key.startsWith("SSLContext.")
&& !"SSLContext.Default".equals(key))
{
foundProtocol |= true;
System.out.print(" ");
System.out.print(key.substring("SSLContext.".length()));
System.out.print(" (");
System.out.print(p.getName());
System.out.println(")");
}
}
}
if(!foundProtocol)
if(enumeratedProviders)
System.out.println(" ! No SSL protocols supported by any
requested provider");
else
System.out.println(" ! No SSL protocols supported by any
provider");
// Get cipher suite info
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
String[] defaultCiphers = ssf.getDefaultCipherSuites();
String[] availableCiphers = ssf.getSupportedCipherSuites();
TreeMap ciphers = new TreeMap();
for(int i=0; i<availableCiphers.length; ++i )
ciphers.put(availableCiphers[i], Boolean.FALSE);
for(int i=0; i<defaultCiphers.length; ++i )
ciphers.put(defaultCiphers[i], Boolean.TRUE);
System.out.println("Default\tCipher Name");
for(Iterator i = ciphers.entrySet().iterator(); i.hasNext(); ) {
Map.Entry cipher=(Map.Entry)i.next();
if(Boolean.TRUE.equals(cipher.getValue()))
System.out.print('*');
else
System.out.print(' ');
System.out.print('\t');
System.out.println(cipher.getKey());
}
}
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3yfN8ACgkQ9CaO5/Lv0PCLdwCffjuhJ/EznrfRr3EqfGHijSyK
GtQAnAnWSmk8g8luGF73lPWWXdrTssc+
=0/80
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pid,
On 6/10/2011 4:37 PM, Pid wrote:
> On 10/06/2011 21:29, Patrick Flaherty wrote:
>> Hi,
>>
>> Is APR/native Connector dramatically faster then Java Nio Blocking
>> Connector or is it marginal ?
>
> APR+SSL is a little faster, if I remember correctly, Chris?
I haven't benchmarked SSL configurations, only cleartext HTTP. Both the
APR and NIO connectors were /way/ faster than the BIO connector with
serving static content.
>> I'd love faster SSL but all my keys and certs are java based (keytool).
>> Will APR ever support Java SSL ?
>
> No.
Converting certs between formats is pretty trivial.
>> I find Java keytool to be reasonably easy to use. Is OpenSSL as easy to
>> use ?
>
> Yes.
You don't even have to use OpenSSL for anything directly. I like the
APR/SSL configuration better because you don't have to muck-around with
keytool, certificate stores, etc... you just have plain-old PEM files,
just like Apache httpd uses (APR is httpd code, so there you go).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3yglMACgkQ9CaO5/Lv0PCRUgCfW0po4Z/BusvAOq9sQOV4QQ5n
4TMAoJeptHzms7bw8/IvQUcW7KURZxuc
=XB/x
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: My web application to use SSL (JSSE - RSA)
Posted by "Adamus, Steven J." <ST...@saic.com>.
We switched from JSSE to the APR and OpenSSL about 6 months. We
converted all existing keys and certs to the format required by OpenSSL.
It was not hard. Some people say it can't be done, but they're wrong.
After 6 months with openSSL, I say it's easier to use than JSSE. We use
not only server-side certs, we also require client certificate
authentication and perform certificate revocation checking.
-----Original Message-----
From: users-return-225336-STEVEN.J.ADAMUS=saic.com@tomcat.apache.org
[mailto:users-return-225336-STEVEN.J.ADAMUS=saic.com@tomcat.apache.org]
On Behalf Of Pid
Sent: Friday, June 10, 2011 1:37 PM
To: Tomcat Users List
Subject: Re: My web application to use SSL (JSSE - RSA)
On 10/06/2011 21:29, Patrick Flaherty wrote:
> Hi,
>
> Is APR/native Connector dramatically faster then Java Nio Blocking
> Connector or is it marginal ?
APR+SSL is a little faster, if I remember correctly, Chris?
> I'd love faster SSL but all my keys and certs are java based
(keytool).
> Will APR ever support Java SSL ?
No.
> I find Java keytool to be reasonably easy to use. Is OpenSSL as easy
> to use ?
Yes.
p
> Thanks for any input.
>
> Pat
>
> On Jun 10, 2011, at 3:59 PM, Christopher Schultz wrote:
>
> Charles,
>
> On 6/10/2011 9:25 AM, Charles Van Damme wrote:
>>>> 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener
>>>> init
>>>> INFO: The APR based Apache Tomcat Native library which allows
>>>> optimal performance in production environments was not found on the
>>>> java.library.path: [...]
>
> FWIW, that's just an INFO message, but if you are going to be using
> SSL, you might want to go ahead and install the APR library: your
> performance will improve measurably. Note that <Connector>
> configuration for an APR connector using SSL is completely different
> if you choose to go this route.
>
> If you are not going to be using APR, you can disable the APR
> lifecycle listener because you aren't using it.
>
>>>> java.security.NoSuchAlgorithmException: RSA SSLContext not
>>>> available
>
> As Pid points out, it's pretty obvious that "RSA" is not a valid
> algorithm in this situation:
>
>>>> at
sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
>>>> at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
>>>> at
>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(
>>>> JSSESocketFactory.java:490)
>>>>
>
> So, it's an SSL configuration problem. Let's look at your SSL
> <Connector>:
>
>>>> <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector
>>>> on port
>>>> 443 -->
>>>> <Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
>>>> port="443"
>>>> maxThreads="150" scheme="https" secure="true"
>>>> SSLEnabled="true"
>>>> keystoreFile="C:/Documents and
Settings/Papa/.keystore"
>>>> keystorePass="changeit"
>>>> clientAuth="false" sslProtocol="RSA" />
>
> SO, you have sslProtocol="RSA"... seems like a good place to look. If
> you check the <Connector> documentation, you can see that there are
> only a few recognized protocols you can choose.
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
>
> Note that "protocol" refers to the protocol used for SSL, not for any
> specific cipher, key exchange strategy, etc. Unfortunately, the Tomcat
> documentation does not list all the available protocols, nor should
it:
> the protocols available to you are determined by JVM support.
>
> The Javadoc for javax.net.ssl.SSLContext.getInstance has a pointer to
> documentation for "standard names" (which takes you through several
> hops
> to) here:
> http://download.oracle.com/javase/6/docs/technotes/guides/security/Sta
> ndardNames.html#SSLContext
>
>
> Those are the valid ssl protocol names you can choose.
>
> If you want use only ciphers that use the RSA algorithm (which is
> really limiting, IMO), you can look up their names here (after
> scrolling a bit
> downward):
>
> http://download.oracle.com/javase/6/docs/technotes/guides/security/Sta
> ndardNames.html#jssenames
>
>
> Just look for stuff like SSL_DH_DSS_blah_blah_blah.
>
> Of course, support for a certain algorithm might not be available in
> your environment. It's best to find out what your JVM supports and use
> that.
>
> I wrote a short bit of code a while back to determine the supported
> algorithms and the default cipher suite for an SSLSocketFactory. I'll
> try to dig it up and post it.
>
>>>> <!-- Define an AJP 1.3 Connector on port 8009 -->
>>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
>>>> />
>
> If you aren't using AJP, then disable the extra connector.
>
>>>> Hoping you are not overwhelmed. Anything else ?
>
> You had other errors in the log file. After you get SSL working
> properly, stop Tomcat, delete all your logs and re-launch it. Anything
> that looks like an error should be investigated and fixed.
>
> Feel free to come back to the list for help on those additional
issues:
> just remember start a new thread if you do.
>
> -chris
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
>>
> Patrick Flaherty
> Rampage Systems Inc.
> 411 Waverley Oaks Rd.
> Suite 138
> Waltham, MA. 02452-8405
> 781-891-9400 x239
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
Posted by Pid <pi...@pidster.com>.
On 10/06/2011 21:29, Patrick Flaherty wrote:
> Hi,
>
> Is APR/native Connector dramatically faster then Java Nio Blocking
> Connector or is it marginal ?
APR+SSL is a little faster, if I remember correctly, Chris?
> I'd love faster SSL but all my keys and certs are java based (keytool).
> Will APR ever support Java SSL ?
No.
> I find Java keytool to be reasonably easy to use. Is OpenSSL as easy to
> use ?
Yes.
p
> Thanks for any input.
>
> Pat
>
> On Jun 10, 2011, at 3:59 PM, Christopher Schultz wrote:
>
> Charles,
>
> On 6/10/2011 9:25 AM, Charles Van Damme wrote:
>>>> 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener init
>>>> INFO: The APR based Apache Tomcat Native library which allows optimal
>>>> performance in production environments was not found on the
>>>> java.library.path: [...]
>
> FWIW, that's just an INFO message, but if you are going to be using SSL,
> you might want to go ahead and install the APR library: your performance
> will improve measurably. Note that <Connector> configuration for an APR
> connector using SSL is completely different if you choose to go this
> route.
>
> If you are not going to be using APR, you can disable the APR lifecycle
> listener because you aren't using it.
>
>>>> java.security.NoSuchAlgorithmException: RSA SSLContext not available
>
> As Pid points out, it's pretty obvious that "RSA" is not a valid
> algorithm in this situation:
>
>>>> at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
>>>> at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
>>>> at
>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:490)
>>>>
>
> So, it's an SSL configuration problem. Let's look at your SSL
> <Connector>:
>
>>>> <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on
>>>> port
>>>> 443 -->
>>>> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
>>>> port="443"
>>>> maxThreads="150" scheme="https" secure="true"
>>>> SSLEnabled="true"
>>>> keystoreFile="C:/Documents and Settings/Papa/.keystore"
>>>> keystorePass="changeit"
>>>> clientAuth="false" sslProtocol="RSA" />
>
> SO, you have sslProtocol="RSA"... seems like a good place to look. If
> you check the <Connector> documentation, you can see that there are only
> a few recognized protocols you can choose.
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
>
> Note that "protocol" refers to the protocol used for SSL, not for any
> specific cipher, key exchange strategy, etc. Unfortunately, the Tomcat
> documentation does not list all the available protocols, nor should it:
> the protocols available to you are determined by JVM support.
>
> The Javadoc for javax.net.ssl.SSLContext.getInstance has a pointer to
> documentation for "standard names" (which takes you through several hops
> to) here:
> http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext
>
>
> Those are the valid ssl protocol names you can choose.
>
> If you want use only ciphers that use the RSA algorithm (which is really
> limiting, IMO), you can look up their names here (after scrolling a bit
> downward):
>
> http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames
>
>
> Just look for stuff like SSL_DH_DSS_blah_blah_blah.
>
> Of course, support for a certain algorithm might not be available in
> your environment. It's best to find out what your JVM supports and use
> that.
>
> I wrote a short bit of code a while back to determine the supported
> algorithms and the default cipher suite for an SSLSocketFactory. I'll
> try to dig it up and post it.
>
>>>> <!-- Define an AJP 1.3 Connector on port 8009 -->
>>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
> If you aren't using AJP, then disable the extra connector.
>
>>>> Hoping you are not overwhelmed. Anything else ?
>
> You had other errors in the log file. After you get SSL working
> properly, stop Tomcat, delete all your logs and re-launch it. Anything
> that looks like an error should be investigated and fixed.
>
> Feel free to come back to the list for help on those additional issues:
> just remember start a new thread if you do.
>
> -chris
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
>>
> Patrick Flaherty
> Rampage Systems Inc.
> 411 Waverley Oaks Rd.
> Suite 138
> Waltham, MA. 02452-8405
> 781-891-9400 x239
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
Posted by Patrick Flaherty <pf...@rampageinc.com>.
Hi,
Is APR/native Connector dramatically faster then Java Nio Blocking
Connector or is it marginal ?
I'd love faster SSL but all my keys and certs are java based
(keytool). Will APR ever support Java SSL ?
I find Java keytool to be reasonably easy to use. Is OpenSSL as easy
to use ?
Thanks for any input.
Pat
On Jun 10, 2011, at 3:59 PM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Charles,
>
> On 6/10/2011 9:25 AM, Charles Van Damme wrote:
>> 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener
>> init
>> INFO: The APR based Apache Tomcat Native library which allows optimal
>> performance in production environments was not found on the
>> java.library.path: [...]
>
> FWIW, that's just an INFO message, but if you are going to be using
> SSL,
> you might want to go ahead and install the APR library: your
> performance
> will improve measurably. Note that <Connector> configuration for an
> APR
> connector using SSL is completely different if you choose to go
> this route.
>
> If you are not going to be using APR, you can disable the APR
> lifecycle
> listener because you aren't using it.
>
>> java.security.NoSuchAlgorithmException: RSA SSLContext not available
>
> As Pid points out, it's pretty obvious that "RSA" is not a valid
> algorithm in this situation:
>
>> at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
>> at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
>> at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext
>> (JSSESocketFactory.java:490)
>
> So, it's an SSL configuration problem. Let's look at your SSL
> <Connector>:
>
>> <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector
>> on port
>> 443 -->
>> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
>> port="443"
>> maxThreads="150" scheme="https" secure="true"
>> SSLEnabled="true"
>> keystoreFile="C:/Documents and Settings/
>> Papa/.keystore"
>> keystorePass="changeit"
>> clientAuth="false" sslProtocol="RSA" />
>
> SO, you have sslProtocol="RSA"... seems like a good place to look. If
> you check the <Connector> documentation, you can see that there are
> only
> a few recognized protocols you can choose.
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
>
> Note that "protocol" refers to the protocol used for SSL, not for any
> specific cipher, key exchange strategy, etc. Unfortunately, the Tomcat
> documentation does not list all the available protocols, nor should
> it:
> the protocols available to you are determined by JVM support.
>
> The Javadoc for javax.net.ssl.SSLContext.getInstance has a pointer to
> documentation for "standard names" (which takes you through several
> hops
> to) here:
> http://download.oracle.com/javase/6/docs/technotes/guides/security/
> StandardNames.html#SSLContext
>
> Those are the valid ssl protocol names you can choose.
>
> If you want use only ciphers that use the RSA algorithm (which is
> really
> limiting, IMO), you can look up their names here (after scrolling a
> bit
> downward):
>
> http://download.oracle.com/javase/6/docs/technotes/guides/security/
> StandardNames.html#jssenames
>
> Just look for stuff like SSL_DH_DSS_blah_blah_blah.
>
> Of course, support for a certain algorithm might not be available in
> your environment. It's best to find out what your JVM supports and
> use that.
>
> I wrote a short bit of code a while back to determine the supported
> algorithms and the default cipher suite for an SSLSocketFactory. I'll
> try to dig it up and post it.
>
>> <!-- Define an AJP 1.3 Connector on port 8009 -->
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
> If you aren't using AJP, then disable the extra connector.
>
>> Hoping you are not overwhelmed. Anything else ?
>
> You had other errors in the log file. After you get SSL working
> properly, stop Tomcat, delete all your logs and re-launch it. Anything
> that looks like an error should be investigated and fixed.
>
> Feel free to come back to the list for help on those additional
> issues:
> just remember start a new thread if you do.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk3yd5IACgkQ9CaO5/Lv0PCSwQCggfhTML/aJwMtBlw1pVJ+mJIt
> rg8AoJOrh9amZcTCiLFrXjZQtFRGQbd0
> =fu8H
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Patrick Flaherty
Rampage Systems Inc.
411 Waverley Oaks Rd.
Suite 138
Waltham, MA. 02452-8405
781-891-9400 x239
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Charles,
On 6/10/2011 9:25 AM, Charles Van Damme wrote:
> 10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener init
> INFO: The APR based Apache Tomcat Native library which allows optimal
> performance in production environments was not found on the
> java.library.path: [...]
FWIW, that's just an INFO message, but if you are going to be using SSL,
you might want to go ahead and install the APR library: your performance
will improve measurably. Note that <Connector> configuration for an APR
connector using SSL is completely different if you choose to go this route.
If you are not going to be using APR, you can disable the APR lifecycle
listener because you aren't using it.
> java.security.NoSuchAlgorithmException: RSA SSLContext not available
As Pid points out, it's pretty obvious that "RSA" is not a valid
algorithm in this situation:
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
> at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:490)
So, it's an SSL configuration problem. Let's look at your SSL <Connector>:
> <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port
> 443 -->
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
> port="443"
> maxThreads="150" scheme="https" secure="true"
> SSLEnabled="true"
> keystoreFile="C:/Documents and Settings/Papa/.keystore"
> keystorePass="changeit"
> clientAuth="false" sslProtocol="RSA" />
SO, you have sslProtocol="RSA"... seems like a good place to look. If
you check the <Connector> documentation, you can see that there are only
a few recognized protocols you can choose.
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
Note that "protocol" refers to the protocol used for SSL, not for any
specific cipher, key exchange strategy, etc. Unfortunately, the Tomcat
documentation does not list all the available protocols, nor should it:
the protocols available to you are determined by JVM support.
The Javadoc for javax.net.ssl.SSLContext.getInstance has a pointer to
documentation for "standard names" (which takes you through several hops
to) here:
http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext
Those are the valid ssl protocol names you can choose.
If you want use only ciphers that use the RSA algorithm (which is really
limiting, IMO), you can look up their names here (after scrolling a bit
downward):
http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames
Just look for stuff like SSL_DH_DSS_blah_blah_blah.
Of course, support for a certain algorithm might not be available in
your environment. It's best to find out what your JVM supports and use that.
I wrote a short bit of code a while back to determine the supported
algorithms and the default cipher suite for an SSLSocketFactory. I'll
try to dig it up and post it.
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
If you aren't using AJP, then disable the extra connector.
> Hoping you are not overwhelmed. Anything else ?
You had other errors in the log file. After you get SSL working
properly, stop Tomcat, delete all your logs and re-launch it. Anything
that looks like an error should be investigated and fixed.
Feel free to come back to the list for help on those additional issues:
just remember start a new thread if you do.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3yd5IACgkQ9CaO5/Lv0PCSwQCggfhTML/aJwMtBlw1pVJ+mJIt
rg8AoJOrh9amZcTCiLFrXjZQtFRGQbd0
=fu8H
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
Posted by Sriram Narayanan <sr...@gmail.com>.
Charles, you are facing multiple problems here. One is with the RSA,
and the other is with starting Tomcat instances.
On Fri, Jun 10, 2011 at 8:48 PM, Charles Van Damme <ch...@gmail.com> wrote:
<snip/>
> At which moment does NetBeans start the Tomcat server ?
> If I operate a shutdown.bat and a startup.bat from start > Cmd , how does it
> interfere with the Tomcat server thread started up by NetBeans ?
Regardless of how you start Tomcat (batch file or within Netbeans), if
you start Tomcat with the default config and get it to bind to port
443, then the operating system will give it port 443.
If you now start another Tomcat instance, and get that too to bind to
port 443, then the OS will tell this second Tomcat that the port is
already in use.
This is why you see "Starting of Tomcat failed, the server port 443 is
already in use."
You need to run exactly one Tomcat instance on port 443 for now. As
you get more familiar with Tomcat, you'll be able to do interesting
things like work with SSL on ports other than 443 (and there by run
multiple Tomcat instances serving SSL, etc).
>
> Thanks.
> Chavadam
>
>
-- Sriram
--
==================
Belenix: www.belenix.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
Posted by Charles Van Damme <ch...@gmail.com>.
Dear Pid,
Yes, RSA fails, and I'm wondering why.
Meantime, in 'server.xml' (see my previous email sending, I changed RSA by
TLS. Only that.
Output tabs :
1.1) Tomcat 7.0 :
Using CATALINA_BASE: "C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11"
Using CATALINA_HOME: "C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11"
Using CATALINA_TMPDIR: "C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11\temp"
Using JRE_HOME: "C:\Program Files\Java\jdk1.6.0_22"
Using CLASSPATH: "C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11\bin\bootstrap.jar;C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11\bin\tomcat-juli.jar"
10-jun-2011 17:13:56 org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path: C:\Program
Files\Java\jdk1.6.0_22\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\System32\Wbem;C:\Program
Files\Java\jdk1.6.0_22\bin;C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11
10-jun-2011 17:13:57 org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-nio-443"]
10-jun-2011 17:13:57 org.apache.coyote.AbstractProtocolHandler init
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-nio-443"]
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at
sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at
sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at
com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at
com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:568)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:479)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
at
org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
10-jun-2011 17:13:57 org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector
[Connector[org.apache.coyote.http11.Http11NioProtocol-443]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at
sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at
sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at
com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at
com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:568)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:479)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
at
org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
... 13 more
10-jun-2011 17:13:57 org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
10-jun-2011 17:13:57 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1384 ms
10-jun-2011 17:13:57 org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
10-jun-2011 17:13:57 org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.11
10-jun-2011 17:13:57 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor ROOT.xml from C:\Program
Files\ApacheSoftwFound\Apache Tomcat 7.0.11\conf\Catalina\localhost
10-jun-2011 17:13:58 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor Opinion.xml from C:\Program
Files\ApacheSoftwFound\Apache Tomcat 7.0.11\conf\Catalina\localhost
10-jun-2011 17:13:58 org.apache.catalina.core.StandardContext resourcesStart
SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Document base C:\Documents and
Settings\Papa\My Documents\Applic Program\eId Applet\build\web does not
exist or is not a readable directory
at
org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:140)
at
org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4794)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4974)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:812)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:787)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:607)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:633)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:558)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:468)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1305)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:89)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:379)
at
org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:324)
at
org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1041)
at
org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:774)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at
org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1033)
at
org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:291)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at
org.apache.catalina.core.StandardService.startInternal(StandardService.java:443)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:727)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.startup.Catalina.start(Catalina.java:620)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:303)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
10-jun-2011 17:13:58 org.apache.catalina.core.StandardContext startInternal
SEVERE: Error in resourceStart()
10-jun-2011 17:13:58 org.apache.catalina.core.StandardContext startInternal
SEVERE: Error getConfigured
10-jun-2011 17:13:58 org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/Opinion] startup failed due to previous errors
10-jun-2011 17:13:58 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor Test1.xml from C:\Program
Files\ApacheSoftwFound\Apache Tomcat 7.0.11\conf\Catalina\localhost
10-jun-2011 17:13:58 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
10-jun-2011 17:13:58 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
10-jun-2011 17:13:58 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory manager
10-jun-2011 17:13:58 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory host-manager
10-jun-2011 17:13:59 org.apache.coyote.AbstractProtocolHandler start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
10-jun-2011 17:13:59 org.apache.catalina.startup.Catalina start
INFO: Server startup in 1246 ms
1.2) Test1 (run)
init:
deps-module-jar:
deps-ear-jar:
deps-jar:
library-inclusion-in-archive:
library-inclusion-in-manifest:
compile:
compile-jsps:
Starting of Tomcat failed, the server port 443 is already in use.
C:\Documents and Settings\Papa\My Documents\Applic
Program\JSP\VDAB\Test1\nbproject\build-impl.xml:718:
Deployment error:
Starting of Tomcat failed, the server port 443 is already in use.
See the server log for details.
at
org.netbeans.modules.j2ee.deployment.devmodules.api.Deployment.deploy(Deployment.java:200)
at org.netbeans.modules.j2ee.ant.Deploy.execute(Deploy.java:106)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291)
at sun.reflect.GeneratedMethodAccessor93.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:390)
at org.apache.tools.ant.Target.performTasks(Target.java:411)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399)
at org.apache.tools.ant.Project.executeTarget(Project.java:1368)
at
org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
at org.apache.tools.ant.Project.executeTargets(Project.java:1251)
at
org.apache.tools.ant.module.bridge.impl.BridgeImpl.run(BridgeImpl.java:284)
at
org.apache.tools.ant.module.run.TargetExecutor.run(TargetExecutor.java:539)
at
org.netbeans.core.execution.RunClassThread.run(RunClassThread.java:154)
BUILD FAILED (total time: 4 seconds)
At which moment does NetBeans start the Tomcat server ?
If I operate a shutdown.bat and a startup.bat from start > Cmd , how does it
interfere with the Tomcat server thread started up by NetBeans ?
Thanks.
Chavadam
On Fri, Jun 10, 2011 at 4:45 PM, Pid <pi...@pidster.com> wrote:
> On 10/06/2011 14:25, Charles Van Damme wrote:
> > java.security.NoSuchAlgorithmException: RSA SSLContext not available
>
> It seems pretty clear that "RSA" isn't accepted by Java as a valid
> algorithm.
>
>
> p
>
>
>
Re: My web application to use SSL (JSSE - RSA)
Posted by Pid <pi...@pidster.com>.
On 10/06/2011 14:25, Charles Van Damme wrote:
> java.security.NoSuchAlgorithmException: RSA SSLContext not available
It seems pretty clear that "RSA" isn't accepted by Java as a valid
algorithm.
p
Re: My web application to use SSL (JSSE - RSA)
Posted by Charles Van Damme <ch...@gmail.com>.
OK Christopher:
1) Output tabs of NetBeans IDE
1.1) Tomcat 7.0 :
Using CATALINA_BASE: "C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11"
Using CATALINA_HOME: "C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11"
Using CATALINA_TMPDIR: "C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11\temp"
Using JRE_HOME: "C:\Program Files\Java\jdk1.6.0_22"
Using CLASSPATH: "C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11\bin\bootstrap.jar;C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11\bin\tomcat-juli.jar"
10-jun-2011 15:14:11 org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path: C:\Program
Files\Java\jdk1.6.0_22\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\System32\Wbem;C:\Program
Files\Java\jdk1.6.0_22\bin;C:\Program Files\ApacheSoftwFound\Apache Tomcat
7.0.11
10-jun-2011 15:14:11 org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-nio-443"]
10-jun-2011 15:14:12 org.apache.coyote.AbstractProtocolHandler init
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-nio-443"]
java.security.NoSuchAlgorithmException: RSA SSLContext not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:490)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:478)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
at
org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
10-jun-2011 15:14:12 org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector
[Connector[org.apache.coyote.http11.Http11NioProtocol-443]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
Caused by: java.security.NoSuchAlgorithmException: RSA SSLContext not
available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:490)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:478)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
at
org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
... 13 more
10-jun-2011 15:14:12 org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
10-jun-2011 15:14:12 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1569 ms
10-jun-2011 15:14:12 org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
10-jun-2011 15:14:12 org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.11
10-jun-2011 15:14:12 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor ROOT.xml from C:\Program
Files\ApacheSoftwFound\Apache Tomcat 7.0.11\conf\Catalina\localhost
10-jun-2011 15:14:12 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor Opinion.xml from C:\Program
Files\ApacheSoftwFound\Apache Tomcat 7.0.11\conf\Catalina\localhost
10-jun-2011 15:14:12 org.apache.catalina.core.StandardContext resourcesStart
SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Document base C:\Documents and
Settings\Papa\My Documents\Applic Program\eId Applet\build\web does not
exist or is not a readable directory
at
org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:140)
at
org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4794)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4974)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:812)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:787)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:607)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:633)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:558)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:468)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1305)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:89)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:379)
at
org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:324)
at
org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1041)
at
org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:774)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at
org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1033)
at
org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:291)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at
org.apache.catalina.core.StandardService.startInternal(StandardService.java:443)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:727)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.startup.Catalina.start(Catalina.java:620)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:303)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
10-jun-2011 15:14:13 org.apache.catalina.core.StandardContext startInternal
SEVERE: Error in resourceStart()
10-jun-2011 15:14:13 org.apache.catalina.core.StandardContext startInternal
SEVERE: Error getConfigured
10-jun-2011 15:14:13 org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/Opinion] startup failed due to previous errors
10-jun-2011 15:14:13 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor Test1.xml from C:\Program
Files\ApacheSoftwFound\Apache Tomcat 7.0.11\conf\Catalina\localhost
10-jun-2011 15:14:13 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
10-jun-2011 15:14:13 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
10-jun-2011 15:14:13 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory manager
10-jun-2011 15:14:13 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory host-manager
10-jun-2011 15:14:13 org.apache.coyote.AbstractProtocolHandler start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
10-jun-2011 15:14:13 org.apache.catalina.startup.Catalina start
INFO: Server startup in 1205 ms
1.2) Test1 (run)
init:
deps-module-jar:
deps-ear-jar:
deps-jar:
library-inclusion-in-archive:
library-inclusion-in-manifest:
compile:
compile-jsps:
Starting Tomcat process...
Waiting for Tomcat...
Starting of Tomcat failed.
C:\Documents and Settings\Papa\My Documents\Applic
Program\JSP\VDAB\Test1\nbproject\build-impl.xml:718:
Deployment error:
Starting of Tomcat failed.
See the server log for details.
at
org.netbeans.modules.j2ee.deployment.devmodules.api.Deployment.deploy(Deployment.java:200)
at org.netbeans.modules.j2ee.ant.Deploy.execute(Deploy.java:106)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291)
at sun.reflect.GeneratedMethodAccessor53.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:390)
at org.apache.tools.ant.Target.performTasks(Target.java:411)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399)
at org.apache.tools.ant.Project.executeTarget(Project.java:1368)
at
org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
at org.apache.tools.ant.Project.executeTargets(Project.java:1251)
at
org.apache.tools.ant.module.bridge.impl.BridgeImpl.run(BridgeImpl.java:284)
at
org.apache.tools.ant.module.run.TargetExecutor.run(TargetExecutor.java:539)
at
org.netbeans.core.execution.RunClassThread.run(RunClassThread.java:154)
BUILD FAILED (total time: 3 minutes 4 seconds)
2) My server.xml file (Modified only at the "Connectors ..." place)
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at
/docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more
named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking &
non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<!--
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- A "Connector" using the shared thread pool -->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration.
When using APR, the connector should be using the OpenSSL
style configuration described in the APR documentation
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port
443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443"
maxThreads="150" scheme="https" secure="true"
SSLEnabled="true"
keystoreFile="C:/Documents and Settings/Papa/.keystore"
keystorePass="changeit"
clientAuth="false" sslProtocol="RSA" />
<!-- Define a APR SSL Coyote HTTP/1.1 Connector on port 443
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="443"
maxThreads="200" scheme="https" secure="true"
SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="optional" SSLProtocol="TLSv1" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that
processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes
them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web
applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common"
-->
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b"
resolveHosts="false"/>
</Host>
</Engine>
</Service>
</Server>
Hoping you are not overwhelmed. Anything else ?
Many thanks for trying to help me.
Chavadam
On Thu, Jun 9, 2011 at 6:27 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Charles,
>
> On 6/8/2011 3:03 PM, Charles Van Damme wrote:
> > 1) I'm trying first with JSSE. Please see <!-- Connectors ... in my
> > server.xml file.
>
> Attachments stripped again. Please copy/paste into the message.
>
> > 2) How can I prevent my NetBeans IDE to start a Tomcat server ?
> > To run and stop Tomcat "separately", I figure that you mean start > Cmd >
> > C:\Program Files\apache-tomcat-7.0.11\bin\startup.bat and shutdown.bat
>
> That is generally the proper way to start and stop Tomcat.
>
> > 3) What do I have to do to avoid that it grumbles when I try to use RSA ?
>
> Can you post your log files from after an unsuccessful startup? Remember
> that attaching them might not work well (though plain-text does tend to
> get through).
>
> There are many things that can go wrong when configuring SSL. We will
> need to see your configuration and the actual error you get in order to
> help diagnose.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk3w9GsACgkQ9CaO5/Lv0PBv8gCfVWGz7PygOoAsqzQt/PLBvHIj
> 5iwAn1S1+V6q02LmPskk8VCyg0ZSxkbJ
> =sJdR
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: My web application to use SSL (JSSE - RSA)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Charles,
On 6/8/2011 3:03 PM, Charles Van Damme wrote:
> 1) I'm trying first with JSSE. Please see <!-- Connectors ... in my
> server.xml file.
Attachments stripped again. Please copy/paste into the message.
> 2) How can I prevent my NetBeans IDE to start a Tomcat server ?
> To run and stop Tomcat "separately", I figure that you mean start > Cmd >
> C:\Program Files\apache-tomcat-7.0.11\bin\startup.bat and shutdown.bat
That is generally the proper way to start and stop Tomcat.
> 3) What do I have to do to avoid that it grumbles when I try to use RSA ?
Can you post your log files from after an unsuccessful startup? Remember
that attaching them might not work well (though plain-text does tend to
get through).
There are many things that can go wrong when configuring SSL. We will
need to see your configuration and the actual error you get in order to
help diagnose.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3w9GsACgkQ9CaO5/Lv0PBv8gCfVWGz7PygOoAsqzQt/PLBvHIj
5iwAn1S1+V6q02LmPskk8VCyg0ZSxkbJ
=sJdR
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: My web application to use SSL (JSSE - RSA)
Posted by Charles Van Damme <ch...@gmail.com>.
Dear,
1) I'm trying first with JSSE. Please see <!-- Connectors ... in my
server.xml file.
2) How can I prevent my NetBeans IDE to start a Tomcat server ?
To run and stop Tomcat "separately", I figure that you mean start > Cmd >
C:\Program Files\apache-tomcat-7.0.11\bin\startup.bat and shutdown.bat
3) What do I have to do to avoid that it grumbles when I try to use RSA ?
Thanks
Ch
On Wed, Jun 8, 2011 at 7:05 PM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:
> > From: Charles Van Damme [mailto:chavadam@gmail.com]
> > Subject: My web application to use SSL (JSSE - RSA)
>
> > I'm trying to get my first applic using SSL started. I read
> > therefor SSL Configuration HOW-TO n times.
>
> Including the part about there being *two* SSL mechanisms? Which one are
> you actually using, APR or pure Java?
>
> > When I compile and run my 'Test1' applic inside the IDE
>
> When diagnosing problems, simplify the environment as much as possible: get
> the IDE out of the picture. Go ahead and build your webapp with the IDE,
> but run Tomcat separately. IDEs have a nasty habit of using their own
> configurations for servers, ignoring what you think you've got set.
>
> > Pls, see a copy of my 'Tomcat 7.0' output window in the attached
> > WordPad file (8-jun-2011 18:05:11 Tomcat issue.rtf).
>
> Stripped, thankfully. (See below about viruses.)
>
> > Why doesn't Apache Tomcat use a usual forum application on a
> > website for all his support questions ?
>
> Because forums are crap.
>
> > My mailbox is getting quickly much too full ...
>
> Learn where the delete key is.
>
> > No provision for "Quote" neither "Code" inserts ...
>
> Or viruses. Messages are all in plain text.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
RE: My web application to use SSL (JSSE - RSA)
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Charles Van Damme [mailto:chavadam@gmail.com]
> Subject: My web application to use SSL (JSSE - RSA)
> I'm trying to get my first applic using SSL started. I read
> therefor SSL Configuration HOW-TO n times.
Including the part about there being *two* SSL mechanisms? Which one are you actually using, APR or pure Java?
> When I compile and run my 'Test1' applic inside the IDE
When diagnosing problems, simplify the environment as much as possible: get the IDE out of the picture. Go ahead and build your webapp with the IDE, but run Tomcat separately. IDEs have a nasty habit of using their own configurations for servers, ignoring what you think you've got set.
> Pls, see a copy of my 'Tomcat 7.0' output window in the attached
> WordPad file (8-jun-2011 18:05:11 Tomcat issue.rtf).
Stripped, thankfully. (See below about viruses.)
> Why doesn't Apache Tomcat use a usual forum application on a
> website for all his support questions ?
Because forums are crap.
> My mailbox is getting quickly much too full ...
Learn where the delete key is.
> No provision for "Quote" neither "Code" inserts ...
Or viruses. Messages are all in plain text.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org