I am working on Link-OS web-service with self-signed CA.
I followed this to create a self-signed CA
I deployed the printer server by following these instructions
https://github.com/ZebraDevs/LinkOS-Webservices-Samples
Whenever I add this part to server.xml, no page will work including localhost:8080 although the server is running without showing or throwing errors or exceptions.
<Connector
protocol="org.apache.coyote.http11.Http11AprProtocol"
SSLEnabled="true" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
maxThreads="200" port="8443" SSLVerifyClient="optional"
scheme="https" secure="true"
SSLCertificateFile="C:\cert\SERVER.crt"
SSLCertificateKeyFile="C:\cert\SERVER.key"
/>
what could go wrong with these steps? I have followed them step by step
I am using:
Java 8
Tomcat 7
APR 1.7
following this solution will make the server works fine, but it won't work with the printers, so it is not what I am looking for.
You used an APR Connector here. (protocol="org.apache.coyote.http11.Http11AprProtocol")
APR implementation needs Apache Portable Runtime (APR) and Tomcat Native library.
You can install them with these commands:
apt install libtcnative-1
apt install libapr1-dev libssl-dev
or if either package is not found, try this answer.
I think you should implement cert-sign certification without APR, because an APR connector needs extra libraries. İf you want, try these instructions.
Related
This is the situation summed up.
The configuration below is identical in server.xml in Tomcat 8.5.8 and Tomcat 9.0.64.
The JKS-file used is created by keytool in Java 8.
Expected behaviour is that when using HTTPS in URL (mysite.org), NetID will start giving me a choice of client certificates from my card, I choose correct certificate, and give my PIN-code, then the webpage will be shown.
This works with Tomcat 8.5.8 on Java 8.
But when starting with Tomcat 9.0.64 on Java 8 or Java 17 it throws the error:
ERR_SSL_CLIENT_AUTH_NO_COMMON_ALGORITHMS
Any idea why doesn't Tomcat 9 like this configuration?
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
maxThreads="150" scheme="https" secure="true" clientAuth="true" sslProtocol="TLSv1.2"
keystoreFile="/srv/archive/Cert/archivelux.jks" keystorePass="xxxx"
truststoreFile="/srv/archive/Cert/archivelux.jks" truststorePass="xxxx" truststoreType="JKS"/>
Yes, something appears to have changed between Tomcat 8 and Tomcat 9.
The parameter sslProtocol="TLSv1.2" is accepted by Tomcat 8, but not by Tomcat 9.
There the parameter must be SSLProtocol="TLSv1.2"
Restart, and it will work.
/Paul
I was running my web program in eclipse ide using apache tomcat but while changing my port number I didn't find ajp/1.3 port, I think in past while solving an error I tried to change it and now it's not there, I tried to reinstall apache tomcat but still, it's not coming.
please help me
Go to the Tomcat server conf($Tomcat_Home/conf) directory and check the AJP connector available or not in server.xml. If not the add below entry in server.xml after HTTP connector.
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
I have wild card pfx certificate with its Intermediate certificate in p7b/crt format. Those certificate are installed on IIS 8.0. How to install those certificates in tomcat 8.0? Tomcat is installed on windows
I could do it successfully. As I have mentioned that my certificate was installed on IIS web server on windows with intermediate certificate. So I follow below steps
Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates
Access the Search menu. In the search box, type mmc
From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
From the list of snap-ins, select Certificates
Click Add
Select Computer Account
Click Next
Select Local Computer (the computer this console is running on)
Click Finish
In the Add/Remove Snap-in window, click OK
Save these console settings for future use
Step 2: Export/ Back Up the certificate
Open the Certificates (Local Computer) snap-in you added > select Personal > Certificates
Right-click certificate name > select All Tasks > Export.
The Certificate Export Wizard opens > click Next
Select Yes, export the private key > click Next
Select Personal Information Exchange
Ensure to check only Include all certificates in the certificate path if possible > click Next
Enter and confirm a password > click Next
Choose a file name and location for the export file > click Next
Click Finish
Step 3: Configure PKCS12 (.pfx) file on Tomcat server
Open %TOMCAT_HOME/conf/server.xml in XML or text editor
Find the following lines: (In my case, I could not find below lines, So I directly jump to point 4 and add whole tag in my server.xml and change keystorefile and keystorePassword)
<!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
Delete the comment markers at the beginning of the code (<!--) and at the end of the code (-->)
Immediately after sslProtocol="TLS" and before />, add the following attributes:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=”/path/to/mycert.pfx” keystoreType=”PKCS12″ keystorePass="your_PKCS12_password" />
Save server.xml
Restart Tomcat
Hope it will help somebody :)
Please convert the PFX file into a Tomcat compatible format . The command is given below
Keytool -importkeystore -srckeystore server.pfx -srcstoretype pkcs12 -destkeystore tomcat.jks -deststoretype jks
The tomcat.jks file directives can be provided in the server.xml file of tomcat.
I've been trying to set my Mac up to run a JSP project using Neatbean 8.1 with Tomcat under OSX.
I followed the directions posted on this page and I can start and stop Tomcat without any issues. (How to connect NetBeans 8 with Tomcat 8 in Mac OS X?)
The problem I'm having seems to be much more subtle and I can't figure out.
After I create and build my JSP project, Netbeans makes a war file
BUILD SUCCESSFUL (total time: 0 seconds)
but when I click the Run button. Tomcat will launch but then Netbeans will stall. The only message I get from the IDE is
Deploying Project myTestProject ...
Waiting for Tomcat
Then nothing. The browser doesn't launch and nothing happens.
When I go into the my browser and type http://localhost:8080/myTestProject I get nothing.
So Netbeans is connect to Tomcat and can launch the Server Container but then nothing.
Finally after about 3 mins I get this message
/Users/user/Projects/myTestProject/nbproject/build-impl.xml:1045:
Deployment error: Starting of Tomcat failed.
See the server log for details.
BUILD FAILED (total time: 3 minutes 1 second)
Any thoughts about where I should be looking?
After two days of head banging I finally found my answer here.
https://netbeans.org/bugzilla/show_bug.cgi?id=262749
I'm leaving this comment for anyone who has also faced this issue. It appears to a bug in Netbeans
The fixed was simple, all I had to do was had this line of text to my server.xml -- "server="Apache-Coyote/1.1"
The Connector should look like this:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
server="Apache-Coyote/1.1" />
I'm using tomcat 6 (embedded server) in myEclipse 10.0 along with Apache CXF for a web services app. My problem is I'm trying to connect to a server that has a war file with some service code in it. However, when I try to hit it though the code, I'm getting this error from CXF:
WARNING: Interceptor has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
and then this error which seems to be the root problem:
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
I used InstallCert.java to hit the server and it gave me this:
Loading KeyStore jssecacerts... Opening connection to :443...
Starting SSL handshake...
No errors, certificate is already trusted
I used Porticle to view the cacerts file and sure enough the server sha1 and md5 information matched exactly what was on the server. The cacerts file is located under the java/jre6/lib/security folder, which I thought was automatically picked up by tomcat when it loads.
I also created a .bin folder as another idea and put it under webapps directory for tomcat and modified the server xml like so:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="<path on my machine>/webapps/tomcat.bin" keystorePass="changeit" />
I found some articles that showed how to get the certificate loaded to your keystore, but that doesn't seem to be the issue, even though that is the common solution for this error. Is there something I'm missing or could there be another reason why I'm getting this error?
It turned out that myEclipse has it's own jre running it's own default cacerts file. On my machine it was here: C:\MyEclipse\Common\binary\com.sun.java.jdk.win32.x86_1.6.0.013\jre\lib\security.
I used ProcessExplorer to view the javaw.exe process and then did a Find (control key + F key) and it showed the additional jre that had loaded. I copied the correct cacerts over to that directory restarted everything and it worked!