Usay,
Could you try tls test tool like testssl.sh on the problematic URLs?
It will tell you the reason...
Peter
> Am 10.04.2025 um 18:50 schrieb Christopher Schultz
> :
>
> Uday,
>
>> On 4/10/25 2:44 AM, Uday Upadhyay wrote:
>> I'm experiencing an issue w
to have a custom website instead of the browser's
built-in error-page?
Kind regards
Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 6 29 33 29 6
Fax: 0049 (0)30 / 6 29 33 29 6
Handy: 0049 (0)176 / 87 521 576
> You need to do what the instructions state: create a FIFO and specify its
> name in the CATALINA_OUT variable. For example, do
Ah, yes,
mkfifo catalina.out
fixed it for me. I had no idea what a fifo is, now I knew.
Kind regards
---
tomcat does not work anymore, instead this message appear:
/home/tomcat/apache-tomcat-9.0.75/logs/catalina.out exists and is not a
named pipe. Start aborted.
Any Ideas?
Kind regards
Peter Rader
-
To unsubscribe, e-
> Peter,
>
> On 12/29/23 07:56, Peter Rader wrote:
> > having a URL like this:
> >
> > https://localhost:8443/index.html works perfect. This is my mapping:
> >
> >
> > Nano-Nano-Servlet
> > /index.html
> >
> >
> > Nano-Na
having the message "Invalid URI: [noSlash]"
Any ideas?
Kind regards / Happy new year
Peter Rader
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
e tomcat launch again. After that we figure
out where you have to set the options...
Please detail how you start tomcat and show the output of startup (the
beginning and last lines should be enough).
Again, don't put any java options for tomcat in any global environment options
(JAVA_OPTS,
Ok thanks.
Got it is now working.
This step was missing.
We didn’t have to do this before.
No mention of having to edit Digest inside context.xml here
https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html
Tried SHA-256, couldn’t get it to work. But MD5 does.
Thanks again.
This e-mail a
1. Configure BASIC auth with clear-text passwords in the Realm and get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Hi Chris,
Step 1 & 2 work
Step 3 will not work with
digest equals the
clientDigest, then it works.
The way I understand it, the clientDigest comes from the client entering in the
username/pwd on the popup box.
From: Peter Otto
Date: Monday, November 13, 2023 at 11:05 AM
To: Tomcat Users List
Subject: Re: CredentialHandler not working for MD5
: users@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 16:30, Peter Otto wrote:
> With 9.0.82, and the latest version 10, I get the same problem.
> So I assume it stopped working since 9.0.74 all the way up to 9.0.82
>
> Removing the Realm Lock
@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 13:27, Peter Otto wrote:
> Logging into manager using MD5 works in 9.0.73 but now fails in
> 9.0.74->current
> Steps to reproduce.
>
> Step 1. Run C:\tomcat\bin> .\digest
Logging into manager using MD5 works in 9.0.73 but now fails in 9.0.74->current
Steps to reproduce.
Step 1. Run C:\tomcat\bin> .\digest.bat -a md5 -s 0 -i 1
tomcat:UserDatabase:nobueno
tomcat:UserDatabase:nobueno:bb6c1c32b9b6df4f707c0e58f2c900e0
Step 2. Use the digest # and place it in tomcat-
FYI I share this mail from the freemarker-mailsystem for your entertainment,
enjoy.
> Gesendet: Dienstag, 07. November 2023 um 23:50 Uhr
> Von: "Daniel Dekany"
> An: "FreeMarker developer list"
> Subject: Jakarta Servlet support decision
>
> The package of Servlet related classes has changed be
figure this function is buried in the authenticator code somewhere.
>> But I'd first like to see if anybody has done anything like this
>> already. If not, could somebody point me in the right directi
d) !!!
BTW: HSTS needs to be evaluated only once and then sticks in the browser!
So unless the 401 is the first page ever, this change would not be really
necessary.
Peter
> Am 15.09.2023 um 17:58 schrieb Thomas Hoffmann (Speed4Trade GmbH)
> :
>
> Hello Christ,
>
>>
the CIS Tomcat 8(!) Guide is pretty outdated! Probably in more than this
spot...
Peter
> Am 05.09.2023 um 14:03 schrieb Robert Turner :
>
> While I think I know the answer to my question, I wanted to double-check
> with the group to confirm.
>
> I have been asked to perform the
10
my log shows:
[RateLimitFilter] initialized with [10] requests per [10] seconds.
Actual is [16] per [16] milliseconds.
Thanks again,
Peter
-
To unsubscribe, e-mail: users-unsubscr
iled. I checked the free space and there are about 4
> > gigabyte free on the device.
> >
> > I already checked the upload-size in manager/WEB-INF/web.xml I already
> > checked the ip-disclosure in manager/META-INF/context.xml I already checked
> > the connectionTim
il a few days. I changed nothing.
Any ideas? (I do not like to update to a new tomcat-version)
Kind regards
Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 6 29 33 29 6
Fax: 0049 (0)30 / 6 29 33 29 6
Handy: 0049
Jon,
Peter Kreuser
Liebknechtstr. 83
63303 Dreieich-Sprendlingen
phone: +49 6103 9880863
fax: +49 6103 9886215
mobile: +49 172 6649346
email: pe...@kreuser.name
web: www.kreuser.name
key: http://www.kreuser.name/PGP_Public_Key.txt
smime: http://www.kreuser.name/SMIME.cer
> Am 24.04.2023 um
Any more details on the request?
Are you hitting an error 400? Like with ip address on a name based host?
That is handled prior to the filter and so you don't see the header!
Peter
> Am 20.04.2023 um 22:40 schrieb jonmcalexan...@wellsfargo.com.invalid:
>
> Hellow again.
>
Hi David,
is it a moving server? We had similar issues on a airborn server crossing
nation-borders rapidly.
10 minutes is unusual. The lowest timezone-change is 15 minutes afaik.
Kind regards
>
> Hi all,
>
> I've experienced an issue since the morning of the 21st that I'm
> hoping to get some
only recognizes class file versions up to 52.0
>at
Looks like you are running Tomcat on an older Java, that the app was compiled
with...
Need to lookup the exact class versions, but like:
Compiled with jdk13 and running on java 11.
HTH
Peter
> java.lang
rtificates for a single host.
>>> That's just not possible with the one-attribute-to-rule-them-all
>>> configuration
>>> where everything is on the element.
>>>
I have tried all the fancy new cert options and they are cool.
And I do agree that it&#x
-8.5-doc/config/http.html#SSL_Support
Peter
> Am 10.08.2022 um 00:15 schrieb James H. H. Lampert
> :
>
> I think this may have come up before, but I don't recall how it was resolved.
>
> On customer box #1, I have:
> address=""
>
rets
> >>>> that
> >>> may
> >>>> be in there (e.g. passwords).
> >>>>
> >>>> -chris
> >>>>
> >>>
> >
> > The error says that the client and the server couldn’t find a common
> cipher suite.
> > They couldn’t agree on any cipher.
> > Does your keystore contain a valid private key?
>
> The problem is likely that Tomcat 6 (which is ancient) defaults to TLSv1
> and no higher (this is a guess; I'm not bothering to look at a
> 14-year-old version of Tomcat to figure out what the problem really is).
> The client isn't willing to connect to such an ancient version of any
> protocol, so it fails with the handshake failure.
>
> > Maybe you can try to print out all available cipher suites on your
> environment:
> >
> https://stackoverflow.com/questions/9333504/how-can-i-list-the-available-cipher-algorithms
> > You can add the code to a jsp-page and print out the available
> algorithms.
>
> Try explicitly setting the "enabled protocols" to "TLSv1, TLSv1.1,
> TLSv1.2, TLSv1.3" -- however that's done in that dinosaur of a Tomcat
> version. It might be enabledProtocols="..." if might be
> SSLProtocols="..." and it might have a lot to do with whether or not
> APR/native is being used, too.
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Could this be an issue with the java jdk security disabled algorithms.
Later versions of jdk 8 disabled TLSv1 and TLSv1.1 by default, and you have
to change the jre/jdk conf/security/java.security file to fix it for older
use cases.
--
*Peter Chamberlain*
This is what I am using. Hope this helps.
https://orclcs.blogspot.com/2017/04/enable-hsts-in-tomcat.html
On Thu, Apr 28, 2022 at 3:11 PM Kaushal Shriyan
wrote:
> Hi,
>
> I am running the tomcat version 9.0.56 on CentOS Linux release 7.9.2009
> (Core) and trying to configure HTTP Strict Transpor
Chris,
> Am 14.04.2022 um 23:21 schrieb Christopher Schultz
> :
>
> Peter,
>
>> On 4/14/22 03:45, Peter Kreuser wrote:
>> Chris,
>>>> Am 13.04.2022 um 21:37 schrieb Christopher Schultz
>>>> :
>>> All,
>>> I asked this
fically in Java?
Anyways Do you know testssl.sh? If I want to know how to handle a specific tls
problem I check in Dirk's code and start from there...
Peter
> Thanks,
> -chris
>
> -
PostConstruct is for dependency-injection. A vanilla tomcat does no dependency
injection. Can you confirm you have a vanilla tomcat?
Kind regards
Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 6 29 33 29 6
hostname.
Hope this helps.
On Fri, Mar 25, 2022 at 8:54 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Peter,
>
> On 3/24/22 14:54, Peter Chiu wrote:
> > I will email you directly. For the group knowledge, there is nothing
> > special you need to do on T
Application builder->Your application->Shared Components->Application
Definition Attributes->Properties->Friendly URLs
On Thu, Mar 24, 2022 at 3:25 PM rupali singh
wrote:
> Hi,
>
> How we can enable friendly url in apex?
>
>
>
> On Fri, Mar 25, 2022, 12:48
Have you consider doing the following
1. custom URL/domain, and
2. enable Friendly URLs in APEX
On Thu, Mar 24, 2022 at 3:09 PM Felix Schumacher <
felix.schumac...@internetallee.de> wrote:
>
> Am 24.03.22 um 19:23 schrieb rupali singh:
>
> hi,
>
> yes context name is apex.
>
> Good to know.
>
>
I will email you directly. For the group knowledge, there is nothing
special you need to do on Tomcat if it is not behind a proxy.
On Thu, Mar 24, 2022 at 1:51 PM rupali singh
wrote:
> Hi Peter,
>
> Are u using apache web server with tomcat or its only tomcat .
> if possible ca
I have a working APEX SSO against Azure AD or On-Permise AD.
On Thu, Mar 24, 2022 at 1:13 PM rupali singh
wrote:
> HI Team,
>
> We are using apex 21.1 with tomcat 9.54.
> we want to implement SSO for application deployed in Apex with IDCS
> reference URL :
>
> https://www.ateam-oracle.com/post/
!
Peter
gpg --verify apache-tomcat-9.0.56.tar.gz.asc.txt apache-tomcat-9.0.56.tar.gz
gpg: Signature made Thu Dec 2 09:31:59 2021 EST using RSA key ID 359E722B
gpg: requesting key 359E722B from hkps server
hkps.pool.sks-keyservers.net<http://hkps.pool.sks-keyservers.net>
gpgkeys: HTTP fetch e
solve the bug your developers are in charge IMO. Please provide the
stacktrace to your developers in order to solve the problem.
Kind regards
Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 6 29 33 29 6
Fax: 0049
Chris,
> Gesendet: Donnerstag, 09. September 2021 um 22:15 Uhr
> Von: "Christopher Schultz"
> An: users@tomcat.apache.org
> Betreff: Re: Aw: tomcat hangs
> Peter,
>
> On 9/9/21 08:21, Peter Rader wrote:
> > I might noticed a simmilar issue: I ran the JVM in
I might noticed a simmilar issue: I ran the JVM in a linux OS on a VM (in
virtualbox btw). The jdk for some reason request a random number. The JDK asks
the LinuxOS for a new random number (maybe in the hope to use a hardware-based
TRNG). Since this linux in virtualbox is not-so low-level the ra
the container, it starts for a few seconds and
> stops (port 8080 listens for a while). Nothing in logs.
>
> $ catalina.sh run (tried with "jpda start" or "debug" options as well)
> $ ps aux |grep java --> sh
>>
>
The ssl-Options are not attributes on the connector, but the SSLHostConfig
http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#Common_Attributes
http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support
On Mon, 12 Apr 2021, 09:07 Mark Thomas, wrote:
> On 11/04/2021 11:03, Peter Chamberlain wrote:
>
>
>
> > I've been investigating this some more, as I'm not convinced nio2 isn't
> > behaving strangely in this case. I think there may of been some sort of
>
On Fri, 9 Apr 2021 at 18:12, Peter Chamberlain
wrote:
>
>
> On Fri, 9 Apr 2021, 14:10 Christopher Schultz, <
> ch...@christopherschultz.net> wrote:
>
>> Peter,
>>
>> On 4/9/21 06:53, Peter Chamberlain wrote:
>> > Hello,
>> > I've b
On Fri, 9 Apr 2021, 14:10 Christopher Schultz,
wrote:
> Peter,
>
> On 4/9/21 06:53, Peter Chamberlain wrote:
> > Hello,
> > I've been trying to understand the behaviour of tomcat when handling
> > internal redirects. I'm testing using tomcat 9.0.38. I'm
On Fri, 9 Apr 2021, 14:29 Mark Thomas, wrote:
> On 09/04/2021 11:53, Peter Chamberlain wrote:
> > Hello,
> > I've been trying to understand the behaviour of tomcat when handling
> > internal redirects. I'm testing using tomcat 9.0.38. I'm testing using
> &g
em sound almost the same.
Apologies if this has been covered elsewhere before, I have been
searching but haven't found anything particularly clear covering this.
Best regards, Peter
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
ot;Do some stuff" is always executed, and s is always null.
>
> If you switch the operands, the compiler will fail because you can't assign a
> value to null:
>
> if(null = s ) {
>// Compiler will refuse to compile
> }
>
Isn‘t it true that only one bit diff
--x7h.example.com in
Chrome, Edge and Firefox (did not test more).
How to remain with emoji IDN in the browser URL?
Kind regards
Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 6 29 33 29 6
Fax: 0049 (0)30 / 6 29 33 29 6
p://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html
>>> http://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html
>>>
>>> ```
>>>
>>> >> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>> port=&quo
ith a browser, it complained,
> something to the general effect of "weak signature algorithm."
>
I guess they never upgraded their CA and still sign the certs with SHA1 or even
MD5.
They should change that for sure!
Peter
> While it's not really my problem (and is only c
On Mon, 12 Oct 2020 at 14:50, Mark Thomas wrote:
> On 12/10/2020 13:53, Mark Thomas wrote:
> > On 12/10/2020 12:49, Mark Thomas wrote:
> >> On 12/10/2020 12:19, Peter Henderson wrote:
> >>> Hello fellow tomcat users.
> >>>
> >>> My enviro
seeing this exception when I upgraded my projects build tool
version
from
sbt.version=1.3.10
to
sbt.version=1.4.0
Is this a tomcat bug, a build tool bug or most likely something I'm doing
wrong?
Thanks
Peter.
[0]
https://github.com/bollinger/NegativeDate
[1]
https://github.com/boll
me a bug in the scanner plugin!
My 2ct.
Peter
> Am 27.08.2020 um 09:47 schrieb Mark Thomas :
>
> On 27/08/2020 06:31, Terence M. Bandoian wrote:
>> On 8/26/2020 11:27 PM, Pratik Shrestha wrote:
>
>
>
>>> For me, there are two options for the fix which I am no
; 6. Note that Tomcat version 7 used to send the error 'ERR_EMPTY_RESP' which
> should still be okay.
>
> We already tried to find the fix for this issue on the web but in vain.
>
> Kindly help if anyone has found a way to fix it.
>
> Regards,
> Pratik
Peter
-
Hello Mohan,
please tell if you are using
1. the JSP technology inside the application
2. what JDK version on server-side
Kind regards
Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 6 29 33 29 6
Fax: 0049
zilla or the
release notes!
> Please suggest the probable fix to make this smooth.
>
For now it maybe as simple as sending SIGKILL to the java process.
Apparently some resources in your app don‘t want to terminate.
My 2ct.
Peter
>> On Sat, Jul 25, 2020 at 11:03 AM Kushagra Bin
;
> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
>
> Apparently, the documentation would recommend something like the following:
>
>
>ProxyPass "!"
>
>
>ProxyPass "!"
>
>
> I think that the above is p
> Betreff: Re: Aw: Re: /META-INF/resources/ and Chrome's DevTools
> On 06/04/2020 09:16, Peter Rader wrote:
> > Hello Konstantin Kolinko,
> >
> > I tried to use the PreResource but it does not work.
> >
> > 2020-04-06 10:13:05 WARNUNG org.apache.tomcat.
d with?
>
Any headers that are necessary for your tomcat application need to be sent or
maybe rewritten.
You may need to set the correct attributes on your connector, so the URLs are
correctly rewritten (port 8080/8443 in tomcat should b
ontext.xml
Any idea?
>
> Gesendet: Montag, 16. März 2020 um 01:01 Uhr
> Von: "Konstantin Kolinko"
> An: "Tomcat Users List"
> Betreff: Re: /META-INF/resources/ and Chrome's DevTools
> ??, 15 ???. 2020 ?. ? 13:47, Peter Rader :
> >
> >
_a_context]
>
Since beside the frontend.jar I have other jars who serve static resources.
This means I must have multiple docBases what is not possible AFAIK.
>
> Best regards,
> Konstantin Kolinko
Kind regards
Peter Rader
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
I wrote a little WebFilter for this task.
https://github.com/enexusde/devtools-tomcat-bypass
Kind regards
Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 20 9930560
Fax: 0049 (0)30 / 20 9930561
Handy: 0049 (0
jar
2. Pack the war
3. Redeploy the war.
This process takes a length of about 5 minutes. It is reloading the application
and package the jars/wars for the sake of 1 byte change.
The Question:
Can I map a single resource to a file dynamically without reloading the
application.
Kind regards
lder.
I am pretty sure that you could use the JVM/JDK's endorsed folder. They usually
have their place in \lib\endorsed .
Kind regards
Peter Rader
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For addition
If - and only if - a WAR is rejected because of its size, the Manager would
never ever write "Hey dude, I am deploying your web application XXX!". Right?
Anyway I found it by myself.
> On 2/2/20 4:48 PM, Peter Rader wrote:
> > The old version of the application had a daemo
> Please post updates to the original thread.
This is the original thread.
> As suggested in the original thread, it was a permissions issue ...
> permission denied because the port was already in use : )
Why do you think it is a permission issue? I already disproved that! How can
you break it
The old version of the application had a daemon that have not yet finished his
execution.
Unfortuantely there is no further logging why the old version not stoped yet.
I expected to have the "mvn redeploy" waiting forever for this deamon-locked
problem. What I can not do is write a bug report b
Thank you for your reply.
> Always look for the last "Caused by" in a stack trace for root cause. An
> "IOException: Error writing to server" is indicative of a permissions
> issue - I would start there, possibly the user account running the process.
As pointed out in No. 3 the log said that the
ss log shows the PUT command (AGAIN!!!):
02-Feb-2020 16:57:06.610 FINE [http-nio-80-exec-6]
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine Received [PUT
/manager/text/deploy?path=xxx&war=&update=true HTTP/1.1
Please notice the two deployment threads: -6 and -5
Any ideas?
Chris,
> Am 28.01.2020 um 18:02 schrieb Christopher Schultz
> :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Peter,
>
>> On 1/28/20 11:30 AM, Peter Kreuser wrote:
>> Peter Kreuser
>>> Am 28.01.2020 um 16:34 schrieb Christopher
Chris,
Peter Kreuser
> Am 28.01.2020 um 16:34 schrieb Christopher Schultz
> :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Peter,
>
>>>>> On 1/27/20 3:35 PM, logo wrote:
>> Could you try
>> openssl pkcs12 -export -in my.crt -
Hi Palod,
i think you can do it with:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake"
Regards
peter
Von:"Palod, Manish"
An: "users@tomcat.apache.org"
Datum: 16.01.2020 15:58
Betreff:Tomcat 7: Access Valve pattern cipher, SSL P
- Weitergeleitet von Peter Köhler/BN/DWD am 15.01.2020 15:50 -
Von:Peter Köhler
An: "Tomcat Users List"
Datum: 15.01.2020 15:49
Betreff:Antwort: Tomcat9, JSP, CSS and JS not loading in Firefox
Von:Léa Massiot
An: users@tomcat.apache.org
Datum: 15.
com/Tomcat-User-f1968778.html
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Dear Lea,
maybe
https://stackoverflow.com/questions/48248832/stylesheet-not-loaded-because-of-mime-type
helps.
Regards
Peter
urces"
I have thought that clientAuth="want" andsslProtocol="TLS" allow
X509 authentification over tomcat-users.xml .
What can i do to solve that problem?
Thanks
Peter
Peter,
> Am 13.01.2020 um 16:49 schrieb Peter Rader :
>
>
>> Peter,
>> Can you find what you are looking for here?
>>
>> >
>> ?
>
> No! There is no such node or any similar content. And there simply can not be
> such a node because all th
> Peter,
>
> Can you find what you are looking for here?
>
>
>
>
> ?
No! There is no such node or any similar content. And there simply can not be
such a node because all the connector-xml-nodes are self-closing as you might
have already noticed. AFAIK I should not c
m
> > org.apache.coyote.http11.Http11Protocol
> > to
> > org.apache.coyote.http11.Http11NioProtocol
>
> Full Connector configurations (with sensitive data masked)?
TC8=
TC9=
Masks:
- XXX keystore CA
- keystore or truststore
I recently moved from T8 to T9 to use PKI.
My keystore contains multiple CAs.
I had to modify the ssl-connector from
org.apache.coyote.http11.Http11Protocol
to
org.apache.coyote.http11.Http11NioProtocol
Unfortunately the attribute "keyAlias" seems to not be supported in the NIO
anymore
Zahid,
you‘re talking to one of the most respected members of the community like this?
STFU or leave.
This calls for an ban!
Peter
> Am 08.01.2020 um 06:06 schrieb Zahid Rahman :
>
>
>>
>> A version of what?
> MAVEN
> MAVEN
> MAVEN
>
> In light of thi
; implement and is that complexity justified by the benefit it brings?
>
Just thinking how to handle “n” Host headers at various locations in the
request... 8-0
> At this point, I'm not sure.
>
> So far we are looking at a fea
lacks a Host header field and to any
> request message that contains more than one Host header field [[WITH A
> CONFLICTING VALUE]]] or a Host header field with an invalid field-value.
> "
That would be a good idea - maybe only in conjunction with setting
rejectIllegalHeaderName
RL-escaped?
I‘d prefer them in -u.
for separation of concerns, add a separate user with a longer one and shell
friendly password only with the role below...
> Or do I need to give the manager user an additional role? Currently, I have:
>
manager-jmx
(and maybe for other scri
# Completed on Mon Jan 6 21:17:22 2020
>
> Other than the one obvious line near the bottom,
>> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
> I'm not entirely sure what all of this means, nor do I remember what I did to
> set it up.
Heureka!
So yo
same that you did for 443
forwarding to redirect 80 to tomcat port 8080.
IIKS, hope I was not too confusing???
Peter
Peter Kreuser
> Am 30.12.2019 um 20:01 schrieb Christopher Schultz
> :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> James,
>
> On 12/2
James,
> Am 28.12.2019 um 00:33 schrieb James H. H. Lampert :
>
>
>>>
>>> Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" and
>>> ".key" files directly, instead of the Java Keystore file?
Correct!
> If so, then that could potentially simplify things: if I have HTTPD l
Chris,
Peter Kreuser
> Am 27.12.2019 um 21:14 schrieb Christopher Schultz
> :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>>
> but the idea is that certbot has "plug-ins" and we'd need to
> supply a "tomcat" plug-in t
Mark,
Peter Kreuser
>> Am 16.12.2019 um 16:05 schrieb Mark Thomas :
>>
>> On 16/12/2019 12:55, Mark Thomas wrote:
>>> On 15/12/2019 09:33, logo wrote:
>>
>>> Mark can you confirm that this is a bug?
>> Confirmed.
>> I'm lookin
t;> >>> className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
>>>> rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002"
>>>> useLocalPorts="true" />
>>>>
>>>>
>>>> Upon startup I see in logs : INFO [ma
Mark,
Peter Kreuser
>>> Am 03.12.2019 um 14:31 schrieb Mark Thomas :
>> On 03/12/2019 12:50, logo wrote:
>> Sumit,
>> Am 2019-12-03 13:11, schrieb Sumit Bhardwaj:
>>> Hi Experts,
>>> We have a requirement from a customer, where in case of 404, wh
Chris,
> Am 13.11.2019 um 02:35 schrieb Christopher Schultz
> :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Peter,
>
>> On 11/10/19 19:05, Peter Kreuser wrote:
>> Chris,
>>
>>>
>>> Am 09.11.2019 um 03:58 schri
cache, but that isn't
> request-specific).
>
> Would it be inappropriate to add the CSRF_NONCE to the request
> attributes so that application code could use it directly if
> necessary? Something like this:
>
>
> ...
> value="<%= request.getAttribute("C
Hi James,
Peter Kreuser
> Am 02.10.2019 um 08:05 schrieb
> :
>
> Tomcat 7.0.63 and above.
>
> Navigate to the tomcat conf directory and open the web.xml with a text editor.
>
> In the filter section of the web.xml add the following filter
>
Isn‘t that what client certs are for?
Https to identify Server A, Client cert to authenticate Server B?
Message integrity should then be unnecessary?!
Or am I missing a piece?
Peter
> Am 09.09.2019 um 21:10 schrieb M. Manna :
>
> Why not use JWT cookies/tokens? You sign your claims
Jessica,
Peter Kreuser
> Am 07.08.2019 um 14:33 schrieb Alten, Jessica-Aileen
> :
>
> Dear all,
>
> I have a problem with the Tomcat 9.0.22 configuration for TLSv1.3 using
> jdk8u222-b10_openj9-0.15.1 on Windows Server 2016. In principle TLSv1.3
> works, but I wan
as your keystore is causing troubles, I‘m
not really able to troubleshoot that.
After all, you may have to reread on cert handling with keytool vs. openssl.
I prefer the openssl way ;-).
Peter
Peter Kreuser
> Am 06.08.2019 um 19:50 schrieb Munzer Khatib :
>
> Hi Peter
> I dont have
onvert the PEM to
pkcs12/keystore format
Care to try the following command?
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -name tomcat -certfile
fullchain.pem -passout pass:changeit -out jssekeystore
Peter
> I am not sure why but it seems the new one is not linking all cert
; let it completely freak out.
Just for the test of it: great idea!
But one of the first hardening actions on Tomcat is to disable standard error
pages and version info. Server header removed (set to IIS if you like!)
You
56
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>
> ... calling the others "weak". I think that's because they consider
> anytning that isn't using ECDHE+GCM to be "weak". Well, it's the best
> we can do right now without going up to TLSv1.3.
1 - 100 of 1898 matches
Mail list logo
