Tomcat 5.5 + SSL

Similar Messages

• Prob in config tomcat to use SSL

  Hello,
  I have configured tomcat to use SSL exactly defined in how-to doc of apache tomcat.
  but when i give URL https://localhost:8443 its simple says page cannot b displayed....and when clientAuth is set to true...
  In case if i set clientAuth as false then it says There is problem with website security certificate...
  Below is the connector tag tht i have..
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8443" minProcessors="5" maxProcessors="75"
  enableLookups="true"
       acceptCount="100" debug="0" scheme="https" secure="true"
  useURIValidationHack="false" disableUploadTimeout="true">
  <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
       clientAuth="true" protocol="TLS" />
  </Connector>
  Can any1 plzzzz help me????
  Thanks in Advance.

  Where is your keystore specification?
  What is the output of logs/catalina.out and .err?
  In this doc :
  http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
  There is the very important sentence :
  "There are addional option used to configure the SSL protocol. You may need to add or change the following attribute values, depending on how you configured your keystore earlier:"

• Has any one configured Tomcat 4. with SSL?

  Has any one configured Tomcat 4. with SSL?
  Please I am getting a problem with this.
  When I say $tomcat_home/bin>startup,it starts up fine.
  When I change to the server.xml to point out to the server
  ceritificate I have created using the keytool,and again say
  startup,it disappears.
  Here is the extract of my server.xml
  Can some one please help as to what i am missing?
  <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8443" minProcessors="5" maxProcessors="75"
  enableLookups="true"
       acceptCount="100" debug="0" scheme="https" secure="true"
  useURIValidationHack="false" disableUploadTimeout="true">
  <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
  keystoreFile="C:/AHTTPS_UrlConnect/.keystore"
  keystorePass="changeit"
  clientAuth="false" protocol="TLS" />
  </Connector>

  this works for me
  <!-- unedited part below for ssl 21/7 -->
  <Connector className="org.apache.catalina.connector.http.HttpConnector"
  port="8443" minProcessors="5" maxProcessors="200"
  enableLookups="false"
  acceptCount="10" connectionTimeout="60000" debug="0"
  scheme="https" secure="true">
  <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
  clientAuth="false" keystoreFile="c:\jwsdp-1_0-ea2\tomcat_keystore\tomcatks" keystorePass="tomcat" protocol="TLS"/>
  </Connector>
  <!-- unedited part above 21/7 -->

• Tomcat standalone & instant ssl-certificate

  hi folks
  i have a tomact-standalone server. last year as i installed the whole thing everything worked fine
  as i followd the instructions on this site.
  http://www.comu.de/docs/tomcat_ssl.htm
  Now i have to replace the certificate and i followed the instructions on this site.
  http://www.instantssl.com/ssl-certificate-support/cert_installation/ssl-certificate-java.html?currency=EUR&region=Europe&country=DE
  allthoug tomcat starts mozilla gives the following exception.
  Mozilla and mydomain.de cannot communicate because they have no common
  encryption algorithms.
  Has anybody got tomcat standalon run with an instantssl certificate and has some detailled instructions.
  regards
  gencaslan

  could it be possible that the certificat was generated wrongly? without a certification path?

• How to make tomcat 5 support SSL (https)?

  Hi,
  is there a way to make tomcat support SSL (https)?
  i using: Apache 1.3.33
  with : Tomcat 5.0.28-1.00RC2
  and : jakarta-tomcat-connectors-jk-1.2.6
  JDK: j2sdk1.4.0_04
  Many thanks
  Anatolia

  Thanks very much Sherbir,
  But JSSE is integrated into the Java 2 SDK, Standard Edition, v 1.4 and above!
  here is what i'm facing:
  the documentation says:
  >
  It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself.
  I'm running running Tomcat as a Servlet/JSP container behind Apache 1.3.33 web server.
  So all SSL requests are handled by apache web server, but the problem I'm facing is that if i request any jsp page using https (ssl) i get plain text and it's not handled by tomcat!
  i have a test page called test.jsp:
  <html>
  <head>
  <title>JSP test page</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body>
  <p>2 x 2 = <%= 2 + 2 %>
  </p>
  </body>
  </html> If I request this page using normal http request I get my results fine:
  2 x 2 = 4
  but if i request the page using https (ssl) I get a clear plain text of my jsp file content like this:
  <html>
  <head>
  <title>JSP test page</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body>
  <p>2 x 2 = <%= 2 + 2 %>
  </p>
  </body>
  </html> Now how do I fix this problem and make apache passes the jsp file to tomcat if the request was https (ssl) and not send me cleartext of my file content!
  Many thanks
  Anatolia

• Tomcat 5 with SSL

  Hi, I am having trouble getting Tomcat to work with SSL.
  I have created a PKCS12 keystore with 1 entry. When I look at with keytool it says it has "Entry type: keyEntry" and "Certificate chain length: 1"
  In my server.xml file I have
  <Connector port="8443"
       maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
       enableLookups="false" disableUploadTimeout="true"
       keystoreFile="/home/mydir/ssl.p12"
       keystorePass="*******" keystoreType="PKCS12"
       acceptCount="100" debug="0" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS" />When I go to the site at port 8443 using https I get a network timeout error.
  Any help is appreciated.
  Edited by: Empr on Aug 6, 2009 4:35 PM

  Could not open connection to the host, on port 8443: Connect failedDid it really say 'connect failed'?
  the Tomcat is running on an Apache web serverNo it's not. It might be running in the same host as an Apache Web server.
  but the Apache already uses HTTPS... on port 443 in a separate process. Nothing to do with Tomcat's SSL on port 8443. If your Tomcat SSL configuration is as shown above you should be able to connect an SSL socket or an HTTPS URL to it.

• SSL Config on Tomcat

  Hi Experts:
  My Apache+SSL is working now - thanks to you all. I checked it using https://www.hari.com.
  However, I have a small Application which contains JSP+Servlets which calls Oracle DB via JDBC. This application is working fine when I type http://www.hari.com:8080/hari/index.jsp but when I try HTTPS as https://www.hari.com:8080/hari/index.jsp it does'nt work - ie page does'nt shows up.
  I know that HTTPS listens to port 443 and my Application(Tomcat+JBoss) listens to port 8080 - so how do I integrate both the ports to work together? Any useful information on above is appreciated.
  THANKS!
  HARI

  Hi
  I guess that you haven't changed the pot that Tomcat listens for SSL connections.If not the default port for SSL is 8443 for Tomcat. SO if you want your application to run via SSL you must use s.g like https://localhost:8443/......
  if u use 8080 it won't run. The connection to the database should be again to the 8080 port, but the servlet should listen to 8443 for SSL. Check the port in the server.xml file

• Configure SSL for Tomcat 6x with clientAuth="true"

  Hi,
  I have configured my tomcat server with SSL. The certificate I am using is created by keytool.
  Its working fine when clientAuth="false".
  But now I want to check client certificate too. So I changed clientAuth="true" and provided a client certificate too.
  Now this is not working.
  Please some body help me solve it.
  Thnx in advnc.

  Try a forum/mailinglist devoted to Tomcat. There's one at its own homepage.
  This is just the JSP/JSTL forum.

• Configure SSL for Tomcat 6x

  Hi,
  I have configured my tomcat server with SSL. The certificate I am using is created by keytool.
  Its working fine when clientAuth="false".
  But now I want to check client certificate too. So I changed clientAuth="true" and provided a client certificate too.
  Now this is not working.
  Please some body help me solve it.
  Thnx in advnc.

  Try a forum/mailinglist devoted to Tomcat. There's one at its own homepage.
  This is just the JSP/JSTL forum.

• Tomcat, LDAP, SSL, Servlet

  Hi - I have already written a servlet that binds against a LDAP Server normally. Now I need to implement SSL on it. I would like to know if anyone has any code that simply binds against an LDAP Server using SSL.
  I use the servlet on Tomcat to connect to the LDAP Server .. so...
  1. Do I need to install JSSE alongwith Tomcat to use ssl?
  2. Since the servlet acts as the Client to the LDAP Server - is it enough to simply add ssl parameters to the code (and include a cert store path)?
  I would only require to know simple steps to ssl-enable my existing application ...
  please help!

  I had problems getting SSL to work. The only modifications that you should need to make are in the connection.
  Here is the URL.
  http://forum.java.sun.com/thread.jsp?forum=51&thread=322566

• Securing file download with standard web security and ssl

  Hi,
  I want to put some files for download in my webapp. At the same time, I want to protect these files using standard servlet security and ssl. So I added <security-constraint> in my web.xml and configured tomcat to allow SSL connection. Now I got the files protected as I expected. When I try to access the file directly from browser, tomcat shows me the login page. However, after correct login, I.E. pops up an error saying something like "Internet Explorer cannot download XXX from XXX. The file could not be written to the cache.". The log file showed the following exception:
  javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
       at com.sun.net.ssl.internal.ssl.AppInputStream.available(AppInputStream.java:40)
       at org.apache.tomcat.util.net.TcpConnection.shutdownInput(TcpConnection.java:90)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:752)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
       at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
       at java.lang.Thread.run(Thread.java:595)
  Caused by: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1407)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
       at org.apache.coyote.http11.InternalOutputBuffer.realWriteBytes(InternalOutputBuffer.java:747)
       at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:403)
       at org.apache.coyote.http11.InternalOutputBuffer.endRequest(InternalOutputBuffer.java:400)
       at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:961)
       at org.apache.coyote.Response.action(Response.java:182)
       at org.apache.coyote.Response.finish(Response.java:304)
       at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:281)
       at org.apache.catalina.connector.Response.finishResponse(Response.java:473)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
       ... 4 more
  Caused by: java.net.SocketException: Connection reset by peer: socket write error
       at java.net.SocketOutputStream.socketWrite0(Native Method)
       at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
       at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
       at com.sun.net.ssl.internal.ssl.OutputRecord.writeBuffer(OutputRecord.java:283)
       at com.sun.net.ssl.internal.ssl.OutputRecord.write(OutputRecord.java:272)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:663)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
       ... 15 more
  I've tried separating concerns, for example protect files but not require SSL, and enable SSL but do not protect files. Both works respectively but not together. I also tried using a download4j's DownloadServlet. Still doesn't work.
  Have any of you encouter the same situation? If so, could you enlight me what I did wrong? It maybe just a simple SSL configuration or something. Thanks in advance!
  Jack

  My environment setup is:
  JDK 1.5.01
  Tomcat 5.5.7
  For downloading files, I just use plain old <a href> method. I simply right-click the link and choose "save target as...".
  Thanks,
  Jack

• Certificate problem when connection to tomcat

  I setup tomcat to use ssl by creating my own certificate.
  This works fine using the browser.
  But when I try this code from a test program:
  URL u = new URL("https://localhost:8443/");
  BufferedReader in = new BufferedReader(
  new InputStreamReader(
  u.openStream()));
  I get the error:
  javax.net.ssl.SSLHandshakeException:
  java.security.cert.CertificateException:
  Couldn't find trusted certificate
  I exported the cert from my keystore and
  imported it into my Trusted Root Certificate Autority
  using IE, but I still get same error.
  Any advice please?

  Solved this by adding the tomcat cert
  to <JAVA_HOME>\jre\lib\security\cacerts
  1. Export cert from keystore
  2. Import cert into cacerts keystore
  Then I got an io error about localhost
  Solved this by creating the tomcat cert
  with the company name as localhost

• QaaWS and SSL

  I have configured Tomcat to use SSL and this works great.  I have DNS name for the site which is not our CMS name.  I am able to use CMC and Infoview without any issues.  We are running BO Enterprise (Version 3.1 Hotfix 1.2).  We have developed a Dashboard using QaaWS.  This works fine in development and QA but neither of those systems is SSL Enabled.
  After moving the QaaWS items to production I attempted to connect with the client QaaWS tools to update the URL configuration on each query.  When moving QaaWS queries from one system to another the URL is not updated and you need to republish with the client tools.  When I attempt to connect with the client tools I am not able to.  When i create the production host and put in the Https://<servername>/dswsbobje/services/Session the system attempts to validate the URL connection.  I get a error "Web services URL is not correct".  I am not able to connect at this point.
  If I remove the HTTPS requirement by enabling HTTP in Tomcat again, i can connect, but of course my users connect via HTTPS and after publishing my dashboard I get an error in the dashboard.
  I need to know what to configure in Tomcat to enable webservices to work on HTTPS connections.
  Using the URL https://<BOBJServerName>/dswsbobje/services/Session in the browser returns this message:  Please enable REST support in WEB-INF/conf/axis2.xml and WEB-INF/web.xml
  How does one do this?  And if I do will the client tools be able to connect via HTTPS?
  Thanks for any help you can provide.

  I am getting the following error while loading Xcelsius Dashboard in https mode.
  Error: Error #2170, Cannot Access External Data
  Connection Type: Query as a Web Service
  To access external data, add a cross-domain policy file to the external data web server.
  The same dashboard is working on the following conditions:
  1)     In http mode(both from a hosted website and from a clarity portlet)
  2)     When I click preview from Xcelsius designer.
  3)     When I run the .swf file directly.
  The error is coming only when I host the swf file into a website (or running from a clarity portlet).
  I am using the following cross-domain-policy file.
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
       <site-control permitted-cross-domain-policies="all"/>
          <allow-http-request-headers-from domain="" headers="" secure="true" />
          <allow-access-from domain="*" secure="true" />
  </cross-domain-policy>
  Any comments will be appreciated here.
  Thanks,

• Tomcat, servlet, cacerts, client authentication and Thawte...

  Hello all,
  the steps and code samples below (well known to you) work fine for a VeriSign Personal Digital Id trial and a GlobalSign PersonalSign demo certificate. However:
  1) how can I make Tomcat or JSSE use both my default keystore and the cacerts file?
  The VeriSign class 1 root is in this cacerts file, but still I need to import the very same root into my own keystore to accept the client certificate. Also, importing the GlobalSign root into cacerts does not help me; instead I am required to import it into my default keystore.
  I know I can set the keystore parameter in the Tomcat server.xml -- but that does not feel right... When I import a cert using "keytool -trustcacerts" then I get "Certificate already exists in system-wide CA keystore under alias <verisignclass1ca> Do you still want to add it to your own keystore?" This gives me the feeling that the system knows where to find the cacerts file, but Tomcat somehow does not use it...
  2) anyone used Thawte Personal Freemail with Tomcat?
  Even when I import the Thawte root certificate into my own keystore, a Thawte Personal Freemail cert is never accepted. In Internet Explorer, although having three certificates installed, the popup dialog that prompts me to choose one only shows the VeriSign and GlobalSign things. When using "TOMCAT_OPTS=-Djavax.net.debug=all" I see that Tomcat "proposes" all three roots to the client browser:
    *** CertificateRequest
    Cert Types: DSS, RSA,
    Cert Authorities:
    <CN=GlobalSign Root CA, OU=Root CA,
       O=GlobalSign nv-sa, C=BE>
    <OU=Class 1 Public Primary Certification Authority,
       O="VeriSign, Inc.", C=US>
    <[email protected],
       CN=Thawte Personal Freemail CA,
       OU=Certification Services Division,
       O=Thawte Consulting, L=Cape Town,
       ST=Western Cape, C=ZA>
    *** ServerHelloDoneAll details below.
  Thanks,
  Arjan.
  - JDK 1.4 beta. I also have 1.3 installed; I did not try 1.3 with the JSSE extension available at http://java.sun.com/products/jsse/index-102.html
  - JAVA_HOME and PATH are set allright.
  - Tomcat 3.2.1
  Steps taken:
  VeriSign
  - free trial at http://www.verisign.com/client/enrollment
  - export the VeriSign root certificate from the global CA certificates. The password defaults to changeit
  - import the exported root into the default key store
    cd /jdk1.4/jre/lib/security
    keytool -export -keystore cacerts -alias verisignclass1ca -file myverisignroot.cer
    keytool -import -alias myverisignroot -trustcacerts -file myverisignroot.cerAbove, the -trustcacerts is only added to show you the warning I mentioned above...
  GlobalSign
  - free trial at http://www.globalsign.com/secure_demo.cfm
  - get the root certificate at http://secure.globalsign.net/en/trust
  - import the root certificate into the default keystore
    keytool -import -alias myglobalsignroot -file root.cacert
  Thawte
  - free certificate at http://thawte.com/getinfo/products/personal
  - the Personal Freemail root certificate at http://www.thawte.com/certs/trustmap.html
  - import the Personal Freemail root certificate into the default keystore
    keytool -import -alias mythawteroot -file persfree.crt
  Tomcat
  - uncomment the SSL Connector section in server.xml, except for keystore and keypass (the password is still the default, being changeit)
  - to the very same Connector section, add
    <Parameter name="clientAuth" value="true"/>- create a security certificate, as mentioned in server.xml as well. When using JDK 1.4, one does not need to set the classpath or change java.security. So:
    keytool -genkey -alias tomcat -validity 180 -keyalg RSA- to see debug info:
    set TOMCAT_OPTS=-Djavax.net.debug=all- make sure the VeriSign etc. roots are imported
  - restart Tomcat
  - connect to the servlet at port 8443, using https. You will see security warnings because your browser does not know the Tomcat certificate.
  Servlet
  Finally the code, as you may know it:
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.io.*;
  import java.util.*;
  // For Tomcat: javax.security, not java.security
  import javax.security.cert.X509Certificate;
  import javax.security.cert.Certificate;
  import java.security.Principal;
  // JSSE classes
  import javax.net.*;
  import javax.net.ssl.*;
  public class sslTest extends HttpServlet
    private static final String CONTENT_TYPE = "text/html";
    public void init(ServletConfig config) throws ServletException
      super.init(config);
    private void printCert(PrintWriter pw, Object obj)
      if(obj instanceof Certificate)
        pw.println("<>---------------------------------------<>");
        if(obj instanceof X509Certificate)
          X509Certificate cert = (X509Certificate)obj;
          Principal principal = cert.getIssuerDN();
          pw.println("  Principal Name : " + principal.getName());
          pw.println("  Version        : " + cert.getVersion());
          pw.println("  Serial Number  : " + cert.getSerialNumber());
          pw.println("  Issue DN       : " + cert.getIssuerDN());
          pw.println("  Subject DN     : " + cert.getSubjectDN());
          pw.println("  Not Before     : " + cert.getNotBefore());
          pw.println("  Not After      : " + cert.getNotAfter());
          pw.println("<>---------------------------------------<>");
          pw.println(cert.toString());
        else
          Certificate cert = (Certificate)obj;
          pw.println(cert.toString());
    private void printCertificateDetails(String attributeName,
      HttpServletRequest req, PrintWriter pw)
      Object obj=req.getAttribute(attributeName);
      if(obj instanceof Certificate[])
        if(obj instanceof X509Certificate[])
          pw.println("<h1>Client X509Certificate Chain</h1>");
        else
          pw.println("<h1>Client Certificate Chain</h1>");
        Certificate[] array = (Certificate[])obj;
        for (int x=0; x < array.length; x++)
          printCert(pw, array[x]);
      else if(obj instanceof Certificate)
        if(obj instanceof X509Certificate)
          pw.println("<h1>Client X509Certificate</h1>");
        else
          pw.println("<h1>Client Certificate</h1>");
        printCert(pw, obj);
      else
        if (obj != null)
          pw.println("Client Certificate Attribute "
            + attributeName
            + ", type \""
            + obj.getClass().getName()
            + "\":\n" + obj);
        else
          pw.println (attributeName + " attribute not set");
    /**Process the HTTP Get request*/
    public void doGet(HttpServletRequest req, HttpServletResponse resp)
      throws ServletException, IOException
      PrintWriter pw = resp.getWriter();
      pw.println("<html><head><title>SSL Details</title></head><body><pre>");
      if (req.isSecure())
        pw.println("Got a secure connection.");
      else
        pw.println("This connection is not secure.");
      pw.println("IP address: " + req.getRemoteAddr());
      pw.println("User: " + req.getRemoteUser());
      pw.println("Subject: " + req.getHeader("CERT_SUBJECT")); // null for Tomcat
      pw.println("Issuer: " + req.getHeader("CERT_ISSUER"));   // null for Tomcat
      pw.println("\nAvailable attributes:");
      Enumeration attributeNames = req.getAttributeNames();
      while(attributeNames.hasMoreElements())
        pw.println("  " + attributeNames.nextElement().toString());
      pw.println("\n");
      Object obj;
      obj = req.getAttribute("javax.net.ssl.cipher_suite");
      if(obj instanceof String)
        pw.println("Cipher Suite: " + obj);
      else
        if(obj instanceof String[])
          pw.print("Cipher Suite: { ");
          String[] otherArray= (String[])obj;
          for (int x=0; x<otherArray.length; x++)
            pw.print(otherArray[x].toString() + " ");
          pw.println("}");
        else
          if (obj != null)
            pw.println("SSL Session Attribute javax.net.ssl.cipher_suite, type \""
              + obj.getClass().getName() + "\":\n" + obj.toString() );
          else
            pw.println ("javax.net.ssl.cipher_suite attribute not set");
      obj = req.getAttribute("javax.net.ssl.session");
      if(obj instanceof SSLSession)
        pw.println("SSL session:");
        SSLSession session = (SSLSession)obj;
        pw.println("Cipher Suite: " + session.getCipherSuite());
        pw.println("Peer Host: " + session.getPeerHost());
        pw.println("ID: " + new String(session.getId()));
      else
        if (obj != null)
          pw.println("SSL Session Attribute javax.net.ssl.session, type \""
            + obj.getClass().getName() + "\":\n" + obj);
        else
          pw.println ("javax.net.ssl.session attribute not set");
      // JSSE recommends �javax.net.ssl.peer_certificates� as the attribute name.
      // However, some web servers do not support these generic names. Like the
      // "javax.net.ssl.peer_certificates" is said to work for WebSphere 3.5 but
      // not for Tomcat 3.2.1.
      // "The javax.security.cert.X509Certificate class is similar to the newer
      // java.security.cert.X509Certificate. New applications should use the newer
      // java.security version". However, Tomcat does not support that:
      printCertificateDetails("javax.net.ssl.peer_certificates", req, pw);
      printCertificateDetails("javax.servlet.request.X509Certificate", req, pw);
      printCertificateDetails("tomcat.request.X509CertificateChain", req, pw);
      pw.println("</pre></body></html>");
    /**Clean up resources*/
    public void destroy()
  }

  Heya,
  Well, this is a pretty complete description of the problem, unfortunately I am not able to comment on the Tomcat side of things, but this makes for interesting reading nonetheless.
  One thing I must mention is that the Thawte Personal certs are indeed chained, and the Personal Freemail cert is the intermediate root CA which is in turn signed by the Personal Basic root (the link I have posted to you in your trouble ticket with us.)
  What may be happening is that the Personal Freemail cert is not completing the chain back to the Personal Basic root, and any cert signed with this may not be displayed as the Issuer is in doubt.
  If your Personal Cert has been issued within the last few months it has ben signed by the Personal Freemail 08.03.2000, and many versions of browsers have not got this particular root installed, could you verify that pls? I can send this particular root to you if you would like to test this theory out.
  There should bo no problems with using a Thawte certificate with your particular software, so we should hopefulyy be able to figure somehting out.
  Regards,

• Will Studio Creator components run on ssl?

  Hi everyone,
  Are all the great components in studio creator 2 built using ajax???
  Please correct me if i am wrong, but browsers do not implement ssl in javascript. If the components are in fact build with ajax, would they work for example on Tomcat 5 using ssl???
  Please share your comments.
  Thanks.

  The browsers that Creator 2 works with are known to support SSL (which version is unknown) and one can implement SSL in Javascript, so issues might be performance hits due to encryption, or having to modify Creator-supplied .JS code to use SSL.