SSL mutual authentication with Tomcat and IE

Similar Messages

• Failed to use LDAP over SSL MUTUAL AUTHENTICATION with some Directory enable SSL.

  In iPlanet Web Server, Enterprise Edition Administration's guide, chapter 5: secure your web server - Using SSL and TLS protocol specifying that the Administrator server camn communicate LDAP over SSL with some Directory enable SSL.
  Is there any way to configure iplanet Administration server to talk ldap/ssl in mutual authentication mode with some directory?

  Hi,
  Sorry, I could not understand what your are trying to do with iWS.
  Could you please berifly explain your question. So that I can help you.
  Regards,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• HTTPService SSL mutual authentication

  I can use HTTPService to access a secure web server via.
  HTTPS. The SSL is configured to do a mutual authentication: both
  server and client needs to send their certificate to each other.
  Where should I put client certificate so that HTTPService can fint
  it?
  Is Flex3 using browser's certificate management system? or
  has its own?

  Oh I find that there is different code base of WLS 7.0.0!!
  - WLS 7.0.0 of Mai 2002 is propagating the principal correctly with SSL
  mutual authentication.
  - WLS 7.0.0 of Juli 2002 is NOT propagating anymore! (the patch is appliable
  to this)
  Obviously BEA published different nightly builds of the same WLS 7.0.0 on
  the web.
  Is this normal?
  Regards
  Alain Hsiung
  "Alain Hsiung" <[email protected]> wrote in message
  news:[email protected]..
  I think that SP1 has a bug: it cannot propagate the principal when SSL
  mutual
  authentication is used. I fixed it with a small patch. Now the principalis
  propagated
  correctly with SSL mutual authentication on WLS 7.0.1 (WLS 7.0.0 isworking
  without patch).
  Alain Hsiung
  "Alain Hsiung" <[email protected]> wrote in message
  news:[email protected]..
  Hi all
  I make SSL mutual authentication work between 2 WLS 7.0 servers.
  As I upgrade to WLS 7.0 SP1 the principal propagation doesn't workanymore:
  the principal on the target WLS is always "anonymous"!
  Is this a bug or is there something new to parametrize?
  Regards
  Alain Hsiung

• How to use JMS with tomcat and Axis

  Hello
  I'm new in ii, so i'm still a little bit lost. I have been implementing web services with tomcat and Axis. However, these services are synchronous and I would like that some services were asynchronous.
  I've been reading about the topic and I've found that JMS is a good solution for it. I have already downloaded JMS in my computer but now I don't know what else to do. I've been trying to run the SimpleQueueSender.java example but I get the error:
  JNDI API lookup failed: javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial
  But I have attached all .jar from F:\Sun\MessageQueue\lib
  In addition to this, for my first webservices I used the Java2WSDL, WSDL2Java and AdminClient (axis tool) to create my web services bindings, stubs and skeletons and to deploy the web service on the server. Do I have to use them now with JMS? or now the deployment must be performed in a different way?
  Thank you in advanced,

  The error means that you have to specify the type and location of your jndi store. You could create a jndi.properties file and put two properties in it:
  java.naming.provider.url=file\\\:////var/jndi
  java.naming.factory.initial=com.sun.jndi.fscontext.RefFSContextFactory
  for a file based jndi store. Then you have to make sure your jndi.properties file is in your CLASSPATH. Then you have to use something like imqadmin to create your jndi store and store in it your administrative objects like Queues and QueueConnectionFactories.

• Do we need appache and ssl work together with tomcat

  Hi all,
  I have experience use tomcate+ sql2000 +JDK to develop and web search site.  Now I hope somebody told me
  1) do I need add apache with tomcat?
  2) do I need to add SSL?
  thank you every much

  Hi all,
  I download mod_jk 1.2.5_2.0.47.dll from (http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binaries/win32/) rname it as mod_jk.dll and put it down to apache modules, at this step I still get Syntax Ok when I try c:\apache|apache2\bin|Apache.exe -t. but when I add
  <Listener className="org.apache.ajp.tomcat5.config.ApacheConfig" modJk="c:/Apache/Apache2/modules/mod_jk.dll" /> just below the
  <Server port="8005" shutdown="SHUTDOWN" debug="0">
  I can't not star my tomcat.
  what is wrong??
  I have apache 2.0.50 and tomcat 5.0.25 on my Pc and before I add apache my tomcat work fine.
  Thank you

• Mutual authentication on Tomcat 5

  Hello,
  For the moment I'm experimenting with J2EE security with Tomcat 5.
  So far I was able to get BASIC authentication to work and also server Authentication (SSL with certificate).
  The next step I wanted to take was to configure Tomcat to use Mutual authentication but so far without success.
  Here are the steps I take:
  1. Create a client keystore with one certificates using the java keytool
  2. Create a server keystore with one certificate using the java keytool (my CN name is localhost and I also
  use this in my test URL: https://localhost:8443)
  3. Export the client certificate from the client keystore to a .cer certificate
  4. Export the server certificate fomr the server keystore to a .cer certifciate
  5. Import my .cer server certificate in my trust store (%JRE_HOME%\lib\security\cacerts)
  Now the client should trust the server's certificate.
  6. Import my .cer client certificate in my server's keystore
  This way the server should trust the client.
  7. In my server.xml file I have put clientAuth to true and used the -keystore parameter to point to the correct
  certificate.
  <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https"
  secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="c:/keys/serverKeys"
  keystorePass="password"/>
  As a test I also imported the 2 .cer certificates (client + server) in my IE but I don't think this is needed.
  When I start tomcat and check if it is running http://localhost:8080 then this works, but when I want to use https://localhost:8443 I get the message that the page could not be displayed ...
  I'm trying for several days to solve this but without success ...
  Can someone help me please ?
  Many thanks !
  Best regards,
  Tom.

  With truststore file you mean cacerts.jks in %JAVA_HOME%/JRE/LIB/SECURITY ?
  To avoid misunderstanding, the only thing I try to do is to establish mutual authentication bewteen a client (IE) and a server (localhost) on the same machine (without using any java code) ?
  Is that possible ?
  Do I need to configure anything in my web.xml ?
  Does there exist a step by step guideline to get it to work ?
  By javax.net.debug system property, you mean that this must be done in java code ?

• Configuring Basic Authentication with Username and password on BizTalk Schema Service

  Hi,
  I have published my schema as a webservice with WCF-BASICHTTP adapter in IIS 8.0.
  I wanted to have a Basic Authentication(User name and password restriction).
  I made the Receive location with Security mode as Transport and Transport Client Crediential Type as Basic.
  I also set the Service in IIS with Basic Authentication only enabled.
  But I don't know how to provide a UserName and Password Authentication.
  Please provide your suggestions
  Regards, Vignesh S

  Hi,
  Try & go through the below MSDN link as it explains configuring WCF BasicHttp adapter very well.
  http://msdn.microsoft.com/en-us/library/bb246064(v=bts.80).aspx
  HTH,
  Sumit
  Sumit Verma - MCTS BizTalk 2006/2010 - Please indicate "Mark as Answer" or "Mark as Helpful" if this post has answered the question

• Third Party API with Tomcat and Axis

  I'm experimenting with creating web services in Java. I'm using tomcat and axis for this. I have successfully created and deployed some basic web services and now I want to create one using a 3rd party API. I follow the same exact procedure and when I deploy the service I check my list of deployed services through the axis page, but all my services have disappearred. Commenting out all 3rd party related methods does successfully deploy the service. Is there anything special/extra I have to do to get 3rd Party classes to function correctly in a web service?
  Thanks in advance

  what kind of third party API are using ?

• Using Third Party APIs with Tomcat and Axis

  I'm experimenting with creating web services in Java. I'm using tomcat and axis for this. I have successfully created and deployed some basic web services and now I want to create one using a 3rd party API. I follow the same exact procedure and when I deploy the service I check my list of deployed services through the axis page, but all my services have disappearred. Commenting out all 3rd party related methods does successfully deploy the service. Is there anything special/extra I have to do to get 3rd Party classes to function correctly in a web service?
  Thanks in advance

  If you're using Tomcat, JARs in the /common/lib directory are available to all applications deployed on that instance of Tomcat.
  I prefer putting them in the WEB-INF/lib of my web app, even if that means duplication. That way my app doesn't depend on having the server set up a certain way. I deploy them as a WAR file with everything they need enclosed within,no more and no less. They're completely portable to any servlet/J2EE engine that way.
  %

• Remote Server Debugging with Tomcat and Eclipse

  Hi ,
  I am using Tomcat 4.0, Jdk1.3 and eclipse 2.1 ,Windows 2000
  I am trying for past 5 days, Remote Server Debugging.
  But I can't acheive.Please help in this tough situation.
  I have configured Tomcat to run in debug mode by the following steps:
  1) In catalina.bat, SET CATALINA_OPTS=-server -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000
  2) Then I set the JAVA_HOME AND TOMCAT_HOME in the environment mode.
  3) Then I clicked the startup.bat in the bin directory.
  In Eclipse side , I followed as,
  1) Run/Debug/Remote Java Application/New/
  In the connect tab, I gave host:localhost and port:8000
  2) Then I clicked Debug button.
  I didn't use any plugin.
  But it producing "Failed to connect to Remote VM.Connection refused."
  So I gave host:localhost and port:8080 in eclipse side,
  but this I am getting errorin eclipse side as "Failed to connect to Remote VM".In server side, I am getting error as,
  java.lang.NullPointerException
  at org.apache.catalina.connector.http.HttpResponseStream.checkHead(HttpR
  esponseStream.java:253)
  at org.apache.catalina.connector.http.HttpResponseStream.<init>(HttpResp
  onseStream.java:104)
  at org.apache.catalina.connector.http.HttpResponseImpl.createOutputStrea
  m(HttpResponseImpl.java:220)
  at org.apache.catalina.connector.ResponseBase.getOutputStream(ResponseBa
  se.java:725)
  at org.apache.catalina.connector.ResponseBase.finishResponse(ResponseBas
  e.java:469)
  at org.apache.catalina.connector.HttpResponseBase.finishResponse(HttpRes
  ponseBase.java:236)
  at org.apache.catalina.connector.http.HttpResponseImpl.finishResponse(Ht
  tpResponseImpl.java:288)
  at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcesso
  r.java:1039)
  at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.ja
  va:1107)
  at java.lang.Thread.run(Thread.java:484)
  Please do the needful
  If you have anwser, Please mail to [email protected]

  Well, once you're already using MyEclipse, I have it set up even simpler than that. Go to Window/Preferences/MyEclipse/Application Servers/Tomcat4/Launch and set the launch mode to debug.
  This works if the project is successfully setup as a webproject in MyEclipse.
  My problem is that I have a project that was not developed with MyEclipse and for some reason does not work when I set it up as a web project in MyEclipse. MyEclipse seem to do something funny with it when I establish the project. Now, if I set it up simply as a java project (as oppposed to Web Project) in myEclipse, then MyEclipse does not give me an option of deploying it.
  Any ideas about how I would go about debugging a project that's not set up as a Web Project in my eclipse?

• HTTP2302 error  with tomcat and linux environment

  We are using Sun Java(TM) System Web Server 7.0 with Tomcat 6.0.14 in Linux environment. We are frequently facing "Service Unavailable error" in the frontend . while verifying the logs we found the details as below :
  could you guinde what could be issue here ?
  In Webserver log the following error thrown many times
  func_exec reports: HTTP2302: Function jk_service aborted the request without setting the status code
  We are using the tomcat connector nsapi_redirector-1.2.26-sjsws6.1sp11.so in our environment
  nsapi.log
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [debug] jk_open_socket::jk_connect.c (448): socket TCP_NODELAY set to On
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [debug] jk_open_socket::jk_connect.c (548): trying to connect socket 30 to 160.254.92.190:8051
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [info] jk_open_socket::jk_connect.c (566): connect to 160.254.92.190:8051 failed (errno=111)
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [info] ajp_connect_to_endpoint::jk_ajp_common.c (869): Failed opening socket to (160.254.92.190:8051) (errno=111)
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [error] ajp_send_request::jk_ajp_common.c (1359): (ajp13) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [info] ajp_service::jk_ajp_common.c (2186): (ajp13) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [error] ajp_service::jk_ajp_common.c (2204): (ajp13) Connecting to tomcat failed. Tomcat is probably not started or is listening on the wrong port
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [error] jk_service::jk_nsapi_plugin.c (398): service() failed with http error 503
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [debug] ajp_reset_endpoint::jk_ajp_common.c (691): (ajp13) resetting endpoint with sd = 4294967295 (socket shutdown)
  [Thu Nov 19 06:22:11.602 2009] [20843:4074314640] [debug] ajp_done::jk_ajp_common.c (2522): recycling connection pool slot=0 for worker ajp13
  h1. Obj.conf
  <Object name="default">
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  <If $uri =~ '^/$'>
  NameTrans fn="redirect" from="/" url="http://wikitest.pershing.com/confluence/" code="301"
  </If>
  NameTrans fn="assign-name" from="/confluence/*" name="servlet"
  PathCheck fn="uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
  Service method="TRACE" fn="service-trace"
  AddLog fn="flex-log"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="cgi">
  ObjectType fn="force-type" type="magnus-internal/cgi"
  Service fn="send-cgi"
  </Object>
  <Object name="send-precompressed">
  PathCheck fn="find-compressed"
  </Object>
  <Object name="compress-on-demand">
  Output fn="insert-filter" filter="http-compression"
  </Object>
  <Object name="servlet">
  ObjectType fn="force-type" type="text/html"
  Service fn="jk_service" worker="ajp13"
  </Object>

  Hi, The reason tomcat had to be used is that the software is bundled with tomcat. Hence we are in the following configuration:
  -Sun Web Server 7.0 update 5
  -Tomcat 6, Using JRE1.6
  -The server runs Linux.
  -As for the tomcat web server plugin, the 32-bit tomcat connector is downloaded from http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/solaris/jk-1.2.26/sparc/
  With this configuration. seems when we refresh a page quickly, we get "service unavailable error". But if we only put web contents, the issue does not exist. Looks like the issue resides in the plugin....
  Any help is greatly appreciated

• Question regd C++ and Java with Tomcat and SSL

  I have configured Tomcat with SSL and am running a servlet
  which is going to recieve input from a C++ Application.
  The team which are coding in C++ have a statement in their C++
  code 'HTTP1.1'
  My Tomcat is v 3.2.4
  Does this support HTTP 1.1 OR HTTP 1.0 PROTOCOL.??

  tomact latest version supports both HTTP specifications 1.1 and 1.0. If you want to make sure you for tomcat 3.2.4 then you can search the web and jakarta website for this.
  Regards
  Akhil Nagpal

• Apache SSL Client Authentication with Windows Mobile

  The biggest question I have here is if anyone has actually made this work. I would think this would be pretty standard...
  On our HTTP server I have protected folders setup with Certificate Based Client Authentication. Each folder requires a unique client certificate.
  This works perfectly with IE & Firefox running on PCs.
  The problem I have is trying to authenticate a Windows Mobile Device.
  I can authenticate the CA certificate but nothing in the client certificate.
  In ssl.conf I have the following parameters for each folder:
  SSLRequire %{SSL_CLIENT_S_DN_O} eq "Our Organization"
  SSLRequire %{SSL_CLIENT_S_DN_CN} eq "User Division Level"
  SSLRequire %{SSL_CLIENT_S_DN_OU} eq "User Level"
  The only parameter that Apache is able to validate from the device is DN_O and that is coming from the CA certificate.
  DN_CN & DN_OU are contained in the user certificate but it is not able to validate those.
  Anyone have any ideas on this?
  Edited by: Alan3 on Nov 20, 2008 2:15 PM

  Bump.
  Is anyone out there using Win Mobile devices with Oracle HTTP server?

• ACS 5.3 Radius authentication with ASA and DACL

  Hi,
  I am trying to do Radius authentication on the ACS 5.3 for VPN access (cisco client) using a downloadable ACL with AD identity
  Clients are connecting to an ASA 5510 with image asa843-K8.bin
  I followed the configuration example on the Cisco site, but I am having some problems
  First : AD identity is not triggered, I put a profile  :
  Status
  Name
  Conditions
  Results
  Hit Count
  NDG:Location
  Time And   Date
  AD1:memberOf
  Authorization   Profiles
  1
  TestVPNDACL
  -ANY-
  -ANY-
  equals Network Admin
  TEST DACL
  0
  But if I am getting no hits on it, Default Access is being used (Permit Access)
  So I tried putting the DACL in the default profile, but when connecting I am immediately disconnected.
  I can see the DACL/ASA being authenticated in the ACS log but no success
  I am using my user which is member of the Network Admin Group.
  Am I missing something?
  Any help greatly appreciated!
  Wim

  Hello Stephen,
  As per the IP Pools feature, the ACS 5.x does not include such functionality. It is not on the ACS 5.x roadmap either as the recommended scenario would be to use a dedicated DHCP server.
  ACS 4.x included that functionality, however, it was not the best solution as the ACS returned the IP Address value as a RADIUS Attribute instead of acting as a real DCHP server.
  As per the IMEI and MISDN I am assuming you are referring to International Mobile Equipment Identity and Mobile Subscriber ISDN. Correct me if I am wrong.
  In that case it seems that the ACS 5.x should be able to Allow or Deny access based on Radius Attribute 30 (Called-Station-Id) and 31 (Calling-Station-Id).
  In that case you might want to use the End-Station Filters feature and use it as the condition for the Rule. The End-Station Filter feature uses CLI/DNIS where CLI is Radius Attribute 31 and DNIS is Attribute 30.
  I am assuming a Generic Username will be embedded on the devices request. In that case you will define which end-user devices will be granted access based on the above attributes.
  Here is a snapshot of the section:

• Need help with Tomcat and JSP

  Hi
  I'm a complete beginner with JSP, I have experience with Java, Dreamweaver and HTML, but I'm having alot difficulty understanding JSP.
  I tried doing out some of the tutorial examples but they don't seem to come out right on the browser.
  For Example the Code for Date
  <HTML>
  <BODY>
  <%
  // This is a scriptlet. Notice that the "date"
  // variable we declare here is available in the
  // embedded expression later on.
  System.out.println( "Evaluating date now" );
  java.util.Date date = new java.util.Date();
  %>
  Hello! The time is now <%= date %>
  </BODY>
  </HTML>
  Comes out as
  <% // This is a scriptlet. Notice that the "date" // variable we declare here is available in the // embedded expression later on. System.out.println( "Evaluating date now" ); java.util.Date date = new java.util.Date(); %> Hello! The time is now <%= date %>
  I know this probably really sounds like a stupid question but what could be the problem?

  Those it have to saved on the desktop, or in the Tomcat webapps folder or what?It has to be in a web application under tomcat. The easiest one to get up and running with basic jsp is the webapps/ROOT directory which is where the main index page is.
  [url http://www.coreservlets.com/Apache-Tomcat-Tutorial/]This one is a good basic guide to installing/getting it running.
  Also the tomcat documentation itself is reasonable good. Of specific relevance to you would be [url http://tomcat.apache.org/tomcat-5.5-doc/appdev/index.html]Application developers guide which explains the basic layout/structure of a web application.