You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ayouB __ <ay...@hotmail.fr> on 2012/03/16 16:58:49 UTC
Configure SSL under Tomcat 7
Hi every one,
I'm ayoub and i'm a new member of this mailing list :)
Well, i want to configure SSL under Tomcat 7 so i have followed steps said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but when i deploy my project in tomcat server i don't get : https://loclhost:8080/ i still working with the native http !! what should i do, what configuration should i make on my server.xml file.
PS : I want to use the APR implementation not the JSSE one, and BTW the : SSLCertificateFile & SSLCertificateKeyFile don't exist in the <connector ... /> element (usinf eclipse Ctrl+space auto-complish) !!
Thanks.
Re: Configure SSL under Tomcat 7
Posted by Pid <pi...@pidster.com>.
On 16/03/2012 15:58, ayouB __ wrote:
>
> Hi every one,
>
> I'm ayoub and i'm a new member of this mailing list :)
> Well, i want to configure SSL under Tomcat 7 so i have followed steps said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but when i deploy my project in tomcat server i don't get : https://loclhost:8080/ i still working with the native http !! what should i do, what configuration should i make on my server.xml file.
Exactly which versions of OS, Java and Tomcat 7?
Why don't you post the config for all of the Connectors you've got in
server.xml, inline here, so we can see what you've done?
> PS : I want to use the APR implementation not the JSSE one, and
Have you installed OpenSSL and APR?
BTW the : SSLCertificateFile & SSLCertificateKeyFile don't exist in the
<connector ... /> element (usinf eclipse Ctrl+space auto-complish) !!
I don't know what that means.
p
--
[key:62590808]
RE: Configure SSL under Tomcat 7
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: ayouB __ [mailto:ayb-2008@hotmail.fr]
> Subject: RE: Configure SSL under Tomcat 7
> 1) bin/tcnative-1.dll
32-bit version
> 2) bin/i64/tcnative-1.dll
Itanium version
> 3) bin/x64/tcnative-1.dll
x86-64 version
> Which one should i put in my : apache-tomcat-7.0.26\bin, knowing
> that i use windows xp (32 bits) as OS ?!
The 32-bit one.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Configure SSL under Tomcat 7
Posted by André Warnier <aw...@ice-sa.com>.
Casper Wandahl Schmidt wrote:
>
>
> Den 20-03-2012 10:34, ayouB __ skrev:
>> Hi,
>>
>> I have downloaded OpenSSL under Windows wich required me to install
>> Visual C++ 2008 Redistributable and i did it then i added the
>> "C:\OpenSSL-Win32\bin" to my environement variable PATH, now the
>> "openssl" command work very well in the cmd.exe (it give me
>> "OpenSSL>"), so i wanna generate the X.509 certificate format, what
>> should i do now ?! is there any examples please ?!
> http://lmgtfy.com/?q=openssl+create+certificate
>
> Pick one of the results (I did check the second and it looks good. For
> your convenience the direct link is:
> http://www.madboa.com/geek/openssl/) and follow it :)
>
> -Casper
>
> ps. Everyone, I'm sorry about the lmgtfy link but I got a little tired
> of the OP demanding explicit commands for non-tomcat tools and excessive
> use of !'s
>>
No reason to feel sorry, in my opinion. I have been myself amazed at how patient "the
list" has been so far.
Here is another link for ayoub's benefit :
http://www.catb.org/~esr/faqs/smart-questions.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Hi every one,
Thanks you all for your replies & your critics that means i became a VIP member in this mailing list :D i'm jokking ^_^
Well, i turned back to the JSSE, now it works very well and i can access to my ressources using HTTPS. Still the APR one, as it has been said earlier, i puted the absolute path of my .cer & .key files as values of my SSLCertificateFile & SSLCertificateKeyFile attributes, as u can see :
====================== server.xml ================================
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false"
maxThreads="150" scheme="https" secure="true" sslProtocol="TLS"
SSLCertificateFile="C:\Program Files\Apache Software Foundation\apache-tomcat-7.0.26\conf\localhost.cer"
SSLCertificateKeyFile="C:\Program Files\Apache Software Foundation\apache-tomcat-7.0.26\conf\localhost.key"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
=================================================================
i still having the same problem, tomcat work very well without any interruption & no errors in my logs, but https doesn't work ?!!
Thanks.
Re: Configure SSL under Tomcat 7
Posted by André Warnier <aw...@ice-sa.com>.
ayouB __ wrote:
> Hi,
> the logs doesn't say any thing, tomcat still working normally, the problem is when i put the link : https://localhost:8443/ProjectTest/ , the browser display : impossible to display this page ..., like the project doesn't even exit in my workspace (the browser doesn't recognize my web project using https, which is not the case with http cause it works normally).
> What should i do now ?!
> Thanks.
Guys,
I know that ayoub has a tendency to ask for ready-made answers rather than trying to
figure it out by himself, but maybe he has a point nevertheless.
According to a previous post, ayoub's current HTTPS Connector configuration is :
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="localhost.crt"
SSLCertificateKeyFile="localhost.key"/>
I personally have no idea if there are attributes missing above, or if something is wrong
in the files, but
If I go to this page :http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
and look up the APR Connector attributes, it says this :
----------
SSLCACertificateFile
See the mod_ssl documentation.
SSLCACertificatePath
See the mod_ssl documentation.
SSLCARevocationFile
See the mod_ssl documentation.
SSLCARevocationPath
See the mod_ssl documentation.
SSLCertificateChainFile
See the mod_ssl documentation.
SSLCACertificateFile
Name of the file that contains the concatenated certificates for the trusted certificate
authorities. The format is PEM-encoded.
SSLCACertificatePath
Name of the directory that contains the certificates for the trusted certificate
authorities. The format is PEM-encoded.
SSLCARevocationFile
Name of the file that contains the concatenated certificate revocation lists for the
certificate authorities. The format is PEM-encoded.
SSLCARevocationPath
Name of the directory that contains the certificate revocation lists for the certificate
authorities. The format is PEM-encoded.
SSLCertificateChainFile
Name of the file that contains concatenated certifcates for the certificate authorities
which form the certifcate chain for the server certificate. The format is PEM-encoded.
SSLCertificateFile
Name of the file that contains the server certificate. The format is PEM-encoded.
SSLCertificateKeyFile
Name of the file that contains the server private key. The format is PEM-encoded. The
default value is the value of "SSLCertificateFile" and in this case both certificate and
private key have to be in this file (NOT RECOMMENDED).
etc...
----
Note that for the attributes for which it does not say "see the mod_ssl documentation", it
talks about "name of the file" or "name of the directory". Not "path", but "name".
And when following the link to the Apache httpd mod_ssl documentation, there it says "path".
So, whether name or path, where should these files best be placed, and if these attributes
do not require a full path, then relative to what is this interpreted ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Hi,
the logs doesn't say any thing, tomcat still working normally, the problem is when i put the link : https://localhost:8443/ProjectTest/ , the browser display : impossible to display this page ..., like the project doesn't even exit in my workspace (the browser doesn't recognize my web project using https, which is not the case with http cause it works normally).
What should i do now ?!
Thanks.
Re: Configure SSL under Tomcat 7
Posted by Casper Wandahl Schmidt <ka...@gmail.com>.
Den 20-03-2012 13:15, ayouB __ skrev:
> Hi,
>
> I follow steps said in this link : http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html, i generated my files : .key and .crt, i puted them in the conf/bin then i modified my server.xml to be able to support these new changes, here it's :
>
> ====================================server.xml===========================================
> <?xml version='1.0' encoding='utf-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
> http://www.apache.org/licenses/LICENSE-2.0
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8005" shutdown="SHUTDOWN">
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
> <Listener className="org.apache.catalina.core.JasperListener" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
> <!--The connectors can use a shared executor, you can define one or more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
> <!-- A "Connector" represents an endpoint by which requests are received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html (blocking& non-blocking)
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL HTTP/1.1 Connector on port 8080
> -->
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> This connector uses the JSSE configuration, when using APR, the
> connector should be using the OpenSSL style configuration
> described in the APR documentation -->
>
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> SSLCertificateFile="localhost.crt"
> SSLCertificateKeyFile="localhost.key"/>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
> <!-- An Engine represents the entry point (within Catalina) that processes
> every request. The Engine implementation for Tomcat stand alone
> analyzes the HTTP headers included with the request, and passes them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
> <!-- Use the LockOutRealm to prevent attempts to guess user passwords
> via a brute-force attack -->
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Realm>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
> <!-- SingleSignOn valve, share authentication between web applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
> -->
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using pattern="common" -->
> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> prefix="localhost_access_log." suffix=".txt"
> pattern="%h %l %u %t"%r" %s %b" />
> </Host>
> </Engine>
> </Service>
> </Server>
> ===============================================================================
>
> I'm really disturbed, i've tried every kind of solution !! does any one have any last suggestion pleaase ?!
So now what seems to be the problem? What happens, what does the logs
have to say? Please read the link Andre provided :)
-Casper
>
> Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Configure SSL under Tomcat 7
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ayoub,
On 3/20/12 8:15 AM, ayouB __ wrote:
> I'm really disturbed, i've tried every kind of solution !! does
> any one have any last suggestion pleaase ?!
I think it may be time to hire a consultant.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9ojtoACgkQ9CaO5/Lv0PDRjQCfbXpyQcYNcfbTzGeQ8q6uSS6D
XMUAni6YY7sxWO1mpabT2VqOr/PSD49r
=Sg+i
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Hi,
I follow steps said in this link : http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html, i generated my files : .key and .crt, i puted them in the conf/bin then i modified my server.xml to be able to support these new changes, here it's :
====================================server.xml===========================================
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="localhost.crt"
SSLCertificateKeyFile="localhost.key"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
===============================================================================
I'm really disturbed, i've tried every kind of solution !! does any one have any last suggestion pleaase ?!
Thanks.
Re: Configure SSL under Tomcat 7
Posted by André Warnier <aw...@ice-sa.com>.
Casper Wandahl Schmidt wrote:
>
>
> Den 20-03-2012 10:34, ayouB __ skrev:
>> Hi,
>>
>> I have downloaded OpenSSL under Windows wich required me to install
>> Visual C++ 2008 Redistributable and i did it then i added the
>> "C:\OpenSSL-Win32\bin" to my environement variable PATH, now the
>> "openssl" command work very well in the cmd.exe (it give me
>> "OpenSSL>"), so i wanna generate the X.509 certificate format, what
>> should i do now ?! is there any examples please ?!
> http://lmgtfy.com/?q=openssl+create+certificate
>
> Pick one of the results (I did check the second and it looks good. For
> your convenience the direct link is:
> http://www.madboa.com/geek/openssl/) and follow it :)
>
> -Casper
>
> ps. Everyone, I'm sorry about the lmgtfy link but I got a little tired
> of the OP demanding explicit commands for non-tomcat tools and excessive
> use of !'s
>>
No reason to feel sorry, in my opinion. I have been myself amazed at how patient "the
list" has been so far.
Here is another link for ayoub's benefit :
http://www.catb.org/~esr/faqs/smart-questions.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Configure SSL under Tomcat 7
Posted by Casper Wandahl Schmidt <ka...@gmail.com>.
Den 20-03-2012 10:34, ayouB __ skrev:
> Hi,
>
> I have downloaded OpenSSL under Windows wich required me to install Visual C++ 2008 Redistributable and i did it then i added the "C:\OpenSSL-Win32\bin" to my environement variable PATH, now the "openssl" command work very well in the cmd.exe (it give me "OpenSSL>"), so i wanna generate the X.509 certificate format, what should i do now ?! is there any examples please ?!
http://lmgtfy.com/?q=openssl+create+certificate
Pick one of the results (I did check the second and it looks good. For
your convenience the direct link is:
http://www.madboa.com/geek/openssl/) and follow it :)
-Casper
ps. Everyone, I'm sorry about the lmgtfy link but I got a little tired
of the OP demanding explicit commands for non-tomcat tools and excessive
use of !'s
>
> Thanks :)
>
>> APR uses PEM-formatted X.509 certificate format and keys are in
>> separate text blocks. Use OpenSSL to generate such certificates.
>>
>> Java uses JKS (Java Key Store) format and all keys are in a bundle.
>> Use keytool to generate such certificates.
>>
>> In either case, keys can be imported-into or exported-out of JKS
>> stores and converted to/from PEM-formatted key files.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Hi,
I have downloaded OpenSSL under Windows wich required me to install Visual C++ 2008 Redistributable and i did it then i added the "C:\OpenSSL-Win32\bin" to my environement variable PATH, now the "openssl" command work very well in the cmd.exe (it give me "OpenSSL>"), so i wanna generate the X.509 certificate format, what should i do now ?! is there any examples please ?!
Thanks :)
> APR uses PEM-formatted X.509 certificate format and keys are in
> separate text blocks. Use OpenSSL to generate such certificates.
>
> Java uses JKS (Java Key Store) format and all keys are in a bundle.
> Use keytool to generate such certificates.
>
> In either case, keys can be imported-into or exported-out of JKS
> stores and converted to/from PEM-formatted key files.
Re: Configure SSL under Tomcat 7
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ayoub,
On 3/19/12 1:51 PM, ayouB __ wrote:
> Can you explain me more what certificate format is used with APR &
> how can i get it please !
APR uses PEM-formatted X.509 certificate format and keys are in
separate text blocks. Use OpenSSL to generate such certificates.
Java uses JKS (Java Key Store) format and all keys are in a bundle.
Use keytool to generate such certificates.
In either case, keys can be imported-into or exported-out of JKS
stores and converted to/from PEM-formatted key files.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9nkd0ACgkQ9CaO5/Lv0PCtQwCfXt3jb4YaRH5hhlTDoQudSndr
HJEAoIPD0/zHTZh4czIpMjPRiSZ/u2uT
=vFqr
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Hi,
I'm asking you again, pleaase tell me from where and how they get these files : localhost.crt & localhost.key !!!
Thanks.
RE: Configure SSL under Tomcat 7
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: ayouB __ [mailto:ayb-2008@hotmail.fr]
> Subject: RE: Configure SSL under Tomcat 7
> Can you explain me more what certificate format is used with
> APR & how can i get it please !
Read the docs:
http://tomcat.apache.org/tomcat-7.0-doc/apr.html#APR_Connectors_Configuration
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Tapan Thakkar [mailto:tapan.d.thakkar@gmail.com]
> Subject: Re: Configure SSL under Tomcat 7
> Go through this link http://tomcat.apache.org/tomcat-4.1-doc/ssl-howto.html
It is irresponsible for anyone to suggest use of Tomcat 4 documentation; even more so in this case when the subject is SSL via APR, which didn't even exist in Tomcat 4.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Configure SSL under Tomcat 7
Posted by Tapan Thakkar <ta...@gmail.com>.
Hi,
Go through this link http://tomcat.apache.org/tomcat-4.1-doc/ssl-howto.html
The file that you are asking are certificate and key file used for SSL.
To configure tomcat with SSL you need to create this files.
On Tue, Mar 20, 2012 at 2:51 PM, ayouB __ <ay...@hotmail.fr> wrote:
>
> Hi every body & happy new spring ^^
>
> Well, i'm asking you again to tell me please what's the purpose of these
> files : localhost.crt & localhost.key in the last example in this link :
> http://tomcat.apache.org/tomcat-7.0-doc/apr.html, i wanna just know from
> where & how did they get it (is there any command which permit to generate
> such files with such extensions)?!!
>
> Thanks.
--
Thanks and Regards,
Tapan D. Thakkar
(M:09714324778)
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Hi every body & happy new spring ^^
Well, i'm asking you again to tell me please what's the purpose of these files : localhost.crt & localhost.key in the last example in this link :
http://tomcat.apache.org/tomcat-7.0-doc/apr.html, i wanna just know from where & how did they get it (is there any command which permit to generate such files with such extensions)?!!
Thanks.
Re: Configure SSL under Tomcat 7
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Luciano,
On 3/19/12 1:58 PM, Luciano Andress Martini wrote:
> I know that you will think this is strange, but i prefer to use
> the apache2 as a proxy to the tomcat server creating this lines in
> a ssl virtualhost:
>
> ProxyPass / http://127.0.0.1:8080 ProxyPassReverse /
> http://127.0.0.1:8080
>
> Yes the data will be encrypted.
No, the data will not be encrypted. If you used "https://" instead of
"http://" then the connection would be encrypted.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9nkgUACgkQ9CaO5/Lv0PDMkACfZtvbVS7TN6ZWGf+16fiMmeTq
YCoAni+xWVkDD/xIzMTNeTD8j4Vfn0pn
=6TwH
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Configure SSL under Tomcat 7
Posted by Luciano Andress Martini <77...@gmail.com>.
I know that you will think this is strange, but i prefer to use the
apache2 as a proxy to the tomcat server creating this lines in a ssl
virtualhost:
ProxyPass / http://127.0.0.1:8080
ProxyPassReverse / http://127.0.0.1:8080
Yes the data will be encrypted.
2012/3/19, ayouB __ <ay...@hotmail.fr>:
>
> hi filip,
>
> Can you explain me more what certificate format is used with APR & how can i
> get it please !
>
> Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
hi filip,
Can you explain me more what certificate format is used with APR & how can i get it please !
Thanks.
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
I'm disturbed that i wrote things unlike what i think !!
I want say :
what things i'm supposed ... instead of what things i'm supported ...
They didn't even talked ... instead of They even talked ...
Thanks.
Re: Configure SSL under Tomcat 7
Posted by Filip Hanik Mailing Lists <de...@hanik.com>.
ok, keystore is for Java connectors. but you have chosen to use the APR connector. so you should use the certificate format that is used for that connector
----- Original Message -----
> From: "ayouB __" <ay...@hotmail.fr>
> To: users@tomcat.apache.org
> Sent: Monday, March 19, 2012 11:00:59 AM
> Subject: RE: Configure SSL under Tomcat 7
>
>
> Still not working !!
> I downloaded Apache Tomcat 7.0.26 (again), i added the tcnative-1.dll
> in my : apache-tomcat-7.0.26\bin, i created a keystore file with
> this command :
> keytool -genkeypair -alias tomcat -keyalg RSA -keystore C:\mykeystore
> i put the file named "mykeystore" in my : apache-tomcat-7.0.26\conf
> i modified my Tomcat's server.xml to be able to support HTTPS as it
> has been said in apache tomcat's documentation from the official
> website and as it had been said in the e-book : Apache Tomcat 7
> (Aleska Vukotic and James Goodwill) in the chapter 7 : Securing
> tomcat with SSL ! (Step by step)
> Here's my "conf/server.xml" :
> ===================================server.xml=========================================
> <?xml version='1.0' encoding='utf-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed
> with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version
> 2.0
> (the "License"); you may not use this file except in compliance
> with
> the License. You may obtain a copy of the License at
> http://www.apache.org/licenses/LICENSE-2.0
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8005" shutdown="SHUTDOWN">
> <!-- Security listener. Documentation at
> /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener"
> />
> -->
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
> <!--Initialize Jasper prior to webapps are loaded. Documentation at
> /docs/jasper-howto.html -->
> <Listener className="org.apache.catalina.core.JasperListener" />
> <!-- Prevent memory leaks due to use of particular java/javax
> APIs-->
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> />
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> />
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> />
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and
> saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
> <!-- A "Service" is a collection of one or more "Connectors" that
> share
> a single "Container" Note: A "Service" is not itself a
> "Container",
> so you may not define subcomponents such as "Valves" at this
> level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
> <!--The connectors can use a shared executor, you can define one
> or more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
> <!-- A "Connector" represents an endpoint by which requests are
> received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL HTTP/1.1 Connector on port 8080
> -->
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> This connector uses the JSSE configuration, when using APR,
> the
> connector should be using the OpenSSL style configuration
> described in the APR documentation -->
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> scheme="https" secure="true" clientAuth="false"
> sslProtocol="TLS" keystoreFile="mykeystore"
> keystorePass="changeit"
> keyAlias="tomcat" keyPass="changeit"/>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
> <!-- An Engine represents the entry point (within Catalina) that
> processes
> every request. The Engine implementation for Tomcat stand
> alone
> analyzes the HTTP headers included with the request, and
> passes them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
> <!-- You should set jvmRoute to support load-balancing via AJP ie
> :
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster
> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
> <!-- Use the LockOutRealm to prevent attempts to guess user
> passwords
> via a brute-force attack -->
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the
> global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are
> immediately
> available for use by the Realm. -->
> <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Realm>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
> <!-- SingleSignOn valve, share authentication between web
> applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve
> className="org.apache.catalina.authenticator.SingleSignOn"
> />
> -->
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using
> pattern="common" -->
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> prefix="localhost_access_log." suffix=".txt"
> pattern="%h %l %u %t "%r" %s %b" />
> </Host>
> </Engine>
> </Service>
> </Server>
> ============================================================================================
>
> 1) The question is : what's things i'm supported to do and i didn't
> cause i have tried every kind of solution without any satisfying
> result !!
>
> 2) Moreover i saw in :
> http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html two
> attributes (i talked about before but nobody explain me where they
> get their values !!), i mean :
>
> SSLCertificateFile="/usr/local/ssl/server.crt"
> SSLCertificateKeyFile="/usr/local/ssl/server.pem"
>
> I want just know from where they get these files : server.crt &
> server.pem !!! They even talked about how it had been generated and
> what's its utility !!!! it were just parachuted whitout any
> indication !!!!
>
>
> So please if anyone had started before Tomcat7 under HTTPS mode, let
> me know how did you do it (no more tutorials pleaaase, i want
> something useful and had been experimented).
>
> Thank you allll.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by Justin Larose <Ju...@nexweb.org>.
ayouB __ <ay...@hotmail.fr> wrote on 03/19/2012 01:00:59 PM:
> From: ayouB __ <ay...@hotmail.fr>
> To: <us...@tomcat.apache.org>
> Date: 03/19/2012 01:01 PM
> Subject: RE: Configure SSL under Tomcat 7
>
> Still not working !!
> I downloaded Apache Tomcat 7.0.26 (again), i added the
> tcnative-1.dll in my : apache-tomcat-7.0.26\bin, i created a
> keystore file with this command :
> keytool -genkeypair -alias tomcat -keyalg RSA -keystore C:\mykeystore
> i put the file named "mykeystore" in my : apache-tomcat-7.0.26\conf
> i modified my Tomcat's server.xml to be able to support HTTPS as it
> has been said in apache tomcat's documentation from the official
> website and as it had been said in the e-book : Apache Tomcat 7
> (Aleska Vukotic and James Goodwill) in the chapter 7 : Securing
> tomcat with SSL ! (Step by step)
> Here's my "conf/server.xml" :
>
===================================server.xml=========================================
> <?xml version='1.0' encoding='utf-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
> http://www.apache.org/licenses/LICENSE-2.0
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8005" shutdown="SHUTDOWN">
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
> <!--Initialize Jasper prior to webapps are loaded. Documentation at
> /docs/jasper-howto.html -->
> <Listener className="org.apache.catalina.core.JasperListener" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
/>
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
/>
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
> <!--The connectors can use a shared executor, you can define one or
> more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
> <!-- A "Connector" represents an endpoint by which requests are received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL HTTP/1.1 Connector on port 8080
> -->
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> This connector uses the JSSE configuration, when using APR, the
> connector should be using the OpenSSL style configuration
> described in the APR documentation -->
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> scheme="https" secure="true" clientAuth="false"
> sslProtocol="TLS" keystoreFile="mykeystore" keystorePass="changeit"
> keyAlias="tomcat" keyPass="changeit"/>
This part looks wrong to me. Is your keystore under /conf or in the tomcat
home?
If its under /conf try this:
<Connector SSLEnabled="true" clientAuth="false" keyAlias="tomcat"
keystoreFile="conf/mykeystore.jks" keystorePass="changeit" port="8443"
scheme="https" secure="true" sslProtocol="TLS"/>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
> <!-- An Engine represents the entry point (within Catalina) that
processes
> every request. The Engine implementation for Tomcat stand alone
> analyzes the HTTP headers included with the request, and passes them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
> <!-- Use the LockOutRealm to prevent attempts to guess user passwords
> via a brute-force attack -->
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Realm>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
> <!-- SingleSignOn valve, share authentication between web applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
> -->
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using pattern="common" -->
> <Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
> prefix="localhost_access_log." suffix=".txt"
> pattern="%h %l %u %t "%r" %s %b" />
> </Host>
> </Engine>
> </Service>
> </Server>
>
============================================================================================
> 1) The question is : what's things i'm supported to do and i didn't
> cause i have tried every kind of solution without any satisfying result
!!
> 2) Moreover i saw in :
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
> two attributes (i talked about before but nobody explain me where
> they get their values !!), i mean :
> SSLCertificateFile="/usr/local/ssl/server.crt"
> SSLCertificateKeyFile="/usr/local/ssl/server.pem"
> I want just know from where they get these files : server.crt &
> server.pem !!! They even talked about how it had been generated and
> what's its utility !!!! it were just parachuted whitout any indication
!!!!
>
> So please if anyone had started before Tomcat7 under HTTPS mode, let
> me know how did you do it (no more tutorials pleaaase, i want
> something useful and had been experimented).
> Thank you allll.
******************************************************************************
This email and any files transmitted with it are intended solely for
the use of the individual or agency to whom they are addressed.
If you have received this email in error please notify the Navy
Exchange Service Command e-mail administrator. This footnote
also confirms that this email message has been scanned for the
presence of computer viruses.
Thank You!
******************************************************************************
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Still not working !!
I downloaded Apache Tomcat 7.0.26 (again), i added the tcnative-1.dll in my : apache-tomcat-7.0.26\bin, i created a keystore file with this command :
keytool -genkeypair -alias tomcat -keyalg RSA -keystore C:\mykeystore
i put the file named "mykeystore" in my : apache-tomcat-7.0.26\conf
i modified my Tomcat's server.xml to be able to support HTTPS as it has been said in apache tomcat's documentation from the official website and as it had been said in the e-book : Apache Tomcat 7 (Aleska Vukotic and James Goodwill) in the chapter 7 : Securing tomcat with SSL ! (Step by step)
Here's my "conf/server.xml" :
===================================server.xml=========================================
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="mykeystore" keystorePass="changeit"
keyAlias="tomcat" keyPass="changeit"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
============================================================================================
1) The question is : what's things i'm supported to do and i didn't cause i have tried every kind of solution without any satisfying result !!
2) Moreover i saw in : http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html two attributes (i talked about before but nobody explain me where they get their values !!), i mean :
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
I want just know from where they get these files : server.crt & server.pem !!! They even talked about how it had been generated and what's its utility !!!! it were just parachuted whitout any indication !!!!
So please if anyone had started before Tomcat7 under HTTPS mode, let me know how did you do it (no more tutorials pleaaase, i want something useful and had been experimented).
Thank you allll.
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Thanks Mark :)
> > Which one should i put in my : apache-tomcat-7.0.26\bin, knowing that i use windows xp (32 bits) as OS ?!
>
> 1)
>
> Mark
Re: Configure SSL under Tomcat 7
Posted by Mark Thomas <ma...@apache.org>.
On 19/03/2012 15:30, ayouB __ wrote:
>
>
> Hi,
>
> Sorry it'll be the first and the last time i send a private message to somebody, i didn't know the community's rules !
>
> Well, now i downloaded the file you indicated me which is :
> http://mirror.atlanticmetro.net/apache//tomcat/tomcat-connectors/native/1.1.23/binaries/tomcat-native-1.1.23-win32-bin.zip, i found three files named : tcnative-1.dll :
>
> 1) bin/tcnative-1.dll
> 2) bin/i64/tcnative-1.dll
> 3) bin/x64/tcnative-1.dll
>
> Which one should i put in my : apache-tomcat-7.0.26\bin, knowing that i use windows xp (32 bits) as OS ?!
1)
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Hi,
Sorry it'll be the first and the last time i send a private message to somebody, i didn't know the community's rules !
Well, now i downloaded the file you indicated me which is :
http://mirror.atlanticmetro.net/apache//tomcat/tomcat-connectors/native/1.1.23/binaries/tomcat-native-1.1.23-win32-bin.zip, i found three files named : tcnative-1.dll :
1) bin/tcnative-1.dll
2) bin/i64/tcnative-1.dll
3) bin/x64/tcnative-1.dll
Which one should i put in my : apache-tomcat-7.0.26\bin, knowing that i use windows xp (32 bits) as OS ?!
Thanks.
RE: Configure SSL under Tomcat 7
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: ayouB __ [mailto:ayb-2008@hotmail.fr]
> Subject: RE: Configure SSL under Tomcat 7
1) Don't top post.
2) Reply only to the list, not to individuals.
> Now i downloaded the tcnative.jar
That won't help; the contents of that jar are already included in the standard Tomcat jars. Remove it from your lib directory to avoid confusion.
What you do need is the tomcat-native-1.1.23-win32-bin.zip file; inside that you'll find several versions of tcnative-1.dll. Pick the version appropriate for the JVM you're using (32- or 64-bit), and put it in Tomcat's bin (not lib) directory.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Hi Chris,
Thank you so much for your analysis and relpies :) Now i downloaded the tcnative.jar from this link : http://download.nextag.com/apache//tomcat/tomcat-connectors/native/1.1.23/binaries/, i put it in my /lib directory, and as it's said in this link : http://tomcat.apache.org/tomcat-7.0-doc/apr.html, Windows binaries are provided for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR. So i have restarted my Tomcat server and i still having no result, every time i got : http://localhost:8080/, what sould i do now please, i'm really disturbed, i spent the whole week-end trying and retrying to solve this problem without any result.
Thanks.
> Date: Fri, 16 Mar 2012 15:32:33 -0400
> From: chris@christopherschultz.net
> To: users@tomcat.apache.org
> Subject: Re: Configure SSL under Tomcat 7
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ayoub,
>
> On 3/16/12 12:50 PM, ayouB __ wrote:
> > <Server port="8005" shutdown="SHUTDOWN">
> >
> > [snip]
> >
> > <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector
> > uses the JSSE configuration, when using APR, the connector should
> > be using the OpenSSL style configuration described in the APR
> > documentation -->
> >
> > <Connector port="8080"
> > protocol="org.apache.coyote.http11.Http11AprProtocol"
> > SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
> > clientAuth="optional" sslProtocol="TLS"/>
>
> It's unusual to use port 8080 for SSL traffic, though it really does
> not matter what port you use. The example in the SSL howto uses port
> 8443, for instance.
>
> > <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector
> > port="8009" protocol="AJP/1.3" redirectPort="8443"/>
>
> Are you using AJP at all? If not, you can remove/comment-out this
> connector.
>
> On 3/16/12 1:10 PM, ayouB __ wrote:
> > 16 mars 2012 17:05:48 org.apache.catalina.core.AprLifecycleListener
> > init INFO: The APR based Apache Tomcat Native library which allows
> > optimal performance in production environments was not found on
> > the java.library.path: C:\Program
> > Files\Java\jdk1.6.0_31\bin;[...etc....]
>
> So, if you intend to use APR, you'll have to fix this first.
>
> I can see from your java.library.path that you are on win32. Have you
> downloaded and installed tcnative, APR, and openssl? If not, go do
> that. If you have, please tell us how you have (incorrectly) installed
> them.
>
> > Question : how to comme up with the SSLCertificateFile &
> > SSLCertificateKeyFile attributes.
>
> In case you hadn't noticed, server.xml uses neither an XML DTD nor an
> XML schema: that's why Eclipse can't tell you about what attributes
> are available. Tomcat doesn't use a DTD or Schema because some
> components (like <Connector>) need the freedom to be able to accept
> any attribute that will cause a setter method on the object to be
> called. Maintaining hundreds of possible attribute names in a DTD or
> Schema would be insane, so we don't do it.
>
> Trust me, the SSLCertificateFile and SSLCertificateKeyFile attributes
> are accepted -- and mandatory if you are going to use APR-based SSL.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9jlVEACgkQ9CaO5/Lv0PDMXwCgnIPI/aDmZKkBqhiexCqmrKMr
> NDYAn3FRV4tygg75B5+lPeB/rAWEoEXu
> =zanw
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: Configure SSL under Tomcat 7
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ayoub,
On 3/16/12 12:50 PM, ayouB __ wrote:
> <Server port="8005" shutdown="SHUTDOWN">
>
> [snip]
>
> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector
> uses the JSSE configuration, when using APR, the connector should
> be using the OpenSSL style configuration described in the APR
> documentation -->
>
> <Connector port="8080"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
> clientAuth="optional" sslProtocol="TLS"/>
It's unusual to use port 8080 for SSL traffic, though it really does
not matter what port you use. The example in the SSL howto uses port
8443, for instance.
> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector
> port="8009" protocol="AJP/1.3" redirectPort="8443"/>
Are you using AJP at all? If not, you can remove/comment-out this
connector.
On 3/16/12 1:10 PM, ayouB __ wrote:
> 16 mars 2012 17:05:48 org.apache.catalina.core.AprLifecycleListener
> init INFO: The APR based Apache Tomcat Native library which allows
> optimal performance in production environments was not found on
> the java.library.path: C:\Program
> Files\Java\jdk1.6.0_31\bin;[...etc....]
So, if you intend to use APR, you'll have to fix this first.
I can see from your java.library.path that you are on win32. Have you
downloaded and installed tcnative, APR, and openssl? If not, go do
that. If you have, please tell us how you have (incorrectly) installed
them.
> Question : how to comme up with the SSLCertificateFile &
> SSLCertificateKeyFile attributes.
In case you hadn't noticed, server.xml uses neither an XML DTD nor an
XML schema: that's why Eclipse can't tell you about what attributes
are available. Tomcat doesn't use a DTD or Schema because some
components (like <Connector>) need the freedom to be able to accept
any attribute that will cause a setter method on the object to be
called. Maintaining hundreds of possible attribute names in a DTD or
Schema would be insane, so we don't do it.
Trust me, the SSLCertificateFile and SSLCertificateKeyFile attributes
are accepted -- and mandatory if you are going to use APR-based SSL.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9jlVEACgkQ9CaO5/Lv0PDMXwCgnIPI/aDmZKkBqhiexCqmrKMr
NDYAn3FRV4tygg75B5+lPeB/rAWEoEXu
=zanw
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by Filip Hanik Mailing Lists <de...@hanik.com>.
The logs show that you don't have Tcnative installed
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Here's all logs of my console :
16 mars 2012 17:05:48 org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_31\bin;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:/Program Files/Java/jdk1.6.0_31/jre/bin/client;C:/Program Files/Java/jdk1.6.0_31/jre/bin;C:/Program Files/Java/jdk1.6.0_31/jre/lib/i386;C:\Program Files\Java\jdk1.6.0_31\jre\bin;C:\Program Files\Java\jdk1.6.0_31\bin;c:\Orant9i\jdk\jre\bin\classic;c:\Orant9i\jdk\jre\bin;c:\Orant9i\bin;c:\Orant9i\jlib;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\orant6i\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\orant6i\jdk\bin;C:\Program Files\Rational\common;C:\Program Files\Rational\ClearCase\bin;C:\Program Files\SecureCRT 3.0;C:\Program Files\Apache Software Foundation\apache-maven-3.0.4\bin;;.
16 mars 2012 17:05:48 org.apache.tomcat.util.digester.SetPropertiesRule begin
ATTENTION: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:JSF_Test' did not find a matching property.
16 mars 2012 17:05:49 org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
16 mars 2012 17:05:49 org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
16 mars 2012 17:05:49 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 635 ms
16 mars 2012 17:05:49 org.apache.catalina.core.StandardService startInternal
INFO: Démarrage du service Catalina
16 mars 2012 17:05:49 org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.26
16 mars 2012 17:05:54 org.apache.myfaces.ee6.MyFacesContainerInitializer onStartup
INFO: Added FacesServlet with mappings=[/faces/*, *.jsf, *.faces]
16 mars 2012 17:05:54 org.apache.myfaces.config.DefaultFacesConfigurationProvider getStandardFacesConfig
INFO: Reading standard config META-INF/standard-faces-config.xml
log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax).
log4j:WARN Please initialize the log4j system properly.
16 mars 2012 17:05:55 org.apache.myfaces.config.DefaultFacesConfigurationProvider getWebAppFacesConfig
INFO: Reading config /WEB-INF/faces-config.xml
16 mars 2012 17:05:55 org.apache.myfaces.config.annotation.DefaultAnnotationProvider webClasses
ATTENTION: AnnotationConfigurator does not found classes for annotations in /WEB-INF/classes/org/hps/jsfDemo/domain/ . This could happen because maven jetty plugin is used (goal jetty:run). Try configure org.apache.myfaces.annotation.SCAN_PACKAGES init parameter or use jetty:run-exploded instead.
16 mars 2012 17:05:56 org.apache.myfaces.config.DefaultFacesConfigurationProvider getClassloaderFacesConfig
INFO: Reading config : jar:file:/C:/Documents%20and%20Settings/Administrateur/Mes%20documents/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp1/wtpwebapps/JSF_Test/WEB-INF/lib/richfaces-components-ui-4.1.0.Final.jar!/META-INF/faces-config.xml
16 mars 2012 17:05:56 org.apache.myfaces.config.DefaultFacesConfigurationProvider getClassloaderFacesConfig
INFO: Reading config : jar:file:/C:/Documents%20and%20Settings/Administrateur/Mes%20documents/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp1/wtpwebapps/JSF_Test/WEB-INF/lib/richfaces-core-impl-4.1.0.Final.jar!/META-INF/faces-config.xml
16 mars 2012 17:05:56 org.apache.myfaces.config.LogMetaInfUtils logArtifact
INFO: Artifact 'myfaces-api' was found in version '2.1.5' from path 'file:/C:/Documents%20and%20Settings/Administrateur/Mes%20documents/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp1/wtpwebapps/JSF_Test/WEB-INF/lib/myfaces-api-2.1.5.jar'
16 mars 2012 17:05:56 org.apache.myfaces.config.LogMetaInfUtils logArtifact
INFO: Artifact 'myfaces-impl' was found in version '2.1.5' from path 'file:/C:/Documents%20and%20Settings/Administrateur/Mes%20documents/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp1/wtpwebapps/JSF_Test/WEB-INF/lib/myfaces-impl-2.1.5.jar'
16 mars 2012 17:05:56 org.apache.myfaces.util.ExternalSpecifications isBeanValidationAvailable
INFO: MyFaces Bean Validation support disabled
16 mars 2012 17:05:57 org.apache.myfaces.application.ApplicationImpl getProjectStage
INFO: Couldn't discover the current project stage, using Production
16 mars 2012 17:05:57 org.apache.myfaces.config.FacesConfigurator handleSerialFactory
INFO: Serialization provider : class org.apache.myfaces.shared_impl.util.serial.DefaultSerialFactory
16 mars 2012 17:05:57 org.apache.myfaces.config.annotation.DefaultLifecycleProviderFactory getLifecycleProvider
INFO: Using LifecycleProvider org.apache.myfaces.config.annotation.Tomcat7AnnotationLifecycleProvider
16 mars 2012 17:05:57 org.richfaces.javascript.ClientServiceConfigParser parse
ATTENTION: Found JavaScript function definition for class org.hibernate.validator.constraints.NotEmpty, but that class is not presented
16 mars 2012 17:05:58 org.richfaces.cache.CacheManager getCacheFactory
INFO: Selected fallback cache factory
16 mars 2012 17:05:58 org.richfaces.cache.lru.LRUMapCacheFactory createCache
INFO: Creating LRUMap cache instance using parameters: {}
16 mars 2012 17:05:58 org.richfaces.cache.lru.LRUMapCacheFactory createCache
INFO: Creating LRUMap cache instance of 512 items capacity
16 mars 2012 17:05:58 org.richfaces.application.InitializationListener onStart
INFO: RichFaces Core Implementation by JBoss, a division of Red Hat, Inc., version v.4.1.0.Final
16 mars 2012 17:05:58 org.apache.myfaces.webapp.AbstractFacesInitializer initFaces
INFO: ServletContext initialized.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: Tomahawk jar not available. Autoscrolling, DetectJavascript, AddResourceClass and CheckExtensionsFilter are disabled now.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: Scanning for context init parameters not defined. It is not necessary to define them all into your web.xml, they are just provided here for informative purposes. To disable this messages set org.apache.myfaces.LOG_WEB_CONTEXT_PARAMS config param to 'false'
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.RESOURCE_EXCLUDES' found, using default value '.class .jsp .jspx .properties .xhtml .groovy'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.STATE_SAVING_METHOD' found, using default value 'server'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.FULL_STATE_SAVING_VIEW_IDS' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.PARTIAL_STATE_SAVING' found, using default value 'true (false with 1.2 webapps)'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.DEFAULT_SUFFIX' found, using default value '.xhtml .view.xml .jsp'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.FACELETS_SUFFIX' found, using default value '.xhtml'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.FACELETS_VIEW_MAPPINGS' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.HONOR_CURRENT_COMPONENT_ATTRIBUTES' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.VALIDATE_EMPTY_FIELDS' found, using default value 'auto'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.ENUM_CONVERTER_ALLOW_STRING_PASSTROUGH' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.validator.DISABLE_DEFAULT_BEAN_VALIDATOR' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.CONFIG_FILES' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.LIFECYCLE_ID' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.ERROR_HANDLER' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.CHECKED_VIEWID_CACHE_SIZE' found, using default value '500'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.CHECKED_VIEWID_CACHE_ENABLED' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.PRETTY_HTML' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.ALLOW_JAVASCRIPT' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.CONFIG_REFRESH_PERIOD' found, using default value '2'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.VIEWSTATE_JAVASCRIPT' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.RENDER_VIEWSTATE_ID' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.STRICT_XHTML_LINKS' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.RENDER_CLEAR_JAVASCRIPT_FOR_BUTTON' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.RENDER_HIDDEN_FIELDS_FOR_LINK_PARAMS' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.SAVE_FORM_SUBMIT_LINK_IE' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.DELEGATE_FACES_SERVLET' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.REFRESH_TRANSIENT_BUILD_ON_PSS' found, using default value 'auto'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.REFRESH_TRANSIENT_BUILD_ON_PSS_PRESERVE_STATE' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.VALIDATE_XML' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.WRAP_SCRIPT_CONTENT_WITH_XML_COMMENT_TAG' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.RENDER_FORM_SUBMIT_SCRIPT_INLINE' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.DEBUG_PHASE_LISTENER' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.STRICT_JSF_2_REFRESH_TARGET_AJAX' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.STRICT_JSF_2_CC_EL_RESOLVER' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.DEFAULT_RESPONSE_WRITER_CONTENT_TYPE_MODE' found, using default value 'text/html'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.FLASH_SCOPE_DISABLED' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.RESOURCE_MAX_TIME_EXPIRES' found, using default value '604800000'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.RESOURCE_HANDLER_CACHE_SIZE' found, using default value '500'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.RESOURCE_HANDLER_CACHE_ENABLED' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.USE_ENCRYPTION' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.SECRET' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.ALGORITHM' found, using default value 'DES'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.SECRET.CACHE' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.ALGORITHM.IV' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.ALGORITHM.PARAMETERS' found, using default value 'ECB/PKCS5Padding'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.SERIAL_FACTORY' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.COMPRESS_STATE_IN_CLIENT' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.MAC_ALGORITHM' found, using default value 'HmacSHA1'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.MAC_SECRET' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.MAC_SECRET.CACHE' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.PROJECT_STAGE' found, using default value 'Production'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.LAZY_LOAD_CONFIG_OBJECTS' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.VALIDATE' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.annotation.SCAN_PACKAGES' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.config.annotation.LifecycleProvider' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.EL_RESOLVER_COMPARATOR' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.EL_RESOLVER_PREDICATE' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.CHECKED_VIEWID_CACHE_SIZE' found, using default value '500'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.CHECKED_VIEWID_CACHE_ENABLED' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.ERROR_TEMPLATE_RESOURCE' found, using default value 'META-INF/rsc/myfaces-dev-error.xml'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.DEBUG_TEMPLATE_RESOURCE' found, using default value 'META-INF/rsc/myfaces-dev-debug.xml'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.ERROR_HANDLING' found, using default value 'false, on Development Project stage: true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.NUMBER_OF_VIEWS_IN_SESSION' found, using default value '20'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.SERIALIZE_STATE_IN_SESSION' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.COMPRESS_STATE_IN_SESSION' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.CACHE_OLD_VIEWS_IN_SESSION_MODE' found, using default value 'off'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.HANDLE_STATE_CACHING_MECHANICS' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.USE_MULTIPLE_JS_FILES_FOR_JSF_UNCOMPRESSED_JS' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.JSF_JS_MODE' found, using default value 'normal'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.SERVICE_PROVIDER_FINDER' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.DISABLE_FACELET_JSF_VIEWHANDLER' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.SAVE_STATE_WITH_VISIT_TREE_ON_PSS' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.FACELETS_BUFFER_SIZE' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'facelets.BUFFER_SIZE' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.FACELETS_DECORATORS' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'facelets.DECORATORS' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.FACELETS_LIBRARIES' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'facelets.LIBRARIES' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.FACELETS_REFRESH_PERIOD' found, using default value '-1'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'facelets.REFRESH_PERIOD' found, using default value '-1'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.FACELETS_RESOURCE_RESOLVER' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'facelets.RESOURCE_RESOLVER' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'javax.faces.FACELETS_SKIP_COMMENTS' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'facelets.SKIP_COMMENTS' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.MARK_INITIAL_STATE_WHEN_APPLY_BUILD_VIEW' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.WRAP_TAG_EXCEPTIONS_AS_CONTEXT_AWARE' found, using default value 'true'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.CACHE_EL_EXPRESSIONS' found, using default value 'noCache'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.EXPRESSION_FACTORY' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.INITIALIZE_ALWAYS_STANDALONE' found, using default value 'false'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.LOG_WEB_CONTEXT_PARAMS' found, using default value 'auto'.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.FACES_INITIALIZER' found.
16 mars 2012 17:05:58 org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams
INFO: No context init parameter 'org.apache.myfaces.FACES_INIT_PLUGINS' found.
16 mars 2012 17:05:58 org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
16 mars 2012 17:05:58 org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
16 mars 2012 17:05:58 org.apache.catalina.startup.Catalina start
INFO: Server startup in 9064 ms
Question : how to comme up with the SSLCertificateFile & SSLCertificateKeyFile attributes.
Thanks :)
> Date: Fri, 16 Mar 2012 10:57:01 -0600
> From: devlists@hanik.com
> To: users@tomcat.apache.org
> Subject: Re: Configure SSL under Tomcat 7
>
> ok, check your logs for errors. You must have APR libraries with OpenSSL installed, and you must specify the
> SSLCertificateFile & SSLCertificateKeyFile attributes.
> All errors will be in the logs
>
> Filip
>
> ----- Original Message -----
> > From: "ayouB __" <ay...@hotmail.fr>
> > To: users@tomcat.apache.org
> > Sent: Friday, March 16, 2012 10:52:13 AM
> > Subject: RE: Configure SSL under Tomcat 7
> >
> >
> > Sorry :D i want say server.xml
> >
> >
> > > From: ayb-2008@hotmail.fr
> > > To: users@tomcat.apache.org
> > > Subject: RE: Configure SSL under Tomcat 7
> > > Date: Fri, 16 Mar 2012 16:50:14 +0000
> > >
> > >
> > > Here's My service.xml file :
> > > <?xml version='1.0' encoding='utf-8'?>
> > > <!--
> > > Licensed to the Apache Software Foundation (ASF) under one or more
> > > contributor license agreements. See the NOTICE file distributed
> > > with
> > > this work for additional information regarding copyright ownership.
> > > The ASF licenses this file to You under the Apache License, Version
> > > 2.0
> > > (the "License"); you may not use this file except in compliance
> > > with
> > > the License. You may obtain a copy of the License at
> > >
> > > http://www.apache.org/licenses/LICENSE-2.0
> > >
> > > Unless required by applicable law or agreed to in writing, software
> > > distributed under the License is distributed on an "AS IS" BASIS,
> > > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> > > implied.
> > > See the License for the specific language governing permissions and
> > > limitations under the License.
> > > -->
> > > <!-- Note: A "Server" is not itself a "Container", so you may not
> > > define subcomponents such as "Valves" at this level.
> > > Documentation at /docs/config/server.html
> > > -->
> > > <Server port="8005" shutdown="SHUTDOWN">
> > > <!-- Security listener. Documentation at
> > > /docs/config/listeners.html
> > > <Listener className="org.apache.catalina.security.SecurityListener"
> > > />
> > > -->
> > > <!--APR library loader. Documentation at /docs/apr.html -->
> > > <Listener className="org.apache.catalina.core.AprLifecycleListener"
> > > SSLEngine="on" />
> > > <!--Initialize Jasper prior to webapps are loaded. Documentation at
> > > /docs/jasper-howto.html -->
> > > <Listener className="org.apache.catalina.core.JasperListener" />
> > > <!-- Prevent memory leaks due to use of particular java/javax
> > > APIs-->
> > > <Listener
> > > className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> > > />
> > > <Listener
> > > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> > > />
> > > <Listener
> > > className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> > > />
> > >
> > > <!-- Global JNDI resources
> > > Documentation at /docs/jndi-resources-howto.html
> > > -->
> > > <GlobalNamingResources>
> > > <!-- Editable user database that can also be used by
> > > UserDatabaseRealm to authenticate users
> > > -->
> > > <Resource name="UserDatabase" auth="Container"
> > > type="org.apache.catalina.UserDatabase"
> > > description="User database that can be updated and saved"
> > > factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> > > pathname="conf/tomcat-users.xml" />
> > > </GlobalNamingResources>
> > >
> > > <!-- A "Service" is a collection of one or more "Connectors" that
> > > share
> > > a single "Container" Note: A "Service" is not itself a "Container",
> > > so you may not define subcomponents such as "Valves" at this level.
> > > Documentation at /docs/config/service.html
> > > -->
> > > <Service name="Catalina">
> > >
> > > <!--The connectors can use a shared executor, you can define one or
> > > more named thread pools-->
> > > <!--
> > > <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> > > maxThreads="150" minSpareThreads="4"/>
> > > -->
> > >
> > >
> > > <!-- A "Connector" represents an endpoint by which requests are
> > > received
> > > and responses are returned. Documentation at :
> > > Java HTTP Connector: /docs/config/http.html (blocking &
> > > non-blocking)
> > > Java AJP Connector: /docs/config/ajp.html
> > > APR (HTTP/AJP) Connector: /docs/apr.html
> > > Define a non-SSL HTTP/1.1 Connector on port 8080
> > > -->
> > > <!--
> > > <Connector port="8080"
> > > protocol="org.apache.coyote.http11.Http11AprProtocol"
> > > connectionTimeout="20000"
> > > redirectPort="8080" />
> > > -->
> > > <!-- A "Connector" using the shared thread pool-->
> > > <!--
> > > <Connector executor="tomcatThreadPool"
> > > port="8080" protocol="HTTP/1.1"
> > > connectionTimeout="20000"
> > > redirectPort="8443" />
> > > -->
> > > <!-- Define a SSL HTTP/1.1 Connector on port 8443
> > > This connector uses the JSSE configuration, when using APR, the
> > > connector should be using the OpenSSL style configuration
> > > described in the APR documentation -->
> > >
> > > <Connector port="8080"
> > > protocol="org.apache.coyote.http11.Http11AprProtocol"
> > > SSLEnabled="true"
> > > maxThreads="150" scheme="https" secure="true"
> > > clientAuth="optional" sslProtocol="TLS"/>
> > >
> > >
> > > <!-- Define an AJP 1.3 Connector on port 8009 -->
> > > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
> > >
> > >
> > > <!-- An Engine represents the entry point (within Catalina) that
> > > processes
> > > every request. The Engine implementation for Tomcat stand alone
> > > analyzes the HTTP headers included with the request, and passes
> > > them
> > > on to the appropriate Host (virtual host).
> > > Documentation at /docs/config/engine.html -->
> > >
> > > <!-- You should set jvmRoute to support load-balancing via AJP ie :
> > > <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> > > -->
> > > <Engine name="Catalina" defaultHost="localhost">
> > >
> > > <!--For clustering, please take a look at documentation at:
> > > /docs/cluster-howto.html (simple how to)
> > > /docs/config/cluster.html (reference documentation) -->
> > > <!--
> > > <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> > > -->
> > >
> > > <!-- Use the LockOutRealm to prevent attempts to guess user
> > > passwords
> > > via a brute-force attack -->
> > > <Realm className="org.apache.catalina.realm.LockOutRealm">
> > > <!-- This Realm uses the UserDatabase configured in the global JNDI
> > > resources under the key "UserDatabase". Any edits
> > > that are performed against this UserDatabase are immediately
> > > available for use by the Realm. -->
> > > <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> > > resourceName="UserDatabase"/>
> > > </Realm>
> > >
> > > <Host name="localhost" appBase="webapps"
> > > unpackWARs="true" autoDeploy="true">
> > >
> > > <!-- SingleSignOn valve, share authentication between web
> > > applications
> > > Documentation at: /docs/config/valve.html -->
> > > <!--
> > > <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> > > />
> > > -->
> > >
> > > <!-- Access log processes all example.
> > > Documentation at: /docs/config/valve.html
> > > Note: The pattern used is equivalent to using pattern="common" -->
> > > <Valve className="org.apache.catalina.valves.AccessLogValve"
> > > directory="logs"
> > > prefix="localhost_access_log." suffix=".txt"
> > > pattern="%h %l %u %t "%r" %s %b" />
> > >
> > > </Host>
> > > </Engine>
> > > </Service>
> > > </Server>
> > >
> > >
> > >
> > > > Date: Fri, 16 Mar 2012 10:41:38 -0600
> > > > From: devlists@hanik.com
> > > > To: users@tomcat.apache.org
> > > > Subject: Re: Configure SSL under Tomcat 7
> > > >
> > > > set SSLEnabled="true" in your <Connector> element, that turns on
> > > > SSL.
> > > > After that, if you don't have keystoreFile or keystorePass set,
> > > > it will throw errors
> > > >
> > > > Filip
> > > >
> > > >
> > > > ----- Original Message -----
> > > > > From: "ayouB __" <ay...@hotmail.fr>
> > > > > To: users@tomcat.apache.org
> > > > > Sent: Friday, March 16, 2012 9:58:49 AM
> > > > > Subject: Configure SSL under Tomcat 7
> > > > >
> > > > >
> > > > > Hi every one,
> > > > >
> > > > > I'm ayoub and i'm a new member of this mailing list :)
> > > > > Well, i want to configure SSL under Tomcat 7 so i have followed
> > > > > steps
> > > > > said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html,
> > > > > but
> > > > > when i deploy my project in tomcat server i don't get :
> > > > > https://loclhost:8080/ i still working with the native http !!
> > > > > what
> > > > > should i do, what configuration should i make on my server.xml
> > > > > file.
> > > > > PS : I want to use the APR implementation not the JSSE one, and
> > > > > BTW
> > > > > the : SSLCertificateFile & SSLCertificateKeyFile don't exist in
> > > > > the
> > > > > <connector ... /> element (usinf eclipse Ctrl+space
> > > > > auto-complish)
> > > > > !!
> > > > >
> > > > > Thanks.
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > > For additional commands, e-mail: users-help@tomcat.apache.org
> > > >
> > >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: Configure SSL under Tomcat 7
Posted by Filip Hanik Mailing Lists <de...@hanik.com>.
ok, check your logs for errors. You must have APR libraries with OpenSSL installed, and you must specify the
SSLCertificateFile & SSLCertificateKeyFile attributes.
All errors will be in the logs
Filip
----- Original Message -----
> From: "ayouB __" <ay...@hotmail.fr>
> To: users@tomcat.apache.org
> Sent: Friday, March 16, 2012 10:52:13 AM
> Subject: RE: Configure SSL under Tomcat 7
>
>
> Sorry :D i want say server.xml
>
>
> > From: ayb-2008@hotmail.fr
> > To: users@tomcat.apache.org
> > Subject: RE: Configure SSL under Tomcat 7
> > Date: Fri, 16 Mar 2012 16:50:14 +0000
> >
> >
> > Here's My service.xml file :
> > <?xml version='1.0' encoding='utf-8'?>
> > <!--
> > Licensed to the Apache Software Foundation (ASF) under one or more
> > contributor license agreements. See the NOTICE file distributed
> > with
> > this work for additional information regarding copyright ownership.
> > The ASF licenses this file to You under the Apache License, Version
> > 2.0
> > (the "License"); you may not use this file except in compliance
> > with
> > the License. You may obtain a copy of the License at
> >
> > http://www.apache.org/licenses/LICENSE-2.0
> >
> > Unless required by applicable law or agreed to in writing, software
> > distributed under the License is distributed on an "AS IS" BASIS,
> > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> > implied.
> > See the License for the specific language governing permissions and
> > limitations under the License.
> > -->
> > <!-- Note: A "Server" is not itself a "Container", so you may not
> > define subcomponents such as "Valves" at this level.
> > Documentation at /docs/config/server.html
> > -->
> > <Server port="8005" shutdown="SHUTDOWN">
> > <!-- Security listener. Documentation at
> > /docs/config/listeners.html
> > <Listener className="org.apache.catalina.security.SecurityListener"
> > />
> > -->
> > <!--APR library loader. Documentation at /docs/apr.html -->
> > <Listener className="org.apache.catalina.core.AprLifecycleListener"
> > SSLEngine="on" />
> > <!--Initialize Jasper prior to webapps are loaded. Documentation at
> > /docs/jasper-howto.html -->
> > <Listener className="org.apache.catalina.core.JasperListener" />
> > <!-- Prevent memory leaks due to use of particular java/javax
> > APIs-->
> > <Listener
> > className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> > />
> > <Listener
> > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> > />
> > <Listener
> > className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> > />
> >
> > <!-- Global JNDI resources
> > Documentation at /docs/jndi-resources-howto.html
> > -->
> > <GlobalNamingResources>
> > <!-- Editable user database that can also be used by
> > UserDatabaseRealm to authenticate users
> > -->
> > <Resource name="UserDatabase" auth="Container"
> > type="org.apache.catalina.UserDatabase"
> > description="User database that can be updated and saved"
> > factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> > pathname="conf/tomcat-users.xml" />
> > </GlobalNamingResources>
> >
> > <!-- A "Service" is a collection of one or more "Connectors" that
> > share
> > a single "Container" Note: A "Service" is not itself a "Container",
> > so you may not define subcomponents such as "Valves" at this level.
> > Documentation at /docs/config/service.html
> > -->
> > <Service name="Catalina">
> >
> > <!--The connectors can use a shared executor, you can define one or
> > more named thread pools-->
> > <!--
> > <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> > maxThreads="150" minSpareThreads="4"/>
> > -->
> >
> >
> > <!-- A "Connector" represents an endpoint by which requests are
> > received
> > and responses are returned. Documentation at :
> > Java HTTP Connector: /docs/config/http.html (blocking &
> > non-blocking)
> > Java AJP Connector: /docs/config/ajp.html
> > APR (HTTP/AJP) Connector: /docs/apr.html
> > Define a non-SSL HTTP/1.1 Connector on port 8080
> > -->
> > <!--
> > <Connector port="8080"
> > protocol="org.apache.coyote.http11.Http11AprProtocol"
> > connectionTimeout="20000"
> > redirectPort="8080" />
> > -->
> > <!-- A "Connector" using the shared thread pool-->
> > <!--
> > <Connector executor="tomcatThreadPool"
> > port="8080" protocol="HTTP/1.1"
> > connectionTimeout="20000"
> > redirectPort="8443" />
> > -->
> > <!-- Define a SSL HTTP/1.1 Connector on port 8443
> > This connector uses the JSSE configuration, when using APR, the
> > connector should be using the OpenSSL style configuration
> > described in the APR documentation -->
> >
> > <Connector port="8080"
> > protocol="org.apache.coyote.http11.Http11AprProtocol"
> > SSLEnabled="true"
> > maxThreads="150" scheme="https" secure="true"
> > clientAuth="optional" sslProtocol="TLS"/>
> >
> >
> > <!-- Define an AJP 1.3 Connector on port 8009 -->
> > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
> >
> >
> > <!-- An Engine represents the entry point (within Catalina) that
> > processes
> > every request. The Engine implementation for Tomcat stand alone
> > analyzes the HTTP headers included with the request, and passes
> > them
> > on to the appropriate Host (virtual host).
> > Documentation at /docs/config/engine.html -->
> >
> > <!-- You should set jvmRoute to support load-balancing via AJP ie :
> > <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> > -->
> > <Engine name="Catalina" defaultHost="localhost">
> >
> > <!--For clustering, please take a look at documentation at:
> > /docs/cluster-howto.html (simple how to)
> > /docs/config/cluster.html (reference documentation) -->
> > <!--
> > <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> > -->
> >
> > <!-- Use the LockOutRealm to prevent attempts to guess user
> > passwords
> > via a brute-force attack -->
> > <Realm className="org.apache.catalina.realm.LockOutRealm">
> > <!-- This Realm uses the UserDatabase configured in the global JNDI
> > resources under the key "UserDatabase". Any edits
> > that are performed against this UserDatabase are immediately
> > available for use by the Realm. -->
> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> > resourceName="UserDatabase"/>
> > </Realm>
> >
> > <Host name="localhost" appBase="webapps"
> > unpackWARs="true" autoDeploy="true">
> >
> > <!-- SingleSignOn valve, share authentication between web
> > applications
> > Documentation at: /docs/config/valve.html -->
> > <!--
> > <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> > />
> > -->
> >
> > <!-- Access log processes all example.
> > Documentation at: /docs/config/valve.html
> > Note: The pattern used is equivalent to using pattern="common" -->
> > <Valve className="org.apache.catalina.valves.AccessLogValve"
> > directory="logs"
> > prefix="localhost_access_log." suffix=".txt"
> > pattern="%h %l %u %t "%r" %s %b" />
> >
> > </Host>
> > </Engine>
> > </Service>
> > </Server>
> >
> >
> >
> > > Date: Fri, 16 Mar 2012 10:41:38 -0600
> > > From: devlists@hanik.com
> > > To: users@tomcat.apache.org
> > > Subject: Re: Configure SSL under Tomcat 7
> > >
> > > set SSLEnabled="true" in your <Connector> element, that turns on
> > > SSL.
> > > After that, if you don't have keystoreFile or keystorePass set,
> > > it will throw errors
> > >
> > > Filip
> > >
> > >
> > > ----- Original Message -----
> > > > From: "ayouB __" <ay...@hotmail.fr>
> > > > To: users@tomcat.apache.org
> > > > Sent: Friday, March 16, 2012 9:58:49 AM
> > > > Subject: Configure SSL under Tomcat 7
> > > >
> > > >
> > > > Hi every one,
> > > >
> > > > I'm ayoub and i'm a new member of this mailing list :)
> > > > Well, i want to configure SSL under Tomcat 7 so i have followed
> > > > steps
> > > > said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html,
> > > > but
> > > > when i deploy my project in tomcat server i don't get :
> > > > https://loclhost:8080/ i still working with the native http !!
> > > > what
> > > > should i do, what configuration should i make on my server.xml
> > > > file.
> > > > PS : I want to use the APR implementation not the JSSE one, and
> > > > BTW
> > > > the : SSLCertificateFile & SSLCertificateKeyFile don't exist in
> > > > the
> > > > <connector ... /> element (usinf eclipse Ctrl+space
> > > > auto-complish)
> > > > !!
> > > >
> > > > Thanks.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Sorry :D i want say server.xml
> From: ayb-2008@hotmail.fr
> To: users@tomcat.apache.org
> Subject: RE: Configure SSL under Tomcat 7
> Date: Fri, 16 Mar 2012 16:50:14 +0000
>
>
> Here's My service.xml file :
> <?xml version='1.0' encoding='utf-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8005" shutdown="SHUTDOWN">
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
> <Listener className="org.apache.catalina.core.JasperListener" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one or more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL HTTP/1.1 Connector on port 8080
> -->
> <!--
> <Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol"
> connectionTimeout="20000"
> redirectPort="8080" />
> -->
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> This connector uses the JSSE configuration, when using APR, the
> connector should be using the OpenSSL style configuration
> described in the APR documentation -->
>
> <Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="optional" sslProtocol="TLS"/>
>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
>
>
> <!-- An Engine represents the entry point (within Catalina) that processes
> every request. The Engine implementation for Tomcat stand alone
> analyzes the HTTP headers included with the request, and passes them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
>
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
> <!-- Use the LockOutRealm to prevent attempts to guess user passwords
> via a brute-force attack -->
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Realm>
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
>
> <!-- SingleSignOn valve, share authentication between web applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
> -->
>
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using pattern="common" -->
> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> prefix="localhost_access_log." suffix=".txt"
> pattern="%h %l %u %t "%r" %s %b" />
>
> </Host>
> </Engine>
> </Service>
> </Server>
>
>
>
> > Date: Fri, 16 Mar 2012 10:41:38 -0600
> > From: devlists@hanik.com
> > To: users@tomcat.apache.org
> > Subject: Re: Configure SSL under Tomcat 7
> >
> > set SSLEnabled="true" in your <Connector> element, that turns on SSL.
> > After that, if you don't have keystoreFile or keystorePass set, it will throw errors
> >
> > Filip
> >
> >
> > ----- Original Message -----
> > > From: "ayouB __" <ay...@hotmail.fr>
> > > To: users@tomcat.apache.org
> > > Sent: Friday, March 16, 2012 9:58:49 AM
> > > Subject: Configure SSL under Tomcat 7
> > >
> > >
> > > Hi every one,
> > >
> > > I'm ayoub and i'm a new member of this mailing list :)
> > > Well, i want to configure SSL under Tomcat 7 so i have followed steps
> > > said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but
> > > when i deploy my project in tomcat server i don't get :
> > > https://loclhost:8080/ i still working with the native http !! what
> > > should i do, what configuration should i make on my server.xml file.
> > > PS : I want to use the APR implementation not the JSSE one, and BTW
> > > the : SSLCertificateFile & SSLCertificateKeyFile don't exist in the
> > > <connector ... /> element (usinf eclipse Ctrl+space auto-complish)
> > > !!
> > >
> > > Thanks.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
RE: Configure SSL under Tomcat 7
Posted by ayouB __ <ay...@hotmail.fr>.
Here's My service.xml file :
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<!--
<Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol"
connectionTimeout="20000"
redirectPort="8080" />
-->
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="optional" sslProtocol="TLS"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
> Date: Fri, 16 Mar 2012 10:41:38 -0600
> From: devlists@hanik.com
> To: users@tomcat.apache.org
> Subject: Re: Configure SSL under Tomcat 7
>
> set SSLEnabled="true" in your <Connector> element, that turns on SSL.
> After that, if you don't have keystoreFile or keystorePass set, it will throw errors
>
> Filip
>
>
> ----- Original Message -----
> > From: "ayouB __" <ay...@hotmail.fr>
> > To: users@tomcat.apache.org
> > Sent: Friday, March 16, 2012 9:58:49 AM
> > Subject: Configure SSL under Tomcat 7
> >
> >
> > Hi every one,
> >
> > I'm ayoub and i'm a new member of this mailing list :)
> > Well, i want to configure SSL under Tomcat 7 so i have followed steps
> > said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but
> > when i deploy my project in tomcat server i don't get :
> > https://loclhost:8080/ i still working with the native http !! what
> > should i do, what configuration should i make on my server.xml file.
> > PS : I want to use the APR implementation not the JSSE one, and BTW
> > the : SSLCertificateFile & SSLCertificateKeyFile don't exist in the
> > <connector ... /> element (usinf eclipse Ctrl+space auto-complish)
> > !!
> >
> > Thanks.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: Configure SSL under Tomcat 7
Posted by Filip Hanik Mailing Lists <de...@hanik.com>.
set SSLEnabled="true" in your <Connector> element, that turns on SSL.
After that, if you don't have keystoreFile or keystorePass set, it will throw errors
Filip
----- Original Message -----
> From: "ayouB __" <ay...@hotmail.fr>
> To: users@tomcat.apache.org
> Sent: Friday, March 16, 2012 9:58:49 AM
> Subject: Configure SSL under Tomcat 7
>
>
> Hi every one,
>
> I'm ayoub and i'm a new member of this mailing list :)
> Well, i want to configure SSL under Tomcat 7 so i have followed steps
> said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but
> when i deploy my project in tomcat server i don't get :
> https://loclhost:8080/ i still working with the native http !! what
> should i do, what configuration should i make on my server.xml file.
> PS : I want to use the APR implementation not the JSSE one, and BTW
> the : SSLCertificateFile & SSLCertificateKeyFile don't exist in the
> <connector ... /> element (usinf eclipse Ctrl+space auto-complish)
> !!
>
> Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org