"Sonny Sukumar" <ahimsadesi@(protected)
news:Law10-F98U7F3FG30Ga000088d0@(protected)...
>
> 2nd Update:
>
> --I reconfigured the SSL port from 8443 to 443 on our server (as well as
the
> redirect port), and all of a sudden I can connect using SSL. I don't
> understand why 8443 didn't work. Any ideas??
>
There is a well-know bug in MSIE related to security-constraints, but that
doesn't seem to apply here.
> --Now when I request static HTML pages, I get a browser alert saying that
> some of the info on the requested page is NOT encrypted, so it displays a
> lock broken in half instead of the golden lock I so desire. :-( I can't
> understand how a page would get partially encrypted--especially a static
> HTML page.
>
This means that the page has links to pages with 'http://server/folder/file"
in it. It could be images or stylesheets or anything else that gets
included. Usually the easiest is to change all of your resource references
to be relative (so the browser requests them with the same protocol as the
main page). If you are including images from third-party servers that don't
support SSL (or even if they do :), you should consider re-negotiating your
contract with them.
> I'm not sure if it's relevant, but I use Cocoon for the backend (2.1.2) in
> conjunction with Tomcat (4.1.27) on Linux (RedHat 7.3).
>
> Sonny
>
> >From: "Sonny Sukumar" <ahimsadesi@(protected)>
> >
> >
> >Update: I did a "keytool -list" with the "-rfc" options and discovered
that
> >all the certs *are* in fact there, but just that public/private key were
> >bundled together under the same alias. The way it lists the certs by
> >default is what confused me.
> >
> >HOWEVER, I uploaded the keystore to our server, set up server.xml, and
> >restarted Tomcat, but every single secure connection I attempt just times
> >out. I don't understand why this happens.
> >
> >Here's my server.xml SSL connector:
> >
> > <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
> > <Connector className="
org.apache.coyote.tomcat4.CoyoteConnector"
> > port="8443" minProcessors="5" maxProcessors="75"
> > enableLookups="true"
> > acceptCount="100" debug="0" scheme="https" secure="true"
> > useURIValidationHack="false" disableUploadTimeout="true"
> > compression="on">
> > <Factory
> >className="
org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> > clientAuth="false" protocol="TLS" keystorePass="changeit"
> > keystoreFile="conf/.keystore"/>
> > </Connector>
> >
> >Btw, does anybody know how to secure the server.xml file? It contains
some
> >clear text passwords, so this really concerns me! (Yes, I know "changeit"
> >is the default password even without specifying it here).
> >
> >Also, I don't currently have any <security-contraint>s set in my web.xml.
> >
> >Thanks for any insights!
> >
> >Sonny
> >
> >>From: "Sonny Sukumar" <ahimsadesi@(protected)>
> >>Reply-To: ssukumar@(protected)
> >>To: tomcat-user@(protected)
> >>Subject: Re: [HELP!] Which key alias names to use for SSL?
> >>Date: Sat, 11 Oct 2003 14:12:17 -0700
> >>
> >>
> >>Hi Adam,
> >>
> >>Your first step was:
> >>># keytool -genkey -alias tomcat -keyalg RSA
> >>
> >>and your last step was:
> >>># keytool -import trustcacerts -file public.crt -alias tomcat
> >>
> >>So you used the same alias ("tomcat") for both the private key and the
> >>signed public key. This is what doesn't work for me, because when I
> >>import the signed public key using the same ("tomcat") alias, my private
> >>key gets overwritten. I've verified this using "keytool list -keystore
> >>./.keystore"
> >>
> >>I also have the root cert from GeoTrust in there with alias "root". The
> >>root cert is actually an Equifax cert valid from 1998 to 2018, but the
> >>GeoTrust tech support rep told me to use that one. Could this be the
> >>problem?
> >>
> >>Other ideas?
> >>
> >>Thanks,
> >>
> >>Sonny
> >>
> >>>From: Adam Hardy <ahardy.struts@(protected)>
> >>
> >>>On 10/11/2003 09:08 PM Sonny Sukumar wrote:
> >>>>
> >>>>[I sent this once before, but got no response, and I'm not sure what
to
> >>>>do. Thanks in advance.]
> >>>>
> >>>>Hi guys,
> >>>>
> >>>>I'm trying to setup my Tomcat (4.1.27) server to work with SSL. I got
a
> >>>>CA-signed cert to go with my private key and CA root cert, but I'm
> >>>>confused as to how to name the alias for the CA-signed-cert and my
> >>>>private key.
> >>>>
> >>>>The Tomcat SSL How-To is confusing me, becuase it says to give the
> >>>>"tomcat" alias to both the private key and the CA-signed key. I tried
> >>>>it and it overwrote my private key (luckily I made a backup of my
> >>>>keystore).
> >>>>
> >>>>I'm looking at this documentation:
> >>>>http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
> >>>>
> >>>>It also doesn't seem possible to configure the alias names in
> >>>>server.xml. So what alias names should I use? :-)
> >>
> >>_________________________________________________________________
> >>Instant message with integrated webcam using MSN Messenger 6.0. Try it
now
> >>FREE! http://msnmessenger-download.com
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
> >>For additional commands, e-mail: tomcat-user-help@(protected)
> >>
> >
> >_________________________________________________________________
> >Share your photos without swamping your Inbox. Get Hotmail Extra Storage
> >today! http://join.msn.com/?PAGE=features/es
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
> >For additional commands, e-mail: tomcat-user-help@(protected)
> >
>
> _________________________________________________________________
> Frustrated with dial-up? Get high-speed for as low as $29.95/month
> (depending on the local service providers in your area).
> https://broadband.msn.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
