Adding ssl to tomcat directory

Hi.
Im running a https://mydomain.com with proper ssl certs and that works fine. But then I need a FileMaker function that activates a https://mydomain.com/zulu/ webpage.
It does that through apache tomcat (in library/filemaker server/web publishing /cwpe-tomcat/conf/catalina/localhosts/zulu.xlm etc) but when i connect to it it looses the ssl connection. So when i run my function I get a
java.sql.SQLException: Could not connect to database: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
And that should mean that the function cant locate the ssl certificate. Since my server is running with a certificate, Im wondering how to deploy ssl to all sub sites / tomcat pages?
Im not sure if anyone will understand the question, but i don't really know how the web server functions, more then what I can se in the server.app
The FileMaker function is set up according to the producer, and they says its a web server issue.. is it? The site itself is not located under root sites as I would have guessed it should be when its a domain/directoryadress...
any tips are appreciated.
thanks.
Lion server lates build. Mac mini. Java 6.

Me and google solved it.
Reason:
The Java 6 engine (used by tomcat that filemaker uses) on the osx lion cant find your ssl certificate. Java engine does not look for a certificate in the usual apache osx server keystore file. It uses its own keystore file called Cacerts. The location may vary depending on osx version. So when you connect, it cant find a certificate in the keystore file (keystore file is like a vaultwhere you can store certificates) because there is none. The solution is to import a proper signed certificate in to the Cacerts file so that it can be found by Filemaker and the Seecode.
Solution:
1. Make sure you have a proper signed ssl certificate intsalled for web in server.app.
2. Export it from your keychain acces.app so that you get a file called something.cer
3. Start terminal.app
4. Run $ Sudo Keytool -import -alias yourdomain.com -file /example/folder/path/yourcertificate.cer -keystore /system/library/Java/Support/CoreDeploy.bundle/Contents/home/lib/security/Cacer ts
5. Enter system password for the sudo command
6. Enter Cacerts password, default is: changeit
7. You will get a long text and a will you trust this question. Say yes.
8. It should say Certificate has been added to keystore-file

Similar Messages

How to test SSL in tomcat

hi,
i need to test whether the SSL in tomcat is secure or not. i need to show some evidence to my supervisor that SSL did encrypt data during transmission.
therefore, my plan is to sniff out some packet from SSL to show the encrypted data to my supervisor. but i do not know which is the best sniffer tools to help me to do this.
could anyone suggest me which is the best tool? and how to do it?
thanks
eric

If you're on linux, try ssldump. If you're on windows, try ethereal.

Tomcat directory structure + jsp

Hi all,
I have been trying for a long time now to setup my tomcat-directory as described, but I don't get my application running... My directory structure is currently as follows:
d:\
    webapp\
         web\
              WEB-INF\
                    classes\
                         servlet
                    libThe path for tomcat is set to d:\webapp\web, where my JSPs are. From the JSPs, I start some applets - the problem is, where do I have to put them? They are in the directory project; if I put this directory in WEB-INF/classes, they are not found. If I put them directly in the web-directory, they are found, but not the classes they depend on... I can then put all the classes I need in the web-directory, and my application runs, but as far as I understood, this is not the supposed setting :-( And besides, the only reason for the WEB-INF directory would then be the servlets inside (which run without problems!)
Might I do something wrong in calling the applets? In the moment, I start them with <applet code="project/Start.class"> Or do I need to change something in the web.xml file?
Thanks for any hints,
Thea

but as far as I understood, this is not the supposed setting That IS the appropriate setting.
An applet runs on the client machine.
Therefore the client has to download all the class files to run the applet.
The client cannot download any classes that are under WEB-INF. WEB-INF directory is for the server only.
Therefore any classes needed to run your applet must be outside of the WEB-INF folder, so they can be downloaded.
JSP/Servlet code runs on the server side. The code for this you can put under WEB-INF, and it will only be available to the server. That way you have your application, but don't have the code freely downloadable.
Cheers,
evnafets

SSL and Tomcat Conf. Ques

Hi Guys,
I really need your quick help...I am trying to configure SSL in Tomcat...I am using Tomcat 4.1 and JDK 1.4... I did all the steps mentioned on the below page...
http://tomcat.apache.org/tomcat-4.0-doc/ssl-howto.html
and my server.xml file is like this...

    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
            acceptCount="100" debug="0" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true">
                <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               clientAuth="true" protocol="TLS" />
    </Connector>I copied all the JAR files (from JSSE) in JAVA_home/jre/lib/ext...set all the path in classpath..
JSSE_home is set in Environment Variables
I restarted the server and type the following into browser
https://localhost:8443
it says "The page cannot be displayed"
can you please let me know which step I am missing??....
by using %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA I have created ".keystore" in
C:\Document and Settings\vishu
what do I do now to run my JSP pages on SSL...
when server starts it doesn't give me any error..but I can't see the index page...
but if I am typing https://127.0.0.1:8443/ then it is displaying message about the certificate...and when I press OK button again "The Page can not be displayed" appears.
please help me out...
thanks
vishu

Hi,
thanks for the reply...I know that
https://localhost:8443
https://127.0.0.1:8443
are identical and make no difference...but isn't it strange that if I type
https://localhost:8443 then nothing comes up and if I type
https://127.0.0.1:8443 then one message box appear
Choose a digital certificate
The website you want to view requests identifications..Please choose a certificate ....
but the View Certificate tab is disable...the only option I have is press OK button...and once I press OK button The Page cannot be displayed appears..
can you please help me out...do I need to download any certificate??... how do I solve this thing...
and index.jsp is there in the ROOT folder...
http://127.0.0.1:8080/index.jsp is running fine..
vishu

Scripts for adding/deleting/modifying Open Directory accounts?

I think I have searched high and low for an answer to this question, but if I missed it please point me in the right direction. Where can I find information on scripts for adding/deleting/modifying open directory accounts? At the very least, a command line utility with some syntax guidelines! Any help would be greatly appreciated.

Hi
I personally don't know if any scripts although you can use the command line to do pretty much anything you want with the Open Directory. Consult the manual: man dscl. If you launch terminal and issue dscl you should see something like this:
my-Laptop:~ me$ dscl
dscl (v20.4)
usage: dscl [options] [<datasource> [<command>]]
datasource:
localhost (default) or
<hostname> (requires DS proxy support, >= DS-158) or
<nodename> (Directory Service style node name) or
<domainname> (NetInfo style domain name)
options:
-u <user> authenticate as user (required when using DS Proxy)
-P <password> authentication password
-p prompt for password
-raw don't strip off prefix from DS constants
-url print record attribute values in URL-style encoding
-q quiet - no interactive prompt
commands:
-read <path> [<key>...]
-create <record path> [<key> [<val>...]]
-delete <path> [<key> [<val>...]]
-list <path> [<key>]
-append <record path> <key> <val>...
-merge <record path> <key> <val>...
-change <record path> <key> <old value> <new value>
-changei <record path> <key> <value index> <new value>
-search <path> <key> <val>
-auth [<user> [<password>]]
-authonly [<user> [<password>]]
-passwd <user path> [<new password> | <old password> <new password>]
Entering interactive mode...
The above is for 10.4 and should server equally as well for 10.5.
Hope this helps, Tony

When building an application unit tests are added to a support directory

Why are unit tests (.lvtest files) added to a support directory when building an application? I cannot find a way to exclude them from the support directory.

I'd imagine this is happening to you because they are in the "Dependencies" section of your project file (*.lvproj). Is this correct?
If so, you should add them to your project file somewhere. Then you will be able to prevent them from being installed. In my experience LabVIEW grabs files it thinks are nesecary from the Dependencies list and installs them in a support directory.

Problem with ssl and tomcat

Hi to all, I'm trying to do ssl in a intranet. I have tomcat 4.1 and JDK 4.1_02. I have following all steps thats indicate the tomcat ssl documentation, I have copied the jcert.jar jnet.jar and jsse.jar to the directorie jre\lib\ext I have generated the keystore and verisign have sent me the keys. I have modified the server.xml where I have put the new port and the factory tag but I cannot see a page through https.
I have port 8080 that redirects to 8443, which have the scheme=https.
if I put http:\\localhost:8080 appear the tomcat home page.
if I put https:\\localhost:8443 not appear nothing.
if I put http:\\localhost:8443 not appear error but don't show nothing.
I have seen the log of tomcat and appear an exception:
org.apache.commons.digester.Digester error
Parse Error al line 89 column 11: the content element type "web-app" must match (icon?,display-name?....
this exception don't appear previously,it seems that is a problem of xerces.
Any idea or help it is welcome.
THANKS.

Obviously you have a syntax error in your one of your .xml files. Most likely in either the global web.xml or the application specific one.

How to only allow ssl in tomcat

Hi expert,
I am able to set Tomcat using SSL on port 443 but I like to enabled this the whole site so when user access it throught port 80, I like to redirect them to 443, how can I do this in Tomcat?
e.g http://www.test.com should redirect user to https://www.test.com
Thanks.

Then don't make any other pages available on the non-SSL server.
If you were using Apache HTTP server, you could do URL rewriting to accomplish what you're talking about, but Tomcat doesn't have that functionality. However, you can use mod_jk to connect an Apache HTTP server to Tomcat using AJP which effectively uses Apache as the HTTP server, and only uses Tomcat to process JSPs and Servlets. I really like this approach, since I can run my Java processes on a "less secure" machine like Linux and protect it entirely with a firewall, and run my HTTP server on a "more secure" server like OpenBSD. Plus I can add additional Tomcat servers and do load-balancing.
Check out the jakarta-tomcat-connectors on the Jakarta project site.
Brian

Tips on enabling SSL in Active Directory!!!

Finally I can connect to my Active Directory through SSL connection. I don't know what is wrong with my previous settings because I reinstall the server from scratch. Below is the steps I took:
1. Install Windows 2000 Advanced Server + SP4
2. Install Windows 2000 High Encryption Pack (128-Bits SSL)
3. Install Active Directory Service together with MS DNS Server and Enterprise Certificate Authority Service.
4. Install Windows 2000 Support Tools from Windows 2000 installation CD.
5. Launch ldp.exe and connect to local Active Directory on port 636.
6. It should display the rootDSE content if SSL is working properly.
7. Go to C: drive and get the root CA certificate in root directory. It should be named xxx.crt.
8. Import the certificate into ${JAVA.HOME}/lib/security/cacerts file.
9. Right now everything should be OK.
What surprised me is I didn't follow several 'important' steps suggested by both Microsoft and some other developers in this forum. They are:
1. Open the Domain Controller Policy using the Group Policy Editor.
2. Under Computer Configuration , click Windows Settings .
3. Click Security Settings , and then click Public Key Policies.
4. Click Automatic Certificate Request Settings .
5. Use the wizard to add a policy for Domain Controllers.
I double checked that I didn't enable Automatic Certificate Request Settings. But somehow SSL works. Can somebody explain why?
Regards,
WenBin

I am glad that you can benefit from the tips.
Regarding to you question, the answer is like this:
1. A user named David logon
2. You generate the userPrincipal for him - [email protected]
3. Bind to ADS with this userPrincipal and the password he typed in
4. If succeeds, search user container with sAMAccountName=David and meanwhile request any attributes you want. Please refer to JNDI tutorial on how to search LDAP directory and get back some other attributes at the same time.
Hope this help you.
Regards,
WenBin

Co-Administrator added to the default directory cannot log in, Error message: No Subscriptions

So I had set up Azure Subscription earlier this week and activated a Standard website plan. I added co-admins to the default directory but when they try to log in through manage.windowsazure.com they get an error that there are no subsciprtions associated
with their account. Why is this happening? Why can't they log in even though I have added them into the default directory of which I'm a Global Administrator?

Hi,
Based on your description, you want to add co-administrator? Am I right? If that, please have a look at below article and follow its steps.
#http://msdn.microsoft.com/en-us/library/azure/gg456328.aspx
Apologies if I have misinterpreted.
Best Regards,
Jambor
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Adding SSL-Certificate Exception in Firefox 4

I recently installed Firefox 4 beta 11 and now cannot access certain webpages provided by my university which are using an SSL-encryption.
The error message I receive (in a popup box) is:
'''evasys.urz.uni-halle.de uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)'''
It has been a known problem that somehow Firefox does not handle the issuer chain of the certificate correctly (thats what the IT department says) and the solution up to now was to add an exception for this website in Firefox 3.x.x
This would be fine by me for Firefox 4, too, but I cannot find a way to add this exception. As soon as I dismiss the error message box by clicking "OK" nothing happens, no "This connection is untrusted"-page (http://support.mozilla.com/en-US/kb/This%20connection%20is%20untrusted#w_certificates-and-identification) is opened or anything equivalent.
Thank you in advance for any help.

Hello.
Yes, there is a problem with adding an exception button, but I found a temporary solution until Mozilla solves the problem.
First, copy a link from website you want to enter.
Then, go to: Options > Advanced > Encryption tab > View Certificates > Servers tab > Add Exception..
Now paste the link at "Location:" then click "Get Certificate" and Confirm Security Exception.
That's all.

Tomcat directory structure

Hi, I've programmed a client - server application based on an applet - servlet communication and all is running ok. I've my applet and all the classes needed by it in Root/ directory and my servlet and all the classes needed by it in Root/WEB-INF/classes/ directory. All clases have no structure. Te problem appears when I want to give a certain structure to all my classes (put them in certain packages).
For example, if my applet belongs to the packate myPackage I put it in Root/myPackage/ and if my servlet belongs to the package myServletPackage I put it in Root/WEB-INF/classes/myServletPackage/ and so on.
Finally I configure my web.xml file like this:
<servlet>
<servlet-name>MyServlet</servlet-name>
<servlet-class>myServletPackage.ElServlet</servlet-class>
</servlet>
After restarting tomcat when I try to run the application It appear a No class foun exception.
Can anyone tell me what I'm doing wrong?
Thks and sorry for my english.

Sorry for my bad example. In fact I put the Root directory as an example, It's real name is MetroNet and, as I say on the previous topic the problem appear when I try to organize my classes in different packages.
thnks

Adding images to /i/ directory

I'm running Oracle Apex 3.1 on an Oracle XE database. Like others on this forum I'm having problems with workspace images not always showing. Instead of the image I get a red cross. If I right click on the image and select show image the image displays. I have read many posts on this subject but have not found an answer, is there a post that I have missed that explains how to solve the issue?.
From reading various posts on the forum I understand that workspace images are held within the database and will be retrieved each time the page is opened. I also understand that the inbuilt Apex images (which always display correctly!) are held within the OS file-system.
My question is how can I add my icons (six small button icons and a company logo) to the /i/ directory structure? My guess is if I added my icon in a directory under the apex image directory and reran APEXINS my icon would be included in /i/. But is there a way of adding additional icons to this directory without re-running APEXINS ?
Thanks
Ian

Ian,
Read these postings:
http://deneskubicek.blogspot.com/2008/04/xe-webfolder-with-vista.html
http://daust.blogspot.com/2006/03/where-are-images-of-application.html
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.opal-consulting.de/training
http://htmldb.oracle.com/pls/otn/f?p=31517:1
-------------------------------------------------------------------

SSL and tomcat

how can i configure tomcat to run with SSL? any ideas?

here you are - http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html

How to configure SSL in tomcat and transfer data through HTTPS.

Hi all,
I hav an urgent requirement for transfering data through HTTPS.But hav no idea how to achieve that,using SSL.
For that i have to configure tomcat.What and all i hav to do
download and which and all files i hav to alter for configuring the tomcat.
seeking for ur help,
thank you

Multi-posted.
http://forum.java.sun.com/thread.jspa?threadID=591116&messageID=3079266#3079266
http://forum.java.sun.com/thread.jspa?threadID=591062&messageID=3078566#3078566
http://forum.java.sun.com/thread.jspa?threadID=590987&messageID=3077736#3077736

Adding ssl to tomcat directory

Similar Messages

Maybe you are looking for