Sun ONE Cert import to apache

Similar Messages

• Sun ONE generated Cert import to apache

  Hello,
  I would like to import a sun one generated Certificate into Apache. I can not seem to find a straight step by step answer... anyone out there done this?
  I am keeping the same domain and the apache server will be running on the same system.
  Thanks,
  Angel

  Hello KB,
  As for questions #1 - The existing cert will continue to work. The CSR is created based on the existing private key
  # 2 - During installation of the Renewal certificate you will see a dialog box indicating the certificate already exists - Do you want to overwrite it, you answer YES - The new certificate is now the default certificate.
  # 3 - Problem
  Moving an SSL certificate from one Sun iPlanet 6.1 Web server to another
  Move certificate
  Resolution
  The process of moving (migrating) an SSL (Secure Sockets Layer) certificate from one host running Sun iPlanet Web Server 6.1 to another host also running Sun iPlanet Web Server 6.1 involves the following steps:
  Locate the alias directory within the iPlanet directory.
  Locate the https < server_name > cert7.db (or cert8.db depending on version) and https <server_name> key3.db files and copy them to the new iPlanet Web server's alias directory.
  On the new iPlanet Web server add a new server instance with the exact name as the previous server.
  Stop and start the Web server.

• Sun one web server and apache

  Hi, all
  I would like to ask what are the differences between Sun ONE Web Server 6.1 and apache 2 on the features/functions matter.
  Compare with apache, what things do the SUN ONE Web can done.?
  What things do the SUN ONE Web Server cannot done?
  I just want to compare their functions/features.
  Thank you for your help.

  I don't know of a comprehensive comparison between the two, and I don't know enough about Apache Httpd to give a fair comparison. However, here are some highlights.
  - Functionality: Besides from a few things that can be done with Apache Httpd and mod_rewrite but cannot be done in WS6.1, almost everything else worth doing can be done with WS6.1.
  - Performance and stability: WS6.1 has the advantage here. Look at the latest SPECWeb2005 results submitted by sun (http://www.spec.org/web2005/results/web2005.html).
  If you have specific features/functions that you want to list, we can offer better comparisons.

• Re: Sun One conflicting with Apache

  I have Sun One 4.0 ASP Server and Apache 2.0.43 and Tomcat 5.0.28 and I noticed that when I added the JK Mounts to Apache in order for Apache to become the dominant Web Server as opposed to Tomcat on the Unix side, that the Sun One statements caused conflict. Specifically:
  LoadModule casp2_module /var/Chilisoft/casp/module/sunos5_optimized/apache_2.0.x/20020903/standard/mod_casp2.so
  AND
  CaspLib /var/Chilisoft/casp/asp-server-3000
  ** When these lines were commented out, Apache worked fine and was able to bring back the Client page as well as data. Is there a port conflict with Apache or something else that I may be missing?
  thanks!
  Benjiwolf12

  I have fixed this problem.
  Apparently, the order of where the 'Load Module' is placed in Apache is very important. I moved the Load Module down to the bottom of the httpd.conf file and now the conflict is resolved.
  cheers!
  Chris

• Import netscape.ldap.* ; is it not supported in Sun one LDAP server

  import netscape.ldap.*;
  is the above line not supported n Sun One LDAP directory Server
  if that is the case what should i do
  wenever i compile my code the error tat comes up is : package netscap.ladp does not exists
  need help immediately
  my code is as follows
  import netscape.ldap.*;
  import java.util.*;
  * Simple search program to experiment with filters
  public class SearchFilter {
  * Do a subtree search using a specified filter
  * @parm args host, port, authDN, password, baseDN, filter
  public static void main(String[] args) {
  if (args.length != 6) {
  System.out.println("Usage: java FilterSearch " + "<host> <port> " + "<authdn> <password> " + "<baseDN> <filter>");
  System.out.println("Example:");
  System.out.println(" java FilterSearch " + "localhost 389 " + "\"\" \"\" " + "\"o=airius.com\" " + "\"(|(cn=sam*)(cn=b*))\"");
  System.exit(1);
  }

  Couldn't you download the netscape.ldap package (iPlanet LDAP SDK) and put its jars in your app classpath?
  The suggested way to replace netscape.ldap package is to use only JNDI calls, but maybe they can not fulfill all your needs.
  By the way, you can get the source code for that package in Mozilla.org site.
  (Note: if you are using Netscape LDAP SDK for parsing/generating ASN.1 streams including X.509 certificates, try using BouncyCastle instead of netscape.ldap.ber.stream package - I had to modify several classes from Netscape's package that is not meant to handle certificates, but LDAP streams...)

• Only client cert in Sun One App server

  Hi,
  Is this possible to configure an application for Sun One Application Server 8 Update 1
  to use only Client Cert auth without login with id and password ?
  I configured whole 1043 port to use Client Auth. It works when I enter https://localhost:1043. I provide client cert. But when I enter my app I got 'access denied'.
  The app contains only one jsp page and no roles at all.
  The following is my web.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app xmlns="http://java.sun.com/xml/ns/j2ee" version="2.4" mlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  <display-name xml:lang="pl">secure</display-name>
  <servlet>
  <display-name xml:lang="pl">secured</display-name>
  <servlet-name>secured</servlet-name>
  <jsp-file>/secured.jsp</jsp-file>
  </servlet>
  <jsp-config/>
  <security-constraint>
  <display-name>SecurityConstraint</display-name>
  <web-resource-collection>
  <web-resource-name>WRCollection</web-resource-name>
  <url-pattern>/secured.jsp</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  <auth-constraint/>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>CLIENT-CERT</auth-method>
  </login-config>
  </web-app>
  sun-web.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.0 Servlet 2.4//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_4-0.dtd">
  <sun-web-app>
  <context-root>/secure</context-root>
  <session-config>
  <session-manager persistence-type="memory">
  <manager-properties/>
  <store-properties/>
  </session-manager>
  <session-properties/>
  <cookie-properties/>
  </session-config>
  <cache enabled="false" max-entries="4096" timeout-in-seconds="30">
  <default-helper/>
  </cache>
  </sun-web-app>
  Thank You.

  Hello again.
  I would like to refrain my question.
  In admin console on port 4848 in Http Service node is a http-listener-2 defined.
  In particular there is "Client Authentication" setting.
  This is global setting for all request coming to that port.
  Can I achive the same functionality using web.xml in one of the apps server on the same port without resorting to setting this global option to true ?
  Thank You.

• Sun One 6.1 reverse proxy with multiple certs

  We are using Sun One Web Server 6.1sp6 as a reverse proxy without the passthrough plugin. We also have multiple certs and not a global cert and what we are seeing is the data getting "staged" on the web server before moving on to the destination (which obviously halves throughput). Some research tells us that this staging is happening because it needs to re-encrypt the packets for the next cert.
  Is there any way besides having a global cert that we can get around this? Would using the passthrough plugin help?
  Thanks,
  Don

  The thing is that it apparently doesn't do it on the fly, which is why I was wondering if the passthrough plug in would help. In other words, if I am sending a 10mb file through to the destination server (there's a weblogic server on the back end with a different cert that I want to do the real processing), the web server waits until it gets all 10mb then resends it. Seems it should do the encrypt/decrypt on a packet level to me.
  As far as the config, I didn't set it up, I'm just trying to get it to work :)
  Here are the configs, if it would help. If there's something set up wrong here, please feel free to point it out!
  Thanks,
  Don
  magnus.conf
  # The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
  # They will not be supported in future releases of the Web Server.
  NetsiteRoot /iplanet/servers
  ServerName rpserver.testdomain.com
  ServerID https-rpserver.testdomain.com
  RqThrottle 256
  DNS off
  Security on
  PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
  User iplanet1
  StackSize 131072
  TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
  PostThreadsEarly off
  KernelThreads off
  ChunkedRequestBufferSize 0
  LogVerbose on
  LogVsId off
  AsyncDNS off
  KeepAliveTimeout 10
  UseNativePoll on
  Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
  Init fn="wl_init"
  Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
  Init fn="stats-init" profiling="on"
  obj.conf
  # The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
  # They will not be supported in future releases of the Web Server.
  NetsiteRoot /iplanet/servers
  ServerName rpserver.testdomain.com
  ServerID https-rpserver.testdomain.com
  RqThrottle 256
  DNS off
  Security on
  PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
  User iplanet1
  StackSize 131072
  TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
  PostThreadsEarly off
  KernelThreads off
  ChunkedRequestBufferSize 0
  LogVerbose on
  LogVsId off
  AsyncDNS off
  KeepAliveTimeout 10
  UseNativePoll on
  Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
  Init fn="wl_init"
  Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
  Init fn="stats-init" profiling="on"
  server.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <!--
  Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
  Use is subject to license terms.
  -->
  <!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///iplanet/servers/bin/https/dtds/sun-web-server_6_1.dtd">
  <SERVER qosactive="false">
  <PROPERTY name="docroot" value="/iplanet/servers/docs"/>
  <PROPERTY name="accesslog" value="/iplanet/servers/https-rpserver.testdomain.com/logs/access"/>
  <PROPERTY name="user" value=""/>
  <PROPERTY name="group" value=""/>
  <PROPERTY name="chroot" value=""/>
  <PROPERTY name="dir" value=""/>
  <PROPERTY name="nice" value=""/>
  <LS id="ls1" port="443" servername="rpserver.testdomain.com" defaultvs="https-rpserver.testdomain.com" security="on" ip="any" blocking="false" acceptorthreads="2">
  <SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="-rc4,-rc4export,-rc2,-rc2export,-desede3,-des" ssl3="on" tls="on" ssl3tlsciphers="-rsa_rc4_128_sha,+rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,+rsa_3des_sha,+rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,-rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,+fips_3des_sha,-fips_des_sha" tlsrollback="on" clientauth="off"/>
  </LS>
  <MIME id="mime1" file="mime.types"/>
  <ACLFILE id="acl1" file="/iplanet/servers/httpacl/generated.https-rpserver.testdomain.com.acl"/>
  <VSCLASS id="vsclass1" objectfile="obj.conf" rootobject="default" acceptlanguage="false">
  <VS id="https-rpserver.testdomain.com" connections="ls1" mime="mime1" aclids="acl1" urlhosts="rpserver.testdomain.com" state="on">
  <PROPERTY name="docroot" value="/iplanet/servers/docs"/>
  <USERDB id="default"/>
  <SEARCH>
  <WEBAPP uri="/search" path="/iplanet/servers/bin/https/webapps/search" enabled="true"/>
  </SEARCH>
  </VS>
  </VSCLASS>
  <JAVA javahome="/iplanet/servers/bin/https/jdk" serverclasspath="/iplanet/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/iplanet/servers/bin/https/jar/webserv-ext.jar:/iplanet/servers/bin/https/jar/webserv-jstl.jar:/iplanet/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" nativelibrarypathprefix="" debug="false" debugoptions="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n" dynamicreloadinterval="-1">
  <JVMOPTIONS>-Djava.security.auth.login.config=/iplanet/servers/https-rpserver.testdomain.com/config/login.conf</JVMOPTIONS>
  <JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
  <JVMOPTIONS>-Xmx256m</JVMOPTIONS>
  <SECURITY defaultrealm="native" anonymousrole="ANYONE" audit="false">
  <AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
  <PROPERTY name="file" value="/iplanet/servers/https-rpserver.testdomain.com/config/keyfile"/>
  <PROPERTY name="jaas-context" value="fileRealm"/>
  </AUTHREALM>
  <AUTHREALM name="native" classname="com.iplanet.ias.security.auth.realm.webcore.NativeRealm">
  <PROPERTY name="jaas-context" value="nativeRealm"/>
  </AUTHREALM>
  <AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
  <PROPERTY name="directory" value="ldap://localhost:389"/>
  <PROPERTY name="base-dn" value="o=isp"/>
  <PROPERTY name="jaas-context" value="ldapRealm"/>
  </AUTHREALM>
  </SECURITY>
  <RESOURCES/>
  </JAVA>
  <LOG file="/iplanet/servers/https-rpserver.testdomain.com/logs/errors" loglevel="info" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
  </SERVER>

• How can I import Openldap schema into sun one directory server?

  Hello All
  I have a schema which was written for openldap, and I want to import this schema into sun directory server. I found that some attribute syntaxes, like "NumericString", are not exist in sun directory server and some attribute definitions are also different. For example, the "internationaliSDNNumber" in sun directory is defined in "IA5String" syntax, but it is "NumericString" in openldap. Is there any effect on querying data from two different ldap server? How can I solve this problem?
  Thank you!

  http://directory.fedora.redhat.com/wiki/Howto:OpenLDAP
  Migration
  GaryThanks! But after I use some of scripts in that page, I got
  "Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.36"
  It seems those scripts only transform schema file format, not the gap between different type(attribute syntax). Is it possible to import or add new type(attribute syntax) in sun one directory server?
  Thanks.

• Important URLs for Sun ONE Studio forums

  Check out our Sun ONE Studio forums by visiting the following links:
  For Java Tools:
  http://forte.sun.com/ffj/forums/index.html
  For Compiler Collection:
  http://forte.sun.com/s1scc/forums/index.html
  Add your voice to these active communities, while gaining technical insight and support.

  Here is forte forum:
  http://forte.sun.com/ffj/forums/index.html
  Try looking around there...

• IE 6.0 Mutual auth with Sun One 8

  Hello,
  What I intend to do - generate new server key pair, then generate client key pair. Export client pair to IE (newest) for mutual auth.
  Command I use:
  Server pair:
  1. keytool -genkey -keyalg rsa -keystore keystore.jks -storepass pass -alias server -dname "cn=www.myCompany.com,o=O2,ou=Ou2,L=W,C=US,S=W"
  2. keytool -export -alias server -file server.cer -keystore keystore.jks --storepass pass
  3. keytool -noprompt -import -v -trustcacerts -file server.cer -alias server -keystore cacerts.jks -storepass pass2
  Client pair:
  1. keytool -genkey -keyalg rsa -keystore keystore.jks -storepass ssaperots -alias client -dname "cn=client1,o=O2,ou=Ou2,L=W,C=US,S=W"
  2. keytool -export -alias client -file client.cer -keystore keystore.jks --storepass pass
  3. keytool -noprompt -import -v -trustcacerts -file client.cer -alias client -keystore
  cacerts.jks -storepass pass2
  Now I replace domain1/cacerts.jks and domain1/keystore.jks with new files, restart the server.
  Mutual auth with jax-rpc from j2ee tutorial works flawlessly.
  Finally I want IE to be able to do mutual auth:
  Using jstk-1.0.1 from http://www.j2ee-security.net/book/dnldsrc/
  jstk-1.0.1/bin/crypttool.sh export -keystore keystore.jks -alias client -storepass pass -outform PKCS12
  I have client.p12 which I import into IE personal certificates.
  Enter secure site on the server. Server cert is OK. I choose client1 pair for mutual auth.
  Then I see in the browser: HTTP Status 403 - Access to the requested resource has been denied.
  During the handshake in server.log I see:
  [#|2004-06-02T01:12:42.496+0200|WARNING|j2ee-appserver1.4|org.apache.coyote.http11.Http11Processor|_ThreadID=11;|
  Exception getting SSL Cert
  java.net.SocketException: Socket Closed
  a lot of stuff here
  [at the end]
  http1043-Processor3, handling exception: java.net.SocketTimeoutException: Read
  I tries also additional java security package with JDK 1.5.0 beta to generate PKCS12 pair.
  The same error diffrent exceptions.
  Question:
  1. Did I do something wrong ?
  2. Is the PKCS12 file corrupted in some way ?
  Thank You.

  OK. I answer to my own question ;)
  The problem I described in post 1 didn't even exist. I figured it by changing admin console to use mutual auth. It works.
  However I change the question. I modify bookstore2 app from sun app server 8 tutorial sdk 1.4 to use mutual auth. I present deployment descriptors generated by deploytool.
  This is sun-web.xml:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Servlet 2.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_4-0.dtd">
  <sun-web-app>
  <context-root>/bookstore2</context-root>
  <security-role-mapping>
  <role-name>appuser</role-name>
  <principal-name>admin</principal-name>
  </security-role-mapping>
  <resource-ref>
  <res-ref-name>jdbc/BookDB</res-ref-name>
  <jndi-name>jdbc/BookDB</jndi-name>
  <default-resource-principal>
  <name>PBPUBLIC</name>
  <password>PBPUBLIC</password>
  </default-resource-principal>
  </resource-ref>
  <cache enabled="false" max-entries="4096" timeout-in-seconds="30">
  <default-helper/>
  </cache>
  <jsp-config>
  <property name="keepgenerated" value="true"/>
  </jsp-config>
  </sun-web-app>
  This is web.xml:
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  <display-name>bookstore2</display-name>
  <context-param>
  <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
  <param-value>messages.BookstoreMessages</param-value>
  </context-param>
  <listener>
  <listener-class>listeners.ContextListener</listener-class>
  </listener>
  <servlet>
  <display-name>Dispatcher</display-name>
  <servlet-name>Dispatcher</servlet-name>
  <servlet-class>dispatcher.Dispatcher</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookstore</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookcatalog</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookdetails</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookshowcart</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookcashier</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookordererror</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookreceipt</url-pattern>
  </servlet-mapping>
  <jsp-config>
  <jsp-property-group>
  <display-name>bookstore2</display-name>
  <url-pattern>*.jsp</url-pattern>
  <el-ignored>false</el-ignored>
  <scripting-invalid>false</scripting-invalid>
  <is-xml>false</is-xml>
  <include-prelude>/template/prelude.jspf</include-prelude>
  <include-coda>/template/coda.jspf</include-coda>
  </jsp-property-group>
  </jsp-config>
  <security-constraint>
  <display-name>SecurityConstraint</display-name>
  <web-resource-collection>
  <web-resource-name>WRCollection</web-resource-name>
  <url-pattern>/*</url-pattern>
  <http-method>TRACE</http-method>
  <http-method>DELETE</http-method>
  <http-method>POST</http-method>
  <http-method>OPTIONS</http-method>
  <http-method>HEAD</http-method>
  <http-method>GET</http-method>
  <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>appuser</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>CLIENT-CERT</auth-method>
  </login-config>
  <security-role>
  <role-name>appuser</role-name>
  </security-role>
  <resource-ref>
  <res-ref-name>jdbc/BookDB</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  <res-sharing-scope>Shareable</res-sharing-scope>
  </resource-ref>
  </web-app>
  Using these I can't login.
  It is because I don't have an option to specify a user when I login.
  Qustions:
  1. How to change the application so it uses only client-cert (without users and passwords)
  2. How to change the application so login is possible with client-cert with specified user - admin?
  (my first guess - do form auth then client-cert, client-cert -> form login not possible ?)
  3. Are the certificated bound to specyfic application server users ?
  Thanks.

• Problems with Sun One Web Server 6.1 javax.xml.xpath package not found

  I used myeclipse to build an xml app and tested on jboss. it worked perfectly. However when i deployed it to our solaris sun one web server the app fell apart completely with the following error. I m unable to figure out what went wrong. Any help will be much appreciated.
  Thanks.
  [11/Dec/2007:22:12:37] failure (13539):      for host 121.247.233.169 trying to GET /feeds/rss.jsp, service-j2ee reports: StandardWrapperValve[jsp]: WEB2792: Servlet.service() for servlet jsp threw exception
       org.apache.jasper.JasperException: WEB4000: Unable to compile class for JSP
       /opt/SUNWwbsvr/test/ClassCache/test/_jsps/_feeds/_rss_jsp.java:8: package javax.xml.xpath does not exist
       import javax.xml.xpath.*;
       ^

  Thanks for the response. I tried to use xalan package which resolved the javax.xml.xpath package not found error (xalan.jar in WEB-INF/lib folder). However I m now getting the following error. Probably incompatible version is the reason. Please advise!
  [11/Dec/2007:23:46:28] failure (17028):      for host 121.247.233.169 trying to GET /feeds/rss.jsp, service-j2ee reports: StandardWrapperValve[jsp]: WEB2792: Servlet.service() for servlet jsp threw exception
       javax.servlet.ServletException: org.apache.xpath.XPathContext.<init>(Z)V
       at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:536)
       at _jsps._feeds._rss_jsp._jspService(_rss_new_jsp.java:627)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
       ----- Root Cause -----
       java.lang.NoSuchMethodError: org.apache.xpath.XPathContext.<init>(Z)V
       at org.apache.xpath.jaxp.XPathImpl.eval(XPathImpl.java:207)
       at org.apache.xpath.jaxp.XPathImpl.evaluate(XPathImpl.java:281)
       at _jsps._feeds._rss_new_jsp._jspService(_rss_jsp.java:165)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)

• Sun One cannot find package ?

  hi to all,
  i am trying to run my web application from sun one studio 5 SE, to utilise the debugging functionality that i cant get working in intellij or jbuilder :( (intellij wont iinstall on 2003 server and jbuilder crashes when in debug mode )
  anyways my app works fine by all accounts but when i mounted the filesystem inside SOS and i try and compile i get the following
  login$jsp.java [6:1] package org.apache.jasper.runtime does not exist
  import org.apache.jasper.runtime.*;
  ^
  login$jsp.java [9:1] cannot resolve symbol
  symbol  : class HttpJspBase
  location: class org.apache.jsp.login$jsp
  public class login$jsp extends HttpJspBase {
                                 ^
  login$jsp.java [35:1] package org.apache.jasper.runtime does not exist
      public final void _jspx_init() throws org.apache.jasper.runtime.JspException {
                                                                     ^
  login$jsp.java [86:1] cannot resolve symbol
  symbol  : method getClass ()
  location: class org.apache.jsp.login$jsp
                              auth = (xns.beans.Authenticator) java.beans.Beans.instantiate(this.getClass().getClassLoader(), "xns.beans.Authenticator");
                                                                                            ^
  login$jsp.java [105:1] cannot resolve symbol
  symbol  : variable JspRuntimeLibrary
  location: class org.apache.jsp.login$jsp
                  JspRuntimeLibrary.introspect(pageContext.findAttribute("auth"), request);
                  ^
  login$jsp.java [145:1] cannot resolve symbol
  symbol  : variable JspRuntimeLibrary
  location: class org.apache.jsp.login$jsp
                  out.print(JspRuntimeLibrary.toString((((xns.beans.Authenticator)pageContext.findAttribute("auth")).getUsername())));
                            ^
  login$jsp.java [170:1] cannot resolve symbol
  symbol  : variable JspRuntimeLibrary
  location: class org.apache.jsp.login$jsp
                  out.print(JspRuntimeLibrary.toString((((xns.beans.Authenticator)pageContext.findAttribute("auth")).getError())));
                            ^
  7 errors
  Errors compiling login.this happens with both the default internal SOS server and a tomcat 4.1 installation i have on same machine.
  i also mounted the jars that are in the server/lib dir of the tomcat install (i thought the server would have already mounted them) but this didnt help either
  any ideas pls, i need to extend this application and cant do it without debugging
  kind regards
  g00fy

  Hi Guys
  I found the answer already...
  u have to put jsse.jar , jnet.jar , jcert.jar in jdk1.31./jre/lib/ext folder
  And set some provider in java.security
  while it was done automatically in jdk1.4.1

• Sun one server 6.0 doesn't work well with explorer

  We've sun one server 6.0 sp4 running in a sparc server as SSL server and too as common server on port 80. The most our clients , 95%, are explorer browser users.
  The server has known bugs with SSL3 , interoperatibility with MSIE problem 532427. The solutions suggested in the server documentation don't work. We tryed the solutions suggested many times and in few time we got complaints from clients, people get "this page can't be displayed". I had to set the server to work with SSL2 only , althought security's reports tell that this protocol is not safe.
  The second bug is concern the latencies loading pages with explorer. I apply the solution suggested, KeepAliveQueryMeanTime 1, it doesn't work well too. We don't feel the latencies on new machines or light browsers as avant , but we still feel these latencies with old machines or if the users uses modem. A lot of people still see very strong latencies.
  I feel the server wasn't tested enough with explorer browser , it has so many compatibility problems with this browser.I think for the most webmasters the perfect compatibility with explorer is very important.
  We payed for this server and it is worst than apache ,apache group fixed the SSL problem long time ago. Only one thing we need doesn't work well in apache then we contenue to use sun one server. But this diference is not enough to justify the use of this server if sun don't fix these problems. I'm talking about problems they exist more than 1 year, they were when i installed the server then i contenue to work with iplanet 4.1 and SSL2. I read the new version server characteristics, version 6.1 , i didn't find anything telling that these problems were fixed.
  Yair Lapin
  Hebrew University Webmaster

  Yair -
  Unfortunately this is a little vague. Can you tell us specifically what problem(s) you're having (unfortunately your current message does not go into adequate detail for us to understand the problems you see, or to make recommendations about how to remedy them).
  Thanks
  Joe

• Does Sun One 6.1 support AIX 5.3 and 6.1

  Hi,
  We have a license for Sun One web server 6.1. Currently it is running on solaris 8.We want to know whether Sun One web server 6.1is compatible with AIX 5.3 and 6.1 as we are looking to migrate to AIX.
  We also need to know wherher the same license(i.e. for Sun One web server 6.1) can be used for Sun Java System Web Server 7.0 or we need a new one?
  Please help.

  You can export the server key + cert with pk12util from the old instance into a PKCS#12 format file and then use pkcs12util to import them to the new instance from that file. Run pkcs12util without any options for usage info.
  If you have additional questions about it, start a new thread at the web server forum (see link in the response above by cvr-786) so the relevant people can see it. Do not respond to this thread.
  P.S. If you found some problem with migrating away from 4.1 using the supported migration (using pk12util directly as noted above isn't really supported migration, though I believe it should probably work fine) the engineering team would certainly like to know about it. Please start a separate thread (again, in the web server forum, not here) describing the issues and/or file a bug through your support contact.

• SSL on Sun One Directory Server

  I am trying to establish SSL connection with Sun One Directory Server 5.2. However, I am unable to establish connection to the server using Microsoft LDP tool if i specify secure port 636. Unsecure connection is established successfully.
  I followed the following steps to enable SSL/TLS on Sun One Server
  1. Generate certificate request
  2. Acquire SSL certificate from CA (used thawte site to obtain trial certificate by entering the certificate request)
  3. Imported certificate to server (server-cert)
  4. Trusting your Certificate Authority and all certificates it issues
  5. Enable SSL on server
  Do i require to add a client certificate to keytstore? From where should i obtain a client certificate? Please help.

  1. Try and make sure that the certificate is issued to the hostname. Similarly, connect from MS to DS using the DS's hostname, not IP.
  2. Import CA root test certificate from thwate on both the DS certstore, as well as MS LDAP client's keystore.
  3. If the purpose of certificates is only encryption, you may look at the client for an option to disable hostname verification.
  4. No client cert is needed, unless you have configured LDAP for certificate based authentication.
  Hope the above help.
  Ankush
  http://www.iamcg.net