You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by PRATIK HUMNABADKAR <pr...@bflaf.com.INVALID> on 2023/04/25 05:09:20 UTC
Tomcat VAPT Closure
Hi,
We need Tomcat support assistance for closure of our VAPT points for disabling SSL TLS 1.0 and 1.1
Please guide us by arranging concerned technician with us for closure.
Tomcat version: 9.0.62
Operating system: Linux
We tried disabling in below way.
Changes done in server.xml
[cid:image001.png@01D9775F.7B492550]
Error received on Tomcat restart:
[cid:image002.png@01D9775F.7B492550]
Regards,
Pratik
DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
Re: Tomcat VAPT Closure
Posted by Mark Thomas <ma...@apache.org>.
On 25/04/2023 12:18, PRATIK HUMNABADKAR wrote:
> Hi,
>
> We tried below suggestion but still receiving below errors. Please guide.
Try reading the log messages.
server.xml
<snip/>
> <Connector port="9090" scheme="https" secure="true" SSLEnabled="true" SSLProtocol="TLSv1.2" protocol="org.apache.coyote.http11.Http11AprProtocol" >
> <SSLHostConfig protocols="TLSv1.2">
> <Certificate
> certificateFile="/root/visualrules/bajaj_af_cert/ServerCertificate.crt"
> certificateKeyFile="/root/visualrules/bajaj_af_cert/bflaf.key"
> SSLPassword="123456789" certificateChainFile="/root/visualrules/bajaj_af_cert/Root.crt" />
> </SSLHostConfig>
> </Connector>
<snip/>
> 25-Apr-2023 16:08:46.067 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib]
> 25-Apr-2023 16:08:46.349 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11AprProtocol-9090]]
> org.apache.catalina.LifecycleException: The configured protocol [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library which is not available
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:1031)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
<snip/>
Pick a different Connector implementation (I suggest NIO unless you have
a good reason to pick something different) or, if you have a good reason
for using the APR/Native connector, install the Tomcat Native library
for your platform.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat VAPT Closure
Posted by PRATIK HUMNABADKAR <pr...@bflaf.com.INVALID>.
Hi,
We tried below suggestion but still receiving below errors. Please guide.
Server.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8006" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!-- APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<!--
<Connector port="9099" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<Connector port="9090" scheme="https" secure="true" SSLEnabled="true" SSLProtocol="TLSv1.2" protocol="org.apache.coyote.http11.Http11AprProtocol" >
<SSLHostConfig protocols="TLSv1.2">
<Certificate
certificateFile="/root/visualrules/bajaj_af_cert/ServerCertificate.crt"
certificateKeyFile="/root/visualrules/bajaj_af_cert/bflaf.key"
SSLPassword="123456789" certificateChainFile="/root/visualrules/bajaj_af_cert/Root.crt" />
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Tomcat error log:
[root@AfCrdrulEgUATApp logs]# tail -f catalina.out
at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
25-Apr-2023 16:04:17.563 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server, server instance is not configured
25-Apr-2023 16:08:46.025 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [SSLPassword] to [123456789]
25-Apr-2023 16:08:46.063 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/9.0.62
25-Apr-2023 16:08:46.063 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Mar 31 2022 14:34:15 UTC
25-Apr-2023 16:08:46.063 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.62.0
25-Apr-2023 16:08:46.063 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
25-Apr-2023 16:08:46.063 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 3.10.0-862.el7.x86_64
25-Apr-2023 16:08:46.064 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
25-Apr-2023 16:08:46.064 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-2.b14.el7.x86_64/jre
25-Apr-2023 16:08:46.064 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_161-b14
25-Apr-2023 16:08:46.064 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
25-Apr-2023 16:08:46.064 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62
25-Apr-2023 16:08:46.064 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/conf/logging.properties
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dvisualrules.executionserver.home=/home/ajayv/Actico/Actico-Rules/6.8.3/server
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62
25-Apr-2023 16:08:46.065 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/temp
25-Apr-2023 16:08:46.067 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib]
25-Apr-2023 16:08:46.349 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11AprProtocol-9090]]
org.apache.catalina.LifecycleException: The configured protocol [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library which is not available
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1031)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
25-Apr-2023 16:08:46.350 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [468] milliseconds
25-Apr-2023 16:08:46.370 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
25-Apr-2023 16:08:46.370 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.62]
25-Apr-2023 16:08:46.387 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/im-ui.war]
25-Apr-2023 16:08:48.226 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:08:48.226 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:08:48.251 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:08:48.252 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:08:48.281 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
16:08:48,325 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback-test.xml]
16:08:48,325 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback.groovy]
16:08:48,325 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [logback.xml] at [file:/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/im-ui/WEB-INF/classes/logback.xml]
16:08:48,369 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - debug attribute not set
16:08:48,522 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.rolling.RollingFileAppender]
16:08:48,527 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [FILE]
16:08:48,558 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy@2046308292 - No compression will be used
16:08:48,560 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy@2046308292 - Will use the pattern /home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/identitymanagement/logs/im-webui-%d{yyyy-MM-dd}.%i.log for the active file
16:08:48,563 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@554db19d - The date pattern is 'yyyy-MM-dd' from file name pattern '/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/identitymanagement/logs/im-webui-%d{yyyy-MM-dd}.%i.log'.
16:08:48,563 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@554db19d - Roll-over at midnight.
16:08:48,564 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@554db19d - Setting initial period to Tue Apr 25 16:08:48 IST 2023
16:08:48,564 |-WARN in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@554db19d - SizeAndTimeBasedFNATP is deprecated. Use SizeAndTimeBasedRollingPolicy instead
16:08:48,564 |-WARN in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@554db19d - For more information see http://logback.qos.ch/manual/appenders.html#SizeAndTimeBasedRollingPolicy
16:08:48,568 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
16:08:48,587 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[FILE] - Active log file name: /home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/identitymanagement/logs/im-webui-2023-04-25.0.log
16:08:48,587 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[FILE] - File property is set to [null]
16:08:48,588 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [com.bosch.im] to INFO
16:08:48,588 |-INFO in ch.qos.logback.core.joran.action.DefinePropertyAction - About to instantiate property definer of type [ch.qos.logback.core.property.FileExistsPropertyDefiner]
16:08:48,590 |-INFO in ch.qos.logback.core.joran.action.DefinePropertyAction - Popping property definer for property named [INCLUDED_FILE_EXISTS] from the object stack
16:08:48,594 |-INFO in ch.qos.logback.core.joran.util.ConfigurationWatchListUtil@bb896e9 - Adding [file:/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/identitymanagement/im-webui-logback-included.xml] to configuration watch list.
16:08:48,595 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [com.bosch.im] to INFO
16:08:48,595 |-INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Setting level of ROOT logger to INFO
16:08:48,595 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [FILE] to Logger[ROOT]
16:08:48,596 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - End of configuration.
16:08:48,597 |-INFO in ch.qos.logback.classic.joran.JoranConfigurator@4fe4b8b6 - Registering current configuration as safe fallback point
SLF4J: The requested version 1.7.16 by your slf4j binding is not compatible with [1.6]
SLF4J: See http://www.slf4j.org/codes.html#version_mismatch for further details.
25-Apr-2023 16:08:49.098 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/im-ui.war] has finished in [2,710] ms
25-Apr-2023 16:08:49.099 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/executionserver.war]
25-Apr-2023 16:08:52.715 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:08:52.716 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:08:52.717 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:08:52.717 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:08:52.801 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
16:08:52,831 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback-test.xml]
16:08:52,832 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback.groovy]
16:08:52,832 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [logback.xml] at [file:/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/executionserver/WEB-INF/classes/logback.xml]
16:08:52,884 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - debug attribute not set
16:08:52,886 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.ConsoleAppender]
16:08:52,890 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [A1]
16:08:52,897 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
16:08:52,953 |-INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Setting level of ROOT logger to ERROR
16:08:52,954 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [A1] to Logger[ROOT]
16:08:52,955 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - End of configuration.
16:08:52,956 |-INFO in ch.qos.logback.classic.joran.JoranConfigurator@6e613ceb - Registering current configuration as safe fallback point
16:08:52,811 |-INFO in ch.qos.logback.classic.servlet.LogbackServletContainerInitializer@6e2764c9 - Adding an instance of class ch.qos.logback.classic.servlet.LogbackServletContextListener to the current web-app
16:08:53,013 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - debug attribute not set
16:08:53,015 |-WARN in ch.qos.logback.classic.joran.action.ConfigurationAction - Due to missing top level configuration file, reconfiguration on change (configuration file scanning) cannot be done.
16:08:53,015 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.rolling.RollingFileAppender]
16:08:53,019 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [default]
16:08:53,027 |-INFO in ch.qos.logback.core.rolling.FixedWindowRollingPolicy@2df721a - No compression will be used
16:08:53,031 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
16:08:53,031 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[default] - Active log file name: /home/ajayv/Actico/Actico-Rules/6.8.3/server/executionserver/logs/executionserver.log
16:08:53,031 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[default] - File property is set to [/home/ajayv/Actico/Actico-Rules/6.8.3/server/executionserver/logs/executionserver.log]
16:08:53,032 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.rolling.RollingFileAppender]
16:08:53,032 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [performance]
16:08:53,033 |-INFO in ch.qos.logback.core.rolling.FixedWindowRollingPolicy@6d51e2d - No compression will be used
16:08:53,033 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
16:08:53,034 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[performance] - Active log file name: /home/ajayv/Actico/Actico-Rules/6.8.3/server/executionserver/logs/performance.log
16:08:53,034 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[performance] - File property is set to [/home/ajayv/Actico/Actico-Rules/6.8.3/server/executionserver/logs/performance.log]
16:08:53,034 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [de.visualrules] to INFO
16:08:53,034 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [com.bosch] to INFO
16:08:53,034 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [com.bosch.im.client.rest.ImLoggingFilter] to WARN
16:08:53,034 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [de.innovations] to INFO
16:08:53,034 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [LogAction] to INFO
16:08:53,035 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [org.perf4j.TimingLogger] to OFF
16:08:53,035 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting additivity of logger [org.perf4j.TimingLogger] to false
16:08:53,035 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [performance] to Logger[org.perf4j.TimingLogger]
16:08:53,035 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [de.visualrules.executionserver.audit.ExecutionServerAuditConfigProvider] to INFO
16:08:53,035 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [de.visualrules.executionserver.internal.config.CustomResourceConfigurationProvider] to INFO
16:08:53,035 |-INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Setting level of ROOT logger to ERROR
16:08:53,035 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [default] to Logger[ROOT]
16:08:53,035 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - End of configuration.
16:08:53,035 |-INFO in ch.qos.logback.classic.joran.JoranConfigurator@7565b151 - Registering current configuration as safe fallback point
25-Apr-2023 16:08:57.756 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/executionserver.war] has finished in [8,657] ms
25-Apr-2023 16:08:57.757 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/im.war]
25-Apr-2023 16:08:59.629 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:08:59.629 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:08:59.630 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:08:59.630 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:08:59.651 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
16:08:59,678 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback-test.xml]
16:08:59,678 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback.groovy]
16:08:59,678 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [logback.xml] at [file:/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/im/WEB-INF/classes/logback.xml]
16:08:59,720 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - debug attribute not set
16:08:59,860 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.rolling.RollingFileAppender]
16:08:59,865 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [FILE]
16:08:59,911 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy@304189923 - No compression will be used
16:08:59,913 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy@304189923 - Will use the pattern /home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/identitymanagement/logs/im-backend-%d{yyyy-MM-dd}.%i.log for the active file
16:08:59,916 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@6e9b501c - The date pattern is 'yyyy-MM-dd' from file name pattern '/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/identitymanagement/logs/im-backend-%d{yyyy-MM-dd}.%i.log'.
16:08:59,916 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@6e9b501c - Roll-over at midnight.
16:08:59,916 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@6e9b501c - Setting initial period to Tue Apr 25 16:08:59 IST 2023
16:08:59,916 |-WARN in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@6e9b501c - SizeAndTimeBasedFNATP is deprecated. Use SizeAndTimeBasedRollingPolicy instead
16:08:59,916 |-WARN in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP@6e9b501c - For more information see http://logback.qos.ch/manual/appenders.html#SizeAndTimeBasedRollingPolicy
16:08:59,936 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
16:08:59,955 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[FILE] - Active log file name: /home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/identitymanagement/logs/im-backend-2023-04-25.0.log
16:08:59,955 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[FILE] - File property is set to [null]
16:08:59,957 |-INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Setting level of ROOT logger to INFO
16:08:59,957 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [FILE] to Logger[ROOT]
16:08:59,958 |-INFO in ch.qos.logback.core.joran.action.DefinePropertyAction - About to instantiate property definer of type [ch.qos.logback.core.property.FileExistsPropertyDefiner]
16:08:59,959 |-INFO in ch.qos.logback.core.joran.action.DefinePropertyAction - Popping property definer for property named [INCLUDED_FILE_EXISTS] from the object stack
16:08:59,963 |-INFO in ch.qos.logback.core.joran.util.ConfigurationWatchListUtil@31d0045a - Adding [file:/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/identitymanagement/im-backend-logback-included.xml] to configuration watch list.
16:08:59,965 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [com.bosch.im] to INFO
16:08:59,966 |-INFO in ch.qos.logback.classic.joran.action.LoggerContextListenerAction - Adding LoggerContextListener of type [ch.qos.logback.classic.jul.LevelChangePropagator] to the object stack
16:08:59,967 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator@d2684d - Setting level of jul logger [org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] to null
16:08:59,967 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator@d2684d - Propagating INFO level on Logger[ROOT] onto the JUL framework
16:08:59,967 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator@d2684d - Propagating INFO level on Logger[com.bosch.im] onto the JUL framework
16:08:59,967 |-INFO in ch.qos.logback.classic.joran.action.LoggerContextListenerAction - Starting LoggerContextListener
16:08:59,967 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - End of configuration.
16:08:59,968 |-INFO in ch.qos.logback.classic.joran.JoranConfigurator@1e625f3d - Registering current configuration as safe fallback point
SLF4J: The requested version 1.7.16 by your slf4j binding is not compatible with [1.6]
SLF4J: See http://www.slf4j.org/codes.html#version_mismatch for further details.
Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary.
25-Apr-2023 16:09:03.218 INFO [main] com.sun.jersey.server.impl.application.WebApplicationImpl._initiate Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM'
25-Apr-2023 16:09:03.772 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/im.war] has finished in [6,015] ms
25-Apr-2023 16:09:03.773 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/examples]
25-Apr-2023 16:09:03.988 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:03.988 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:03.989 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:03.989 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:04.017 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
25-Apr-2023 16:09:04.045 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/examples] has finished in [272] ms
25-Apr-2023 16:09:04.045 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/manager]
25-Apr-2023 16:09:04.189 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:04.189 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:04.190 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:04.190 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:04.193 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
25-Apr-2023 16:09:04.196 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/manager] has finished in [150] ms
25-Apr-2023 16:09:04.196 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/ROOT]
25-Apr-2023 16:09:04.335 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:04.336 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:04.337 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:04.337 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:04.339 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
25-Apr-2023 16:09:04.341 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/ROOT] has finished in [145] ms
25-Apr-2023 16:09:04.341 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/host-manager]
25-Apr-2023 16:09:04.483 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:04.483 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:04.484 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:04.484 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:04.487 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
25-Apr-2023 16:09:04.488 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/host-manager] has finished in [147] ms
25-Apr-2023 16:09:04.488 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/docs]
25-Apr-2023 16:09:04.679 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:04.679 WARNING [main] java.util.ArrayList.forEach Name = bajajDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:04.680 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxActive is not used in DBCP2, use maxTotal instead. maxTotal default value is 8. You have set value of "100" for "maxActive" property, which is being ignored.
25-Apr-2023 16:09:04.680 WARNING [main] java.util.ArrayList.forEach Name = executionserverDS Property maxWait is not used in DBCP2 , use maxWaitMillis instead. maxWaitMillis default value is PT-0.001S. You have set value of "10000" for "maxWait" property, which is being ignored.
25-Apr-2023 16:09:04.683 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
25-Apr-2023 16:09:04.684 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/webapps/docs] has finished in [196] ms
25-Apr-2023 16:09:04.688 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [18338] milliseconds
Regards,
Pratik
-----Original Message-----
From: Mark Eggers <it...@yahoo.com.INVALID>
Sent: 25 April 2023 11:08
To: users@tomcat.apache.org
Subject: Re: Tomcat VAPT Closure
Pratik,
On 4/24/2023 10:20 PM, PRATIK HUMNABADKAR wrote:
> Hi,
>
> Server.xml
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
>
> http://www.a/
> pache.org%2Flicenses%2FLICENSE-2.0&data=05%7C01%7Cpratikh%40bflaf.com%
> 7C72834e4844514ce335e508db454f5bdf%7Cbb5475280a7d4ced9f34216a9b7c815d%
> 7C0%7C0%7C638179979396683652%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
> DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdat
> a=d0Ccw%2Fbj5piCgdYIS8WB5lCnL3iN%2Buwz90JSRyz9zTA%3D&reserved=0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8006" shutdown="SHUTDOWN">
> <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!-- APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> />
>
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one or more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
> -->
> <Connector port="9099" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
> This connector uses the NIO implementation. The default
> SSLImplementation will depend on the presence of the APR/native
> library and the useOpenSSL attribute of the AprLifecycleListener.
> Either JSSE or OpenSSL style configuration may be used regardless of
> the SSLImplementation selected. JSSE style configuration is used below.
> -->
> <!--
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxThreads="150" SSLEnabled="true">
> <SSLHostConfig>
> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> -->
> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
> This connector uses the APR/native implementation which always uses
> OpenSSL for TLS.
> Either JSSE or OpenSSL style configuration may be used. OpenSSL style
> configuration is used below.
> -->
> <!--
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
> maxThreads="150" SSLEnabled="true" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig>
> <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
> certificateFile="conf/localhost-rsa-cert.pem"
> certificateChainFile="conf/localhost-rsa-chain.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> -->
>
> <Connector port="9090" scheme="https" secure="true" SSLEnabled="true" SSLProtocol="TLSv1.2" protocol="org.apache.coyote.http11.Http11AprProtocol" >
> <SSLHostConfig>
> <Certificate
> certificateFile="/root/visualrules/bajaj_af_cert/ServerCertificate.crt"
> certificateKeyFile="/root/visualrules/bajaj_af_cert/bflaf.key"
> SSLPassword="123456789" certificateChainFile="/root/visualrules/bajaj_af_cert/Root.crt" />
> </SSLHostConfig>
> </Connector>
>
>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <!--
> <Connector protocol="AJP/1.3"
> address="::1"
> port="8009"
> redirectPort="8443" />
> -->
>
> <!-- An Engine represents the entry point (within Catalina) that processes
> every request. The Engine implementation for Tomcat stand alone
> analyzes the HTTP headers included with the request, and passes them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
>
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
> <!-- Use the LockOutRealm to prevent attempts to guess user passwords
> via a brute-force attack -->
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Realm>
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
>
> <!-- SingleSignOn valve, share authentication between web applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
> -->
>
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using pattern="common" -->
> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> prefix="localhost_access_log" suffix=".txt"
> pattern="%h %l %u %t "%r" %s %b" />
>
> </Host>
> </Engine>
> </Service>
> </Server>
>
>
>
>
> Error Log Tomcat:
>
> 21-Apr-2023 16:29:45.545 SEVERE [main]
> org.apache.catalina.startup.Catalina.start Cannot start server, server
> instance is not configured
> 21-Apr-2023 16:37:07.450 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector/SSLHostConfig/Certificate] failed to set
> property [SSLPassword] to [123456789]
> 21-Apr-2023 16:37:07.454 SEVERE [main] org.apache.tomcat.util.digester.Digester.endElement End event threw exception
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:469)
> at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:143)
> at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
> at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
> at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
> at org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:691)
> at org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:878)
> ... 27 more
> 21-Apr-2023 16:37:07.456 WARNING [main] org.apache.catalina.startup.Catalina.parseServerXml Unable to load server configuration from [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/conf/server.xml]
> org.xml.sax.SAXParseException; systemId: file:/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/conf/server.xml; lineNumber: 120; columnNumber: 18; Error at line [120] column [18]: [Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.]
> at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1966)
> at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1998)
> at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1049)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
> at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
> at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
> at org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:691)
> at org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:878)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:469)
> at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:143)
> at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
> ... 20 more
> 21-Apr-2023 16:37:07.456 SEVERE [main]
> org.apache.catalina.startup.Catalina.start Cannot start server, server
> instance is not configured
>
>
> Regards,
> Pratik
>
> -----Original Message-----
> From: Mark Eggers <it...@yahoo.com.INVALID>
> Sent: 25 April 2023 10:45
> To: users@tomcat.apache.org
> Subject: Re: Tomcat VAPT Closure
>
> Pratik,
>
> On 4/24/2023 10:09 PM, PRATIK HUMNABADKAR wrote:
>> Hi,
>>
>> We need Tomcat support assistance for closure of our VAPT points for
>> disabling SSL TLS 1.0 and 1.1
>>
>> Please guide us by arranging concerned technician with us for closure.
>>
>> Tomcat version: 9.0.62
>> Operating system: Linux
>>
>> We tried disabling in below way.
>>
>> Changes done in server.xml
>> [cid:image001.png@01D9775F.7B492550]
>>
>> Error received on Tomcat restart:
>> [cid:image002.png@01D9775F.7B492550]
>>
>> Regards,
>> Pratik
>>
>>
>> DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
>>
>
> The list strips attachments. Please inline your server.xml and your log file, removing all sensitive information.
>
> Also, this list consists of volunteers. We'll do what we can to help you if you are willing to work with us and provide the required information.
>
> . . . just my two cent
> /mde/
>
> DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
There appear to be at least two issues:
1. You have multiple SSL connectors configured for the same hostName (default host in this case).
As the log files state, you cannot do that.
2. You have not specified the protocols in SSLHostConfig.
See https://tomcat.apache.org/tomcat-9.0-doc/config/http.html. Pay particular attention to the protocols attribute and the hostName attribue.
. . . just my two cents
/mde/
DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat VAPT Closure
Posted by PRATIK HUMNABADKAR <pr...@bflaf.com.INVALID>.
Hi Mark,
We tried below 2 suggestions but still receiving errors. Can we get into quick teams call where I can share screen to resolve this.
Regards,
Pratik
-----Original Message-----
From: Mark Eggers <it...@yahoo.com.INVALID>
Sent: 25 April 2023 11:08
To: users@tomcat.apache.org
Subject: Re: Tomcat VAPT Closure
Pratik,
On 4/24/2023 10:20 PM, PRATIK HUMNABADKAR wrote:
> Hi,
>
> Server.xml
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
>
> http://www.a/
> pache.org%2Flicenses%2FLICENSE-2.0&data=05%7C01%7Cpratikh%40bflaf.com%
> 7C72834e4844514ce335e508db454f5bdf%7Cbb5475280a7d4ced9f34216a9b7c815d%
> 7C0%7C0%7C638179979396683652%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
> DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdat
> a=d0Ccw%2Fbj5piCgdYIS8WB5lCnL3iN%2Buwz90JSRyz9zTA%3D&reserved=0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8006" shutdown="SHUTDOWN">
> <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!-- APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> />
>
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one or more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
> -->
> <Connector port="9099" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
> This connector uses the NIO implementation. The default
> SSLImplementation will depend on the presence of the APR/native
> library and the useOpenSSL attribute of the AprLifecycleListener.
> Either JSSE or OpenSSL style configuration may be used regardless of
> the SSLImplementation selected. JSSE style configuration is used below.
> -->
> <!--
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxThreads="150" SSLEnabled="true">
> <SSLHostConfig>
> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> -->
> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
> This connector uses the APR/native implementation which always uses
> OpenSSL for TLS.
> Either JSSE or OpenSSL style configuration may be used. OpenSSL style
> configuration is used below.
> -->
> <!--
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
> maxThreads="150" SSLEnabled="true" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig>
> <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
> certificateFile="conf/localhost-rsa-cert.pem"
> certificateChainFile="conf/localhost-rsa-chain.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> -->
>
> <Connector port="9090" scheme="https" secure="true" SSLEnabled="true" SSLProtocol="TLSv1.2" protocol="org.apache.coyote.http11.Http11AprProtocol" >
> <SSLHostConfig>
> <Certificate
> certificateFile="/root/visualrules/bajaj_af_cert/ServerCertificate.crt"
> certificateKeyFile="/root/visualrules/bajaj_af_cert/bflaf.key"
> SSLPassword="123456789" certificateChainFile="/root/visualrules/bajaj_af_cert/Root.crt" />
> </SSLHostConfig>
> </Connector>
>
>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <!--
> <Connector protocol="AJP/1.3"
> address="::1"
> port="8009"
> redirectPort="8443" />
> -->
>
> <!-- An Engine represents the entry point (within Catalina) that processes
> every request. The Engine implementation for Tomcat stand alone
> analyzes the HTTP headers included with the request, and passes them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
>
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
> <!-- Use the LockOutRealm to prevent attempts to guess user passwords
> via a brute-force attack -->
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Realm>
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
>
> <!-- SingleSignOn valve, share authentication between web applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
> -->
>
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using pattern="common" -->
> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> prefix="localhost_access_log" suffix=".txt"
> pattern="%h %l %u %t "%r" %s %b" />
>
> </Host>
> </Engine>
> </Service>
> </Server>
>
>
>
>
> Error Log Tomcat:
>
> 21-Apr-2023 16:29:45.545 SEVERE [main]
> org.apache.catalina.startup.Catalina.start Cannot start server, server
> instance is not configured
> 21-Apr-2023 16:37:07.450 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector/SSLHostConfig/Certificate] failed to set
> property [SSLPassword] to [123456789]
> 21-Apr-2023 16:37:07.454 SEVERE [main] org.apache.tomcat.util.digester.Digester.endElement End event threw exception
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:469)
> at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:143)
> at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
> at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
> at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
> at org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:691)
> at org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:878)
> ... 27 more
> 21-Apr-2023 16:37:07.456 WARNING [main] org.apache.catalina.startup.Catalina.parseServerXml Unable to load server configuration from [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/conf/server.xml]
> org.xml.sax.SAXParseException; systemId: file:/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/conf/server.xml; lineNumber: 120; columnNumber: 18; Error at line [120] column [18]: [Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.]
> at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1966)
> at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1998)
> at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1049)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
> at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
> at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
> at org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:691)
> at org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:878)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:469)
> at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:143)
> at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
> ... 20 more
> 21-Apr-2023 16:37:07.456 SEVERE [main]
> org.apache.catalina.startup.Catalina.start Cannot start server, server
> instance is not configured
>
>
> Regards,
> Pratik
>
> -----Original Message-----
> From: Mark Eggers <it...@yahoo.com.INVALID>
> Sent: 25 April 2023 10:45
> To: users@tomcat.apache.org
> Subject: Re: Tomcat VAPT Closure
>
> Pratik,
>
> On 4/24/2023 10:09 PM, PRATIK HUMNABADKAR wrote:
>> Hi,
>>
>> We need Tomcat support assistance for closure of our VAPT points for
>> disabling SSL TLS 1.0 and 1.1
>>
>> Please guide us by arranging concerned technician with us for closure.
>>
>> Tomcat version: 9.0.62
>> Operating system: Linux
>>
>> We tried disabling in below way.
>>
>> Changes done in server.xml
>> [cid:image001.png@01D9775F.7B492550]
>>
>> Error received on Tomcat restart:
>> [cid:image002.png@01D9775F.7B492550]
>>
>> Regards,
>> Pratik
>>
>>
>> DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
>>
>
> The list strips attachments. Please inline your server.xml and your log file, removing all sensitive information.
>
> Also, this list consists of volunteers. We'll do what we can to help you if you are willing to work with us and provide the required information.
>
> . . . just my two cent
> /mde/
>
> DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
There appear to be at least two issues:
1. You have multiple SSL connectors configured for the same hostName (default host in this case).
As the log files state, you cannot do that.
2. You have not specified the protocols in SSLHostConfig.
See https://tomcat.apache.org/tomcat-9.0-doc/config/http.html. Pay particular attention to the protocols attribute and the hostName attribue.
. . . just my two cents
/mde/
DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat VAPT Closure
Posted by Mark Eggers <it...@yahoo.com.INVALID>.
Pratik,
On 4/24/2023 10:20 PM, PRATIK HUMNABADKAR wrote:
> Hi,
>
> Server.xml
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8006" shutdown="SHUTDOWN">
> <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!-- APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one or more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
> -->
> <Connector port="9099" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
> This connector uses the NIO implementation. The default
> SSLImplementation will depend on the presence of the APR/native
> library and the useOpenSSL attribute of the AprLifecycleListener.
> Either JSSE or OpenSSL style configuration may be used regardless of
> the SSLImplementation selected. JSSE style configuration is used below.
> -->
> <!--
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxThreads="150" SSLEnabled="true">
> <SSLHostConfig>
> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> -->
> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
> This connector uses the APR/native implementation which always uses
> OpenSSL for TLS.
> Either JSSE or OpenSSL style configuration may be used. OpenSSL style
> configuration is used below.
> -->
> <!--
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
> maxThreads="150" SSLEnabled="true" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig>
> <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
> certificateFile="conf/localhost-rsa-cert.pem"
> certificateChainFile="conf/localhost-rsa-chain.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> -->
>
> <Connector port="9090" scheme="https" secure="true" SSLEnabled="true" SSLProtocol="TLSv1.2" protocol="org.apache.coyote.http11.Http11AprProtocol" >
> <SSLHostConfig>
> <Certificate
> certificateFile="/root/visualrules/bajaj_af_cert/ServerCertificate.crt"
> certificateKeyFile="/root/visualrules/bajaj_af_cert/bflaf.key"
> SSLPassword="123456789" certificateChainFile="/root/visualrules/bajaj_af_cert/Root.crt" />
> </SSLHostConfig>
> </Connector>
>
>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <!--
> <Connector protocol="AJP/1.3"
> address="::1"
> port="8009"
> redirectPort="8443" />
> -->
>
> <!-- An Engine represents the entry point (within Catalina) that processes
> every request. The Engine implementation for Tomcat stand alone
> analyzes the HTTP headers included with the request, and passes them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
>
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
> <!-- Use the LockOutRealm to prevent attempts to guess user passwords
> via a brute-force attack -->
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Realm>
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
>
> <!-- SingleSignOn valve, share authentication between web applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
> -->
>
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using pattern="common" -->
> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> prefix="localhost_access_log" suffix=".txt"
> pattern="%h %l %u %t "%r" %s %b" />
>
> </Host>
> </Engine>
> </Service>
> </Server>
>
>
>
>
> Error Log Tomcat:
>
> 21-Apr-2023 16:29:45.545 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server, server instance is not configured
> 21-Apr-2023 16:37:07.450 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [SSLPassword] to [123456789]
> 21-Apr-2023 16:37:07.454 SEVERE [main] org.apache.tomcat.util.digester.Digester.endElement End event threw exception
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:469)
> at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:143)
> at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
> at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
> at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
> at org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:691)
> at org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:878)
> ... 27 more
> 21-Apr-2023 16:37:07.456 WARNING [main] org.apache.catalina.startup.Catalina.parseServerXml Unable to load server configuration from [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/conf/server.xml]
> org.xml.sax.SAXParseException; systemId: file:/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/conf/server.xml; lineNumber: 120; columnNumber: 18; Error at line [120] column [18]: [Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.]
> at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1966)
> at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1998)
> at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1049)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
> at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
> at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
> at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
> at org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:691)
> at org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:878)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:469)
> at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:143)
> at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
> ... 20 more
> 21-Apr-2023 16:37:07.456 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server, server instance is not configured
>
>
> Regards,
> Pratik
>
> -----Original Message-----
> From: Mark Eggers <it...@yahoo.com.INVALID>
> Sent: 25 April 2023 10:45
> To: users@tomcat.apache.org
> Subject: Re: Tomcat VAPT Closure
>
> Pratik,
>
> On 4/24/2023 10:09 PM, PRATIK HUMNABADKAR wrote:
>> Hi,
>>
>> We need Tomcat support assistance for closure of our VAPT points for
>> disabling SSL TLS 1.0 and 1.1
>>
>> Please guide us by arranging concerned technician with us for closure.
>>
>> Tomcat version: 9.0.62
>> Operating system: Linux
>>
>> We tried disabling in below way.
>>
>> Changes done in server.xml
>> [cid:image001.png@01D9775F.7B492550]
>>
>> Error received on Tomcat restart:
>> [cid:image002.png@01D9775F.7B492550]
>>
>> Regards,
>> Pratik
>>
>>
>> DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
>>
>
> The list strips attachments. Please inline your server.xml and your log file, removing all sensitive information.
>
> Also, this list consists of volunteers. We'll do what we can to help you if you are willing to work with us and provide the required information.
>
> . . . just my two cent
> /mde/
>
> DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
There appear to be at least two issues:
1. You have multiple SSL connectors configured for the same hostName
(default host in this case).
As the log files state, you cannot do that.
2. You have not specified the protocols in SSLHostConfig.
See https://tomcat.apache.org/tomcat-9.0-doc/config/http.html. Pay
particular attention to the protocols attribute and the hostName attribue.
. . . just my two cents
/mde/
RE: Tomcat VAPT Closure
Posted by PRATIK HUMNABADKAR <pr...@bflaf.com.INVALID>.
Hi,
Server.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8006" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!-- APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="9099" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<Connector port="9090" scheme="https" secure="true" SSLEnabled="true" SSLProtocol="TLSv1.2" protocol="org.apache.coyote.http11.Http11AprProtocol" >
<SSLHostConfig>
<Certificate
certificateFile="/root/visualrules/bajaj_af_cert/ServerCertificate.crt"
certificateKeyFile="/root/visualrules/bajaj_af_cert/bflaf.key"
SSLPassword="123456789" certificateChainFile="/root/visualrules/bajaj_af_cert/Root.crt" />
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Error Log Tomcat:
21-Apr-2023 16:29:45.545 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server, server instance is not configured
21-Apr-2023 16:37:07.450 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [SSLPassword] to [123456789]
21-Apr-2023 16:37:07.454 SEVERE [main] org.apache.tomcat.util.digester.Digester.endElement End event threw exception
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:469)
at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:143)
at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.
at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
at org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:691)
at org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:878)
... 27 more
21-Apr-2023 16:37:07.456 WARNING [main] org.apache.catalina.startup.Catalina.parseServerXml Unable to load server configuration from [/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/conf/server.xml]
org.xml.sax.SAXParseException; systemId: file:/home/ajayv/Actico/Actico-Rules/6.8.3/dev-server/apache-tomcat-9.0.62/conf/server.xml; lineNumber: 120; columnNumber: 18; Error at line [120] column [18]: [Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.]
at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1966)
at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1998)
at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1049)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:617)
at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique.
at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
at org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:691)
at org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:878)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:469)
at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:143)
at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
... 20 more
21-Apr-2023 16:37:07.456 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server, server instance is not configured
Regards,
Pratik
-----Original Message-----
From: Mark Eggers <it...@yahoo.com.INVALID>
Sent: 25 April 2023 10:45
To: users@tomcat.apache.org
Subject: Re: Tomcat VAPT Closure
Pratik,
On 4/24/2023 10:09 PM, PRATIK HUMNABADKAR wrote:
> Hi,
>
> We need Tomcat support assistance for closure of our VAPT points for
> disabling SSL TLS 1.0 and 1.1
>
> Please guide us by arranging concerned technician with us for closure.
>
> Tomcat version: 9.0.62
> Operating system: Linux
>
> We tried disabling in below way.
>
> Changes done in server.xml
> [cid:image001.png@01D9775F.7B492550]
>
> Error received on Tomcat restart:
> [cid:image002.png@01D9775F.7B492550]
>
> Regards,
> Pratik
>
>
> DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
>
The list strips attachments. Please inline your server.xml and your log file, removing all sensitive information.
Also, this list consists of volunteers. We'll do what we can to help you if you are willing to work with us and provide the required information.
. . . just my two cent
/mde/
DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat VAPT Closure
Posted by Mark Eggers <it...@yahoo.com.INVALID>.
Pratik,
On 4/24/2023 10:09 PM, PRATIK HUMNABADKAR wrote:
> Hi,
>
> We need Tomcat support assistance for closure of our VAPT points for disabling SSL TLS 1.0 and 1.1
>
> Please guide us by arranging concerned technician with us for closure.
>
> Tomcat version: 9.0.62
> Operating system: Linux
>
> We tried disabling in below way.
>
> Changes done in server.xml
> [cid:image001.png@01D9775F.7B492550]
>
> Error received on Tomcat restart:
> [cid:image002.png@01D9775F.7B492550]
>
> Regards,
> Pratik
>
>
> DISCLAIMER: This message, including any attachments may contain proprietary, confidential and privileged information for the sole use of the intended recipient(s), and is protected by law. If you are not the intended recipient, please notify the sender immediately and destroy all copies of the original message and attachments, if any. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Bajaj Finance Ltd. and / or its group companies reserve the right to record, monitor, and inspect all email communications through its internal and external networks. Your messages can be subject to such lawful supervision as Bajaj Finance Ltd. and / or its group companies deem necessary in order to protect their information, interests and reputation. Bajaj Finance Ltd. and / or its group companies prohibit and may take steps to prevent their information systems from being used to view, store or forward offensive or discriminatory material. If this message contains such material, please report it to abuse@bflaf.com<ma...@bflaf.com> . Please ensure you have adequate virus protection before you open or detach any documents from this transmission. Bajaj Finance Ltd. and / or its group companies do not accept any liability for viruses.
>
The list strips attachments. Please inline your server.xml and your log
file, removing all sensitive information.
Also, this list consists of volunteers. We'll do what we can to help
you if you are willing to work with us and provide the required information.
. . . just my two cent
/mde/