You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kleber <kv...@f2b.com.br> on 2003/09/17 22:01:20 UTC
peer not authenticated
Hi,
My name is Kleber, I am brazilian and I have a problem with Tomcat certificates(if someone could help me, I would be grateful).
I was trying to place Tomcat certificate 4.1.27, however I've just had a certificate, because nowadays I'm using Orion server.
I have one file called keystore and another '.cer'.
I had created a HTTP connection using port 443 and I have used the path from the keystore file. Till this point, everything was working well, the Tomcat was starting normally. When I open a website that use a 'secure encryption', it is loaded normally, however, a error message apears on DOS:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
I had created an keystore file from the beginning, even so the same message error has apeared. I also have tried to import, without sucess, the content from my .cer file to an empty keystore file.
Where was I messing up?
Since now I´m thankful for your help and I´m waiting for an aswer.
[]´s
Kleber
(tomcat 4) absolute links in dir listing
Posted by "P.van Kemenade" <pi...@kw.nl>.
Hi
I'm building an 'agent' in front of our http filesystem.
it checks every request, does some smart things and
dispatches to the file requested in DefaultServlet.
if I dispatch to a directory, the DefaultServlet returns
a dirlisting. I like this a lot. but the links in it are abolute
links, so the next click bypasses my agent.
'plain' Apache uses relative links. why did tomcat4
decide not to do that ?
any easy way I can turn it off ? (without .. rebuilding DefaultServlet
:-)
thanks,
*-pike
============
Internet search engines that take money from Web sites in exchange for
prominent placement should make that practice clearer to Web users,
federal regulators said Friday.Many search engine Web sites, including
AltaVista, LookSmart and AOL Search, give preferred placement to paid
advertisers. The Federal Trade Commission said that prime space can
confuse Web users who are looking for the best response to their
search, rather than ads for sites that paid up front.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
(tomcat 4) absolute links in dir listing
Posted by "P.van Kemenade" <pi...@kw.nl>.
Hi
I'm building an 'agent' in front of our http filesystem.
it checks every request, does some smart things and
dispatches to the file requested in DefaultServlet.
if I dispatch to a directory, the DefaultServlet returns
a dirlisting. I like this a lot. but the links in it are abolute
links, so the next click bypasses my agent.
'plain' Apache uses relative links. why did tomcat4
decide not to do that ?
any easy way I can turn it off ? (without .. rebuilding DefaultServlet
:-)
thanks,
*-pike
============
Internet search engines that take money from Web sites in exchange for
prominent placement should make that practice clearer to Web users,
federal regulators said Friday.Many search engine Web sites, including
AltaVista, LookSmart and AOL Search, give preferred placement to paid
advertisers. The Federal Trade Commission said that prime space can
confuse Web users who are looking for the best response to their
search, rather than ads for sites that paid up front.
Re: peer not authenticated
Posted by Kleber <kv...@f2b.com.br>.
Hi...
It is truth, I had installed 4.1.24 version and it haven't occured any
error. It seems that 4.1.27 version is quite unstable yet.
I´m thankful for your help,
[]'s
Kleber
----- Original Message -----
From: "Bill Barker" <wb...@wilshire.com>
To: <to...@jakarta.apache.org>
Sent: Saturday, September 20, 2003 3:06 AM
Subject: Re: peer not authenticated
> a) Grab the JSSESupport.java file from the CVS (using the coyote_10
branch),
> and compile it into server/classes.
> b) wait for the 4.1.28 release.
>
> "Kleber" <kv...@f2b.com.br> wrote in message
> news:001101c37edf$c06a3ae0$a500a8c0@kleber...
> > Hi,
> >
> > Thanks again for your attention, and help...
> >
> > I'm with a doubt. You said that there was nothing wrong, however the
> warning
> > message always appears. Won't this leave the webpage slower with lots of
> > person accessing it?
> > Is there any way to avoid this message appearing?
> > I can´t leave this messages appears.
> >
> > []'s
> > Kleber
> >
> >
> > ----- Original Message -----
> > From: "Bill Barker" <wb...@wilshire.com>
> > To: <to...@jakarta.apache.org>
> > Sent: Friday, September 19, 2003 1:25 AM
> > Subject: Re: peer not authenticated
> >
> >
> > > It looks like I fixed it after 4.1.27. The message you are seeing is
> > simply
> > > a debugging message that got left in the code. It doesn't mean that
> there
> > > is anything wrong with your keystore, or even that anything unusual is
> > > happening. All that it is saying is the the browser didn't send a
> > > certificate (which is normal when you have clientAuth="false").
> > >
> > > "Kleber" <kv...@f2b.com.br> wrote in message
> > > news:01bf01c37df4$98b1fec0$a500a8c0@kleber...
> > > > Hi Bill,
> > > >
> > > > For a test, I created a new keystore file that use the keytool from
> > java:
> > > > %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
> > > > the password is: "kleber"
> > > >
> > > > My server.xml file is like this:
> > > > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> > > > redirectPort="443" bufferSize="2048"
> > > > serverSocketTimeout="0" connectionUploadTimeout="300000"
> > > port="443"
> > > > connectionTimeout="60000"
> > > > scheme="https" enableLookups="true" secure="true"
> > > > protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
> > > > debug="0" maxKeepAliveRequests="100"
> disableUploadTimeout="true"
> > > > proxyPort="0"
> > > > maxProcessors="75" minProcessors="5" tcpNoDelay="true"
> > > > acceptCount="100"
> > > > useURIValidationHack="false" compression="off"
> > > > connectionLinger="-1">
> > > > <Factory
> > > > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> > > > rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
> > > > keystorePass="kleber" clientAuth="false"
> > > > randomFile="C:\WINDOWS\random.pem"
> > > > keystoreFile="c:\Tomcat\keystore\.keystore"
> > > protocol="TLS"/>
> > > > </Connector>
> > > >
> > > > As I ever had said, the page with https:// load normally at the
> browser,
> > > > however at DOS windows appears this error:
> > > >
> > > > [WARN] Http11Processor - -Exception getting SSL attributes
> > > > <javax.net.ssl.SSLPeerUnverifiedException: peer not
> > > > authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
> > > > authenticated
> > > > at
> > > >
> > >
> >
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
> > > > 75)
> > > > at
> > > >
> > >
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
> > > > java:113)
> > > > at
> > > >
> > >
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
> > > > ort.java:161)
> > > > at
> > > >
> >
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
> > > > at org.apache.coyote.Response.action(Response.java:222)
> > > > at
> > > >
> > >
> >
>
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
> > > > 321)
> > > > at
> > > >
> org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
> > > > at
> > > >
> >
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
> > > > at
> > > >
> > >
> >
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
> > > > ction(Http11Protocol.java:392)
> > > > at
> > > >
> >
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
> > > > at
> > > >
> > >
> >
>
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
> > > > a:619)
> > > > at java.lang.Thread.run(Thread.java:484)
> > > >
> > > > I'm also attaching my keystore file
> > > >
> > > > I´m thankful for your attention...
> > > > Kleber
> > > >
> > > > ----- Original Message -----
> > > > From: "Bill Barker" <wb...@wilshire.com>
> > > > To: <to...@jakarta.apache.org>
> > > > Sent: Thursday, September 18, 2003 12:03 AM
> > > > Subject: Re: peer not authenticated
> > > >
> > > >
> > > > > That message is supposed to be only logged at 'debug' level.
Could
> > you
> > > > post
> > > > > more of the stack trace, so I can see how to plug this message
under
> > > > normal
> > > > > use?
> > > > >
> > > > > The error itself is harmless (it's just telling you that the user
> > didn't
> > > > > send a client cert, which is normal).
> > > > >
> > > > > "Kleber" <kv...@f2b.com.br> wrote in message
> > > > > news:005801c37d56$76681d20$a500a8c0@kleber...
> > > > > Hi,
> > > > >
> > > > > My name is Kleber, I am brazilian and I have a problem with Tomcat
> > > > > certificates(if someone could help me, I would be grateful).
> > > > > I was trying to place Tomcat certificate 4.1.27, however I've
just
> > had
> > > a
> > > > > certificate, because nowadays I'm using Orion server.
> > > > > I have one file called keystore and another '.cer'.
> > > > >
> > > > > I had created a HTTP connection using port 443 and I have used the
> > path
> > > > from
> > > > > the keystore file. Till this point, everything was working well,
the
> > > > Tomcat
> > > > > was starting normally. When I open a website that use a 'secure
> > > > encryption',
> > > > > it is loaded normally, however, a error message apears on DOS:
> > > > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> > > > >
> > > > > I had created an keystore file from the beginning, even so the
same
> > > > message
> > > > > error has apeared. I also have tried to import, without sucess,
the
> > > > content
> > > > > from my .cer file to an empty keystore file.
> > > > >
> > > > > Where was I messing up?
> > > > >
> > > > > Since now I´m thankful for your help and I´m waiting for an aswer.
> > > > > []´s
> > > > > Kleber
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > > > For additional commands, e-mail:
tomcat-user-help@jakarta.apache.org
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
> --------------------------------------------------------------------------
> > --
> > > ----
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
Re: peer not authenticated
Posted by Kleber <kv...@f2b.com.br>.
Hi...
It is truth, I had installed 4.1.24 version and it haven't occured any
error. It seems that 4.1.27 version is quite unstable yet.
I´m thankful for your help,
[]'s
Kleber
----- Original Message -----
From: "Bill Barker" <wb...@wilshire.com>
To: <to...@jakarta.apache.org>
Sent: Saturday, September 20, 2003 3:06 AM
Subject: Re: peer not authenticated
> a) Grab the JSSESupport.java file from the CVS (using the coyote_10
branch),
> and compile it into server/classes.
> b) wait for the 4.1.28 release.
>
> "Kleber" <kv...@f2b.com.br> wrote in message
> news:001101c37edf$c06a3ae0$a500a8c0@kleber...
> > Hi,
> >
> > Thanks again for your attention, and help...
> >
> > I'm with a doubt. You said that there was nothing wrong, however the
> warning
> > message always appears. Won't this leave the webpage slower with lots of
> > person accessing it?
> > Is there any way to avoid this message appearing?
> > I can´t leave this messages appears.
> >
> > []'s
> > Kleber
> >
> >
> > ----- Original Message -----
> > From: "Bill Barker" <wb...@wilshire.com>
> > To: <to...@jakarta.apache.org>
> > Sent: Friday, September 19, 2003 1:25 AM
> > Subject: Re: peer not authenticated
> >
> >
> > > It looks like I fixed it after 4.1.27. The message you are seeing is
> > simply
> > > a debugging message that got left in the code. It doesn't mean that
> there
> > > is anything wrong with your keystore, or even that anything unusual is
> > > happening. All that it is saying is the the browser didn't send a
> > > certificate (which is normal when you have clientAuth="false").
> > >
> > > "Kleber" <kv...@f2b.com.br> wrote in message
> > > news:01bf01c37df4$98b1fec0$a500a8c0@kleber...
> > > > Hi Bill,
> > > >
> > > > For a test, I created a new keystore file that use the keytool from
> > java:
> > > > %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
> > > > the password is: "kleber"
> > > >
> > > > My server.xml file is like this:
> > > > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> > > > redirectPort="443" bufferSize="2048"
> > > > serverSocketTimeout="0" connectionUploadTimeout="300000"
> > > port="443"
> > > > connectionTimeout="60000"
> > > > scheme="https" enableLookups="true" secure="true"
> > > > protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
> > > > debug="0" maxKeepAliveRequests="100"
> disableUploadTimeout="true"
> > > > proxyPort="0"
> > > > maxProcessors="75" minProcessors="5" tcpNoDelay="true"
> > > > acceptCount="100"
> > > > useURIValidationHack="false" compression="off"
> > > > connectionLinger="-1">
> > > > <Factory
> > > > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> > > > rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
> > > > keystorePass="kleber" clientAuth="false"
> > > > randomFile="C:\WINDOWS\random.pem"
> > > > keystoreFile="c:\Tomcat\keystore\.keystore"
> > > protocol="TLS"/>
> > > > </Connector>
> > > >
> > > > As I ever had said, the page with https:// load normally at the
> browser,
> > > > however at DOS windows appears this error:
> > > >
> > > > [WARN] Http11Processor - -Exception getting SSL attributes
> > > > <javax.net.ssl.SSLPeerUnverifiedException: peer not
> > > > authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
> > > > authenticated
> > > > at
> > > >
> > >
> >
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
> > > > 75)
> > > > at
> > > >
> > >
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
> > > > java:113)
> > > > at
> > > >
> > >
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
> > > > ort.java:161)
> > > > at
> > > >
> >
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
> > > > at org.apache.coyote.Response.action(Response.java:222)
> > > > at
> > > >
> > >
> >
>
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
> > > > 321)
> > > > at
> > > >
> org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
> > > > at
> > > >
> >
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
> > > > at
> > > >
> > >
> >
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
> > > > ction(Http11Protocol.java:392)
> > > > at
> > > >
> >
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
> > > > at
> > > >
> > >
> >
>
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
> > > > a:619)
> > > > at java.lang.Thread.run(Thread.java:484)
> > > >
> > > > I'm also attaching my keystore file
> > > >
> > > > I´m thankful for your attention...
> > > > Kleber
> > > >
> > > > ----- Original Message -----
> > > > From: "Bill Barker" <wb...@wilshire.com>
> > > > To: <to...@jakarta.apache.org>
> > > > Sent: Thursday, September 18, 2003 12:03 AM
> > > > Subject: Re: peer not authenticated
> > > >
> > > >
> > > > > That message is supposed to be only logged at 'debug' level.
Could
> > you
> > > > post
> > > > > more of the stack trace, so I can see how to plug this message
under
> > > > normal
> > > > > use?
> > > > >
> > > > > The error itself is harmless (it's just telling you that the user
> > didn't
> > > > > send a client cert, which is normal).
> > > > >
> > > > > "Kleber" <kv...@f2b.com.br> wrote in message
> > > > > news:005801c37d56$76681d20$a500a8c0@kleber...
> > > > > Hi,
> > > > >
> > > > > My name is Kleber, I am brazilian and I have a problem with Tomcat
> > > > > certificates(if someone could help me, I would be grateful).
> > > > > I was trying to place Tomcat certificate 4.1.27, however I've
just
> > had
> > > a
> > > > > certificate, because nowadays I'm using Orion server.
> > > > > I have one file called keystore and another '.cer'.
> > > > >
> > > > > I had created a HTTP connection using port 443 and I have used the
> > path
> > > > from
> > > > > the keystore file. Till this point, everything was working well,
the
> > > > Tomcat
> > > > > was starting normally. When I open a website that use a 'secure
> > > > encryption',
> > > > > it is loaded normally, however, a error message apears on DOS:
> > > > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> > > > >
> > > > > I had created an keystore file from the beginning, even so the
same
> > > > message
> > > > > error has apeared. I also have tried to import, without sucess,
the
> > > > content
> > > > > from my .cer file to an empty keystore file.
> > > > >
> > > > > Where was I messing up?
> > > > >
> > > > > Since now I´m thankful for your help and I´m waiting for an aswer.
> > > > > []´s
> > > > > Kleber
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > > > For additional commands, e-mail:
tomcat-user-help@jakarta.apache.org
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
> --------------------------------------------------------------------------
> > --
> > > ----
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: peer not authenticated
Posted by Bill Barker <wb...@wilshire.com>.
a) Grab the JSSESupport.java file from the CVS (using the coyote_10 branch),
and compile it into server/classes.
b) wait for the 4.1.28 release.
"Kleber" <kv...@f2b.com.br> wrote in message
news:001101c37edf$c06a3ae0$a500a8c0@kleber...
> Hi,
>
> Thanks again for your attention, and help...
>
> I'm with a doubt. You said that there was nothing wrong, however the
warning
> message always appears. Won't this leave the webpage slower with lots of
> person accessing it?
> Is there any way to avoid this message appearing?
> I can�t leave this messages appears.
>
> []'s
> Kleber
>
>
> ----- Original Message -----
> From: "Bill Barker" <wb...@wilshire.com>
> To: <to...@jakarta.apache.org>
> Sent: Friday, September 19, 2003 1:25 AM
> Subject: Re: peer not authenticated
>
>
> > It looks like I fixed it after 4.1.27. The message you are seeing is
> simply
> > a debugging message that got left in the code. It doesn't mean that
there
> > is anything wrong with your keystore, or even that anything unusual is
> > happening. All that it is saying is the the browser didn't send a
> > certificate (which is normal when you have clientAuth="false").
> >
> > "Kleber" <kv...@f2b.com.br> wrote in message
> > news:01bf01c37df4$98b1fec0$a500a8c0@kleber...
> > > Hi Bill,
> > >
> > > For a test, I created a new keystore file that use the keytool from
> java:
> > > %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
> > > the password is: "kleber"
> > >
> > > My server.xml file is like this:
> > > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> > > redirectPort="443" bufferSize="2048"
> > > serverSocketTimeout="0" connectionUploadTimeout="300000"
> > port="443"
> > > connectionTimeout="60000"
> > > scheme="https" enableLookups="true" secure="true"
> > > protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
> > > debug="0" maxKeepAliveRequests="100"
disableUploadTimeout="true"
> > > proxyPort="0"
> > > maxProcessors="75" minProcessors="5" tcpNoDelay="true"
> > > acceptCount="100"
> > > useURIValidationHack="false" compression="off"
> > > connectionLinger="-1">
> > > <Factory
> > > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> > > rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
> > > keystorePass="kleber" clientAuth="false"
> > > randomFile="C:\WINDOWS\random.pem"
> > > keystoreFile="c:\Tomcat\keystore\.keystore"
> > protocol="TLS"/>
> > > </Connector>
> > >
> > > As I ever had said, the page with https:// load normally at the
browser,
> > > however at DOS windows appears this error:
> > >
> > > [WARN] Http11Processor - -Exception getting SSL attributes
> > > <javax.net.ssl.SSLPeerUnverifiedException: peer not
> > > authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
> > > authenticated
> > > at
> > >
> >
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
> > > 75)
> > > at
> > >
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
> > > java:113)
> > > at
> > >
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
> > > ort.java:161)
> > > at
> > >
> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
> > > at org.apache.coyote.Response.action(Response.java:222)
> > > at
> > >
> >
>
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
> > > 321)
> > > at
> > >
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
> > > at
> > >
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
> > > at
> > >
> >
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
> > > ction(Http11Protocol.java:392)
> > > at
> > >
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
> > > at
> > >
> >
>
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
> > > a:619)
> > > at java.lang.Thread.run(Thread.java:484)
> > >
> > > I'm also attaching my keystore file
> > >
> > > I�m thankful for your attention...
> > > Kleber
> > >
> > > ----- Original Message -----
> > > From: "Bill Barker" <wb...@wilshire.com>
> > > To: <to...@jakarta.apache.org>
> > > Sent: Thursday, September 18, 2003 12:03 AM
> > > Subject: Re: peer not authenticated
> > >
> > >
> > > > That message is supposed to be only logged at 'debug' level. Could
> you
> > > post
> > > > more of the stack trace, so I can see how to plug this message under
> > > normal
> > > > use?
> > > >
> > > > The error itself is harmless (it's just telling you that the user
> didn't
> > > > send a client cert, which is normal).
> > > >
> > > > "Kleber" <kv...@f2b.com.br> wrote in message
> > > > news:005801c37d56$76681d20$a500a8c0@kleber...
> > > > Hi,
> > > >
> > > > My name is Kleber, I am brazilian and I have a problem with Tomcat
> > > > certificates(if someone could help me, I would be grateful).
> > > > I was trying to place Tomcat certificate 4.1.27, however I've just
> had
> > a
> > > > certificate, because nowadays I'm using Orion server.
> > > > I have one file called keystore and another '.cer'.
> > > >
> > > > I had created a HTTP connection using port 443 and I have used the
> path
> > > from
> > > > the keystore file. Till this point, everything was working well, the
> > > Tomcat
> > > > was starting normally. When I open a website that use a 'secure
> > > encryption',
> > > > it is loaded normally, however, a error message apears on DOS:
> > > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> > > >
> > > > I had created an keystore file from the beginning, even so the same
> > > message
> > > > error has apeared. I also have tried to import, without sucess, the
> > > content
> > > > from my .cer file to an empty keystore file.
> > > >
> > > > Where was I messing up?
> > > >
> > > > Since now I�m thankful for your help and I�m waiting for an aswer.
> > > > []�s
> > > > Kleber
> > > >
> > > >
> > > >
> > > >
> > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > > >
> > > >
> > >
> > >
> >
> >
>
> --------------------------------------------------------------------------
> --
> > ----
> >
> >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: peer not authenticated
Posted by Bill Barker <wb...@wilshire.com>.
a) Grab the JSSESupport.java file from the CVS (using the coyote_10 branch),
and compile it into server/classes.
b) wait for the 4.1.28 release.
"Kleber" <kv...@f2b.com.br> wrote in message
news:001101c37edf$c06a3ae0$a500a8c0@kleber...
> Hi,
>
> Thanks again for your attention, and help...
>
> I'm with a doubt. You said that there was nothing wrong, however the
warning
> message always appears. Won't this leave the webpage slower with lots of
> person accessing it?
> Is there any way to avoid this message appearing?
> I can�t leave this messages appears.
>
> []'s
> Kleber
>
>
> ----- Original Message -----
> From: "Bill Barker" <wb...@wilshire.com>
> To: <to...@jakarta.apache.org>
> Sent: Friday, September 19, 2003 1:25 AM
> Subject: Re: peer not authenticated
>
>
> > It looks like I fixed it after 4.1.27. The message you are seeing is
> simply
> > a debugging message that got left in the code. It doesn't mean that
there
> > is anything wrong with your keystore, or even that anything unusual is
> > happening. All that it is saying is the the browser didn't send a
> > certificate (which is normal when you have clientAuth="false").
> >
> > "Kleber" <kv...@f2b.com.br> wrote in message
> > news:01bf01c37df4$98b1fec0$a500a8c0@kleber...
> > > Hi Bill,
> > >
> > > For a test, I created a new keystore file that use the keytool from
> java:
> > > %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
> > > the password is: "kleber"
> > >
> > > My server.xml file is like this:
> > > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> > > redirectPort="443" bufferSize="2048"
> > > serverSocketTimeout="0" connectionUploadTimeout="300000"
> > port="443"
> > > connectionTimeout="60000"
> > > scheme="https" enableLookups="true" secure="true"
> > > protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
> > > debug="0" maxKeepAliveRequests="100"
disableUploadTimeout="true"
> > > proxyPort="0"
> > > maxProcessors="75" minProcessors="5" tcpNoDelay="true"
> > > acceptCount="100"
> > > useURIValidationHack="false" compression="off"
> > > connectionLinger="-1">
> > > <Factory
> > > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> > > rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
> > > keystorePass="kleber" clientAuth="false"
> > > randomFile="C:\WINDOWS\random.pem"
> > > keystoreFile="c:\Tomcat\keystore\.keystore"
> > protocol="TLS"/>
> > > </Connector>
> > >
> > > As I ever had said, the page with https:// load normally at the
browser,
> > > however at DOS windows appears this error:
> > >
> > > [WARN] Http11Processor - -Exception getting SSL attributes
> > > <javax.net.ssl.SSLPeerUnverifiedException: peer not
> > > authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
> > > authenticated
> > > at
> > >
> >
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
> > > 75)
> > > at
> > >
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
> > > java:113)
> > > at
> > >
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
> > > ort.java:161)
> > > at
> > >
> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
> > > at org.apache.coyote.Response.action(Response.java:222)
> > > at
> > >
> >
>
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
> > > 321)
> > > at
> > >
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
> > > at
> > >
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
> > > at
> > >
> >
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
> > > ction(Http11Protocol.java:392)
> > > at
> > >
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
> > > at
> > >
> >
>
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
> > > a:619)
> > > at java.lang.Thread.run(Thread.java:484)
> > >
> > > I'm also attaching my keystore file
> > >
> > > I�m thankful for your attention...
> > > Kleber
> > >
> > > ----- Original Message -----
> > > From: "Bill Barker" <wb...@wilshire.com>
> > > To: <to...@jakarta.apache.org>
> > > Sent: Thursday, September 18, 2003 12:03 AM
> > > Subject: Re: peer not authenticated
> > >
> > >
> > > > That message is supposed to be only logged at 'debug' level. Could
> you
> > > post
> > > > more of the stack trace, so I can see how to plug this message under
> > > normal
> > > > use?
> > > >
> > > > The error itself is harmless (it's just telling you that the user
> didn't
> > > > send a client cert, which is normal).
> > > >
> > > > "Kleber" <kv...@f2b.com.br> wrote in message
> > > > news:005801c37d56$76681d20$a500a8c0@kleber...
> > > > Hi,
> > > >
> > > > My name is Kleber, I am brazilian and I have a problem with Tomcat
> > > > certificates(if someone could help me, I would be grateful).
> > > > I was trying to place Tomcat certificate 4.1.27, however I've just
> had
> > a
> > > > certificate, because nowadays I'm using Orion server.
> > > > I have one file called keystore and another '.cer'.
> > > >
> > > > I had created a HTTP connection using port 443 and I have used the
> path
> > > from
> > > > the keystore file. Till this point, everything was working well, the
> > > Tomcat
> > > > was starting normally. When I open a website that use a 'secure
> > > encryption',
> > > > it is loaded normally, however, a error message apears on DOS:
> > > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> > > >
> > > > I had created an keystore file from the beginning, even so the same
> > > message
> > > > error has apeared. I also have tried to import, without sucess, the
> > > content
> > > > from my .cer file to an empty keystore file.
> > > >
> > > > Where was I messing up?
> > > >
> > > > Since now I�m thankful for your help and I�m waiting for an aswer.
> > > > []�s
> > > > Kleber
> > > >
> > > >
> > > >
> > > >
> > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > > >
> > > >
> > >
> > >
> >
> >
>
> --------------------------------------------------------------------------
> --
> > ----
> >
> >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
Re: peer not authenticated
Posted by Kleber <kv...@f2b.com.br>.
Hi,
Thanks again for your attention, and help...
I'm with a doubt. You said that there was nothing wrong, however the warning
message always appears. Won't this leave the webpage slower with lots of
person accessing it?
Is there any way to avoid this message appearing?
I can´t leave this messages appears.
[]'s
Kleber
----- Original Message -----
From: "Bill Barker" <wb...@wilshire.com>
To: <to...@jakarta.apache.org>
Sent: Friday, September 19, 2003 1:25 AM
Subject: Re: peer not authenticated
> It looks like I fixed it after 4.1.27. The message you are seeing is
simply
> a debugging message that got left in the code. It doesn't mean that there
> is anything wrong with your keystore, or even that anything unusual is
> happening. All that it is saying is the the browser didn't send a
> certificate (which is normal when you have clientAuth="false").
>
> "Kleber" <kv...@f2b.com.br> wrote in message
> news:01bf01c37df4$98b1fec0$a500a8c0@kleber...
> > Hi Bill,
> >
> > For a test, I created a new keystore file that use the keytool from
java:
> > %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
> > the password is: "kleber"
> >
> > My server.xml file is like this:
> > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> > redirectPort="443" bufferSize="2048"
> > serverSocketTimeout="0" connectionUploadTimeout="300000"
> port="443"
> > connectionTimeout="60000"
> > scheme="https" enableLookups="true" secure="true"
> > protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
> > debug="0" maxKeepAliveRequests="100" disableUploadTimeout="true"
> > proxyPort="0"
> > maxProcessors="75" minProcessors="5" tcpNoDelay="true"
> > acceptCount="100"
> > useURIValidationHack="false" compression="off"
> > connectionLinger="-1">
> > <Factory
> > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> > rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
> > keystorePass="kleber" clientAuth="false"
> > randomFile="C:\WINDOWS\random.pem"
> > keystoreFile="c:\Tomcat\keystore\.keystore"
> protocol="TLS"/>
> > </Connector>
> >
> > As I ever had said, the page with https:// load normally at the browser,
> > however at DOS windows appears this error:
> >
> > [WARN] Http11Processor - -Exception getting SSL attributes
> > <javax.net.ssl.SSLPeerUnverifiedException: peer not
> > authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
> > authenticated
> > at
> >
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
> > 75)
> > at
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
> > java:113)
> > at
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
> > ort.java:161)
> > at
> >
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
> > at org.apache.coyote.Response.action(Response.java:222)
> > at
> >
>
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
> > 321)
> > at
> > org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
> > at
> >
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
> > at
> >
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
> > ction(Http11Protocol.java:392)
> > at
> >
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
> > at
> >
>
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
> > a:619)
> > at java.lang.Thread.run(Thread.java:484)
> >
> > I'm also attaching my keystore file
> >
> > I´m thankful for your attention...
> > Kleber
> >
> > ----- Original Message -----
> > From: "Bill Barker" <wb...@wilshire.com>
> > To: <to...@jakarta.apache.org>
> > Sent: Thursday, September 18, 2003 12:03 AM
> > Subject: Re: peer not authenticated
> >
> >
> > > That message is supposed to be only logged at 'debug' level. Could
you
> > post
> > > more of the stack trace, so I can see how to plug this message under
> > normal
> > > use?
> > >
> > > The error itself is harmless (it's just telling you that the user
didn't
> > > send a client cert, which is normal).
> > >
> > > "Kleber" <kv...@f2b.com.br> wrote in message
> > > news:005801c37d56$76681d20$a500a8c0@kleber...
> > > Hi,
> > >
> > > My name is Kleber, I am brazilian and I have a problem with Tomcat
> > > certificates(if someone could help me, I would be grateful).
> > > I was trying to place Tomcat certificate 4.1.27, however I've just
had
> a
> > > certificate, because nowadays I'm using Orion server.
> > > I have one file called keystore and another '.cer'.
> > >
> > > I had created a HTTP connection using port 443 and I have used the
path
> > from
> > > the keystore file. Till this point, everything was working well, the
> > Tomcat
> > > was starting normally. When I open a website that use a 'secure
> > encryption',
> > > it is loaded normally, however, a error message apears on DOS:
> > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> > >
> > > I had created an keystore file from the beginning, even so the same
> > message
> > > error has apeared. I also have tried to import, without sucess, the
> > content
> > > from my .cer file to an empty keystore file.
> > >
> > > Where was I messing up?
> > >
> > > Since now I´m thankful for your help and I´m waiting for an aswer.
> > > []´s
> > > Kleber
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
> >
> >
>
>
> --------------------------------------------------------------------------
--
> ----
>
>
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: peer not authenticated
Posted by Kleber <kv...@f2b.com.br>.
Hi,
Thanks again for your attention, and help...
I'm with a doubt. You said that there was nothing wrong, however the warning
message always appears. Won't this leave the webpage slower with lots of
person accessing it?
Is there any way to avoid this message appearing?
I can´t leave this messages appears.
[]'s
Kleber
----- Original Message -----
From: "Bill Barker" <wb...@wilshire.com>
To: <to...@jakarta.apache.org>
Sent: Friday, September 19, 2003 1:25 AM
Subject: Re: peer not authenticated
> It looks like I fixed it after 4.1.27. The message you are seeing is
simply
> a debugging message that got left in the code. It doesn't mean that there
> is anything wrong with your keystore, or even that anything unusual is
> happening. All that it is saying is the the browser didn't send a
> certificate (which is normal when you have clientAuth="false").
>
> "Kleber" <kv...@f2b.com.br> wrote in message
> news:01bf01c37df4$98b1fec0$a500a8c0@kleber...
> > Hi Bill,
> >
> > For a test, I created a new keystore file that use the keytool from
java:
> > %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
> > the password is: "kleber"
> >
> > My server.xml file is like this:
> > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> > redirectPort="443" bufferSize="2048"
> > serverSocketTimeout="0" connectionUploadTimeout="300000"
> port="443"
> > connectionTimeout="60000"
> > scheme="https" enableLookups="true" secure="true"
> > protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
> > debug="0" maxKeepAliveRequests="100" disableUploadTimeout="true"
> > proxyPort="0"
> > maxProcessors="75" minProcessors="5" tcpNoDelay="true"
> > acceptCount="100"
> > useURIValidationHack="false" compression="off"
> > connectionLinger="-1">
> > <Factory
> > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> > rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
> > keystorePass="kleber" clientAuth="false"
> > randomFile="C:\WINDOWS\random.pem"
> > keystoreFile="c:\Tomcat\keystore\.keystore"
> protocol="TLS"/>
> > </Connector>
> >
> > As I ever had said, the page with https:// load normally at the browser,
> > however at DOS windows appears this error:
> >
> > [WARN] Http11Processor - -Exception getting SSL attributes
> > <javax.net.ssl.SSLPeerUnverifiedException: peer not
> > authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
> > authenticated
> > at
> >
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
> > 75)
> > at
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
> > java:113)
> > at
> >
>
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
> > ort.java:161)
> > at
> >
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
> > at org.apache.coyote.Response.action(Response.java:222)
> > at
> >
>
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
> > 321)
> > at
> > org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
> > at
> >
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
> > at
> >
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
> > ction(Http11Protocol.java:392)
> > at
> >
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
> > at
> >
>
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
> > a:619)
> > at java.lang.Thread.run(Thread.java:484)
> >
> > I'm also attaching my keystore file
> >
> > I´m thankful for your attention...
> > Kleber
> >
> > ----- Original Message -----
> > From: "Bill Barker" <wb...@wilshire.com>
> > To: <to...@jakarta.apache.org>
> > Sent: Thursday, September 18, 2003 12:03 AM
> > Subject: Re: peer not authenticated
> >
> >
> > > That message is supposed to be only logged at 'debug' level. Could
you
> > post
> > > more of the stack trace, so I can see how to plug this message under
> > normal
> > > use?
> > >
> > > The error itself is harmless (it's just telling you that the user
didn't
> > > send a client cert, which is normal).
> > >
> > > "Kleber" <kv...@f2b.com.br> wrote in message
> > > news:005801c37d56$76681d20$a500a8c0@kleber...
> > > Hi,
> > >
> > > My name is Kleber, I am brazilian and I have a problem with Tomcat
> > > certificates(if someone could help me, I would be grateful).
> > > I was trying to place Tomcat certificate 4.1.27, however I've just
had
> a
> > > certificate, because nowadays I'm using Orion server.
> > > I have one file called keystore and another '.cer'.
> > >
> > > I had created a HTTP connection using port 443 and I have used the
path
> > from
> > > the keystore file. Till this point, everything was working well, the
> > Tomcat
> > > was starting normally. When I open a website that use a 'secure
> > encryption',
> > > it is loaded normally, however, a error message apears on DOS:
> > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> > >
> > > I had created an keystore file from the beginning, even so the same
> > message
> > > error has apeared. I also have tried to import, without sucess, the
> > content
> > > from my .cer file to an empty keystore file.
> > >
> > > Where was I messing up?
> > >
> > > Since now I´m thankful for your help and I´m waiting for an aswer.
> > > []´s
> > > Kleber
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
> >
> >
>
>
> --------------------------------------------------------------------------
--
> ----
>
>
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
Re: peer not authenticated
Posted by Bill Barker <wb...@wilshire.com>.
It looks like I fixed it after 4.1.27. The message you are seeing is simply
a debugging message that got left in the code. It doesn't mean that there
is anything wrong with your keystore, or even that anything unusual is
happening. All that it is saying is the the browser didn't send a
certificate (which is normal when you have clientAuth="false").
"Kleber" <kv...@f2b.com.br> wrote in message
news:01bf01c37df4$98b1fec0$a500a8c0@kleber...
> Hi Bill,
>
> For a test, I created a new keystore file that use the keytool from java:
> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
> the password is: "kleber"
>
> My server.xml file is like this:
> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> redirectPort="443" bufferSize="2048"
> serverSocketTimeout="0" connectionUploadTimeout="300000"
port="443"
> connectionTimeout="60000"
> scheme="https" enableLookups="true" secure="true"
> protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
> debug="0" maxKeepAliveRequests="100" disableUploadTimeout="true"
> proxyPort="0"
> maxProcessors="75" minProcessors="5" tcpNoDelay="true"
> acceptCount="100"
> useURIValidationHack="false" compression="off"
> connectionLinger="-1">
> <Factory
> className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
> keystorePass="kleber" clientAuth="false"
> randomFile="C:\WINDOWS\random.pem"
> keystoreFile="c:\Tomcat\keystore\.keystore"
protocol="TLS"/>
> </Connector>
>
> As I ever had said, the page with https:// load normally at the browser,
> however at DOS windows appears this error:
>
> [WARN] Http11Processor - -Exception getting SSL attributes
> <javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated
> at
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
> 75)
> at
>
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
> java:113)
> at
>
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
> ort.java:161)
> at
> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
> at org.apache.coyote.Response.action(Response.java:222)
> at
>
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
> 321)
> at
> org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
> at
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
> ction(Http11Protocol.java:392)
> at
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
> at
>
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
> a:619)
> at java.lang.Thread.run(Thread.java:484)
>
> I'm also attaching my keystore file
>
> I�m thankful for your attention...
> Kleber
>
> ----- Original Message -----
> From: "Bill Barker" <wb...@wilshire.com>
> To: <to...@jakarta.apache.org>
> Sent: Thursday, September 18, 2003 12:03 AM
> Subject: Re: peer not authenticated
>
>
> > That message is supposed to be only logged at 'debug' level. Could you
> post
> > more of the stack trace, so I can see how to plug this message under
> normal
> > use?
> >
> > The error itself is harmless (it's just telling you that the user didn't
> > send a client cert, which is normal).
> >
> > "Kleber" <kv...@f2b.com.br> wrote in message
> > news:005801c37d56$76681d20$a500a8c0@kleber...
> > Hi,
> >
> > My name is Kleber, I am brazilian and I have a problem with Tomcat
> > certificates(if someone could help me, I would be grateful).
> > I was trying to place Tomcat certificate 4.1.27, however I've just had
a
> > certificate, because nowadays I'm using Orion server.
> > I have one file called keystore and another '.cer'.
> >
> > I had created a HTTP connection using port 443 and I have used the path
> from
> > the keystore file. Till this point, everything was working well, the
> Tomcat
> > was starting normally. When I open a website that use a 'secure
> encryption',
> > it is loaded normally, however, a error message apears on DOS:
> > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> >
> > I had created an keystore file from the beginning, even so the same
> message
> > error has apeared. I also have tried to import, without sucess, the
> content
> > from my .cer file to an empty keystore file.
> >
> > Where was I messing up?
> >
> > Since now I�m thankful for your help and I�m waiting for an aswer.
> > []�s
> > Kleber
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
----------------------------------------------------------------------------
----
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: peer not authenticated
Posted by Bill Barker <wb...@wilshire.com>.
It looks like I fixed it after 4.1.27. The message you are seeing is simply
a debugging message that got left in the code. It doesn't mean that there
is anything wrong with your keystore, or even that anything unusual is
happening. All that it is saying is the the browser didn't send a
certificate (which is normal when you have clientAuth="false").
"Kleber" <kv...@f2b.com.br> wrote in message
news:01bf01c37df4$98b1fec0$a500a8c0@kleber...
> Hi Bill,
>
> For a test, I created a new keystore file that use the keytool from java:
> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
> the password is: "kleber"
>
> My server.xml file is like this:
> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> redirectPort="443" bufferSize="2048"
> serverSocketTimeout="0" connectionUploadTimeout="300000"
port="443"
> connectionTimeout="60000"
> scheme="https" enableLookups="true" secure="true"
> protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
> debug="0" maxKeepAliveRequests="100" disableUploadTimeout="true"
> proxyPort="0"
> maxProcessors="75" minProcessors="5" tcpNoDelay="true"
> acceptCount="100"
> useURIValidationHack="false" compression="off"
> connectionLinger="-1">
> <Factory
> className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
> keystorePass="kleber" clientAuth="false"
> randomFile="C:\WINDOWS\random.pem"
> keystoreFile="c:\Tomcat\keystore\.keystore"
protocol="TLS"/>
> </Connector>
>
> As I ever had said, the page with https:// load normally at the browser,
> however at DOS windows appears this error:
>
> [WARN] Http11Processor - -Exception getting SSL attributes
> <javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated
> at
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
> 75)
> at
>
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
> java:113)
> at
>
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
> ort.java:161)
> at
> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
> at org.apache.coyote.Response.action(Response.java:222)
> at
>
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
> 321)
> at
> org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
> at
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
> ction(Http11Protocol.java:392)
> at
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
> at
>
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
> a:619)
> at java.lang.Thread.run(Thread.java:484)
>
> I'm also attaching my keystore file
>
> I�m thankful for your attention...
> Kleber
>
> ----- Original Message -----
> From: "Bill Barker" <wb...@wilshire.com>
> To: <to...@jakarta.apache.org>
> Sent: Thursday, September 18, 2003 12:03 AM
> Subject: Re: peer not authenticated
>
>
> > That message is supposed to be only logged at 'debug' level. Could you
> post
> > more of the stack trace, so I can see how to plug this message under
> normal
> > use?
> >
> > The error itself is harmless (it's just telling you that the user didn't
> > send a client cert, which is normal).
> >
> > "Kleber" <kv...@f2b.com.br> wrote in message
> > news:005801c37d56$76681d20$a500a8c0@kleber...
> > Hi,
> >
> > My name is Kleber, I am brazilian and I have a problem with Tomcat
> > certificates(if someone could help me, I would be grateful).
> > I was trying to place Tomcat certificate 4.1.27, however I've just had
a
> > certificate, because nowadays I'm using Orion server.
> > I have one file called keystore and another '.cer'.
> >
> > I had created a HTTP connection using port 443 and I have used the path
> from
> > the keystore file. Till this point, everything was working well, the
> Tomcat
> > was starting normally. When I open a website that use a 'secure
> encryption',
> > it is loaded normally, however, a error message apears on DOS:
> > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> >
> > I had created an keystore file from the beginning, even so the same
> message
> > error has apeared. I also have tried to import, without sucess, the
> content
> > from my .cer file to an empty keystore file.
> >
> > Where was I messing up?
> >
> > Since now I�m thankful for your help and I�m waiting for an aswer.
> > []�s
> > Kleber
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
----------------------------------------------------------------------------
----
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: peer not authenticated
Posted by Kleber <kv...@f2b.com.br>.
Hi Bill,
For a test, I created a new keystore file that use the keytool from java:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
the password is: "kleber"
My server.xml file is like this:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
redirectPort="443" bufferSize="2048"
serverSocketTimeout="0" connectionUploadTimeout="300000" port="443"
connectionTimeout="60000"
scheme="https" enableLookups="true" secure="true"
protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
debug="0" maxKeepAliveRequests="100" disableUploadTimeout="true"
proxyPort="0"
maxProcessors="75" minProcessors="5" tcpNoDelay="true"
acceptCount="100"
useURIValidationHack="false" compression="off"
connectionLinger="-1">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
keystorePass="kleber" clientAuth="false"
randomFile="C:\WINDOWS\random.pem"
keystoreFile="c:\Tomcat\keystore\.keystore" protocol="TLS"/>
</Connector>
As I ever had said, the page with https:// load normally at the browser,
however at DOS windows appears this error:
[WARN] Http11Processor - -Exception getting SSL attributes
<javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
75)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
java:113)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
ort.java:161)
at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
at org.apache.coyote.Response.action(Response.java:222)
at
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
321)
at
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
ction(Http11Protocol.java:392)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:619)
at java.lang.Thread.run(Thread.java:484)
I'm also attaching my keystore file
I´m thankful for your attention...
Kleber
----- Original Message -----
From: "Bill Barker" <wb...@wilshire.com>
To: <to...@jakarta.apache.org>
Sent: Thursday, September 18, 2003 12:03 AM
Subject: Re: peer not authenticated
> That message is supposed to be only logged at 'debug' level. Could you
post
> more of the stack trace, so I can see how to plug this message under
normal
> use?
>
> The error itself is harmless (it's just telling you that the user didn't
> send a client cert, which is normal).
>
> "Kleber" <kv...@f2b.com.br> wrote in message
> news:005801c37d56$76681d20$a500a8c0@kleber...
> Hi,
>
> My name is Kleber, I am brazilian and I have a problem with Tomcat
> certificates(if someone could help me, I would be grateful).
> I was trying to place Tomcat certificate 4.1.27, however I've just had a
> certificate, because nowadays I'm using Orion server.
> I have one file called keystore and another '.cer'.
>
> I had created a HTTP connection using port 443 and I have used the path
from
> the keystore file. Till this point, everything was working well, the
Tomcat
> was starting normally. When I open a website that use a 'secure
encryption',
> it is loaded normally, however, a error message apears on DOS:
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>
> I had created an keystore file from the beginning, even so the same
message
> error has apeared. I also have tried to import, without sucess, the
content
> from my .cer file to an empty keystore file.
>
> Where was I messing up?
>
> Since now I´m thankful for your help and I´m waiting for an aswer.
> []´s
> Kleber
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
Re: peer not authenticated
Posted by Kleber <kv...@f2b.com.br>.
Hi Bill,
For a test, I created a new keystore file that use the keytool from java:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
the password is: "kleber"
My server.xml file is like this:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
redirectPort="443" bufferSize="2048"
serverSocketTimeout="0" connectionUploadTimeout="300000" port="443"
connectionTimeout="60000"
scheme="https" enableLookups="true" secure="true"
protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"
debug="0" maxKeepAliveRequests="100" disableUploadTimeout="true"
proxyPort="0"
maxProcessors="75" minProcessors="5" tcpNoDelay="true"
acceptCount="100"
useURIValidationHack="false" compression="off"
connectionLinger="-1">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
rootFile="C:\WINDOWS\root.pem" keystoreType="JKS"
keystorePass="kleber" clientAuth="false"
randomFile="C:\WINDOWS\random.pem"
keystoreFile="c:\Tomcat\keystore\.keystore" protocol="TLS"/>
</Connector>
As I ever had said, the page with https:// load normally at the browser,
however at DOS windows appears this error:
[WARN] Http11Processor - -Exception getting SSL attributes
<javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
75)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.
java:113)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
ort.java:161)
at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
at org.apache.coyote.Response.action(Response.java:222)
at
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:
321)
at
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
ction(Http11Protocol.java:392)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:619)
at java.lang.Thread.run(Thread.java:484)
I'm also attaching my keystore file
I´m thankful for your attention...
Kleber
----- Original Message -----
From: "Bill Barker" <wb...@wilshire.com>
To: <to...@jakarta.apache.org>
Sent: Thursday, September 18, 2003 12:03 AM
Subject: Re: peer not authenticated
> That message is supposed to be only logged at 'debug' level. Could you
post
> more of the stack trace, so I can see how to plug this message under
normal
> use?
>
> The error itself is harmless (it's just telling you that the user didn't
> send a client cert, which is normal).
>
> "Kleber" <kv...@f2b.com.br> wrote in message
> news:005801c37d56$76681d20$a500a8c0@kleber...
> Hi,
>
> My name is Kleber, I am brazilian and I have a problem with Tomcat
> certificates(if someone could help me, I would be grateful).
> I was trying to place Tomcat certificate 4.1.27, however I've just had a
> certificate, because nowadays I'm using Orion server.
> I have one file called keystore and another '.cer'.
>
> I had created a HTTP connection using port 443 and I have used the path
from
> the keystore file. Till this point, everything was working well, the
Tomcat
> was starting normally. When I open a website that use a 'secure
encryption',
> it is loaded normally, however, a error message apears on DOS:
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>
> I had created an keystore file from the beginning, even so the same
message
> error has apeared. I also have tried to import, without sucess, the
content
> from my .cer file to an empty keystore file.
>
> Where was I messing up?
>
> Since now I´m thankful for your help and I´m waiting for an aswer.
> []´s
> Kleber
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
Re: peer not authenticated
Posted by Bill Barker <wb...@wilshire.com>.
That message is supposed to be only logged at 'debug' level. Could you post
more of the stack trace, so I can see how to plug this message under normal
use?
The error itself is harmless (it's just telling you that the user didn't
send a client cert, which is normal).
"Kleber" <kv...@f2b.com.br> wrote in message
news:005801c37d56$76681d20$a500a8c0@kleber...
Hi,
My name is Kleber, I am brazilian and I have a problem with Tomcat
certificates(if someone could help me, I would be grateful).
I was trying to place Tomcat certificate 4.1.27, however I've just had a
certificate, because nowadays I'm using Orion server.
I have one file called keystore and another '.cer'.
I had created a HTTP connection using port 443 and I have used the path from
the keystore file. Till this point, everything was working well, the Tomcat
was starting normally. When I open a website that use a 'secure encryption',
it is loaded normally, however, a error message apears on DOS:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
I had created an keystore file from the beginning, even so the same message
error has apeared. I also have tried to import, without sucess, the content
from my .cer file to an empty keystore file.
Where was I messing up?
Since now I�m thankful for your help and I�m waiting for an aswer.
[]�s
Kleber
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: peer not authenticated
Posted by Bill Barker <wb...@wilshire.com>.
That message is supposed to be only logged at 'debug' level. Could you post
more of the stack trace, so I can see how to plug this message under normal
use?
The error itself is harmless (it's just telling you that the user didn't
send a client cert, which is normal).
"Kleber" <kv...@f2b.com.br> wrote in message
news:005801c37d56$76681d20$a500a8c0@kleber...
Hi,
My name is Kleber, I am brazilian and I have a problem with Tomcat
certificates(if someone could help me, I would be grateful).
I was trying to place Tomcat certificate 4.1.27, however I've just had a
certificate, because nowadays I'm using Orion server.
I have one file called keystore and another '.cer'.
I had created a HTTP connection using port 443 and I have used the path from
the keystore file. Till this point, everything was working well, the Tomcat
was starting normally. When I open a website that use a 'secure encryption',
it is loaded normally, however, a error message apears on DOS:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
I had created an keystore file from the beginning, even so the same message
error has apeared. I also have tried to import, without sucess, the content
from my .cer file to an empty keystore file.
Where was I messing up?
Since now I�m thankful for your help and I�m waiting for an aswer.
[]�s
Kleber