Hello, Can someone please give me a step by step guide on how to make my tomcat webapp available online with a domain name. Thanks.
Regards, JC sri, 13. srp 2022. u 18:31 <jonmcalexan...@wellsfargo.com.invalid> napisao je: > Could this potentially be caused by > <Listener > className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> > > But not using Tomcat Native? > > Thanks, > > Dream * Excel * Explore * Inspire > Jon McAlexander > Senior Infrastructure Engineer > Asst. Vice President > He/His > > Middleware Product Engineering > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > > jonmcalexan...@wellsfargo.com > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose, or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation. > > > > -----Original Message----- > > From: Thomas Hoffmann (Speed4Trade GmbH) > > <thomas.hoffm...@speed4trade.com.INVALID> > > Sent: Wednesday, July 13, 2022 11:28 AM > > To: Tomcat Users List <users@tomcat.apache.org> > > Subject: AW: [OT] issues with Tomcat to Siteminder communication post > > mod-proxy setup > > > > Hello, > > > > > -----Ursprüngliche Nachricht----- > > > Von: jonmcalexan...@wellsfargo.com.INVALID > > > <jonmcalexan...@wellsfargo.com.INVALID> > > > Gesendet: Mittwoch, 13. Juli 2022 18:17 > > > An: users@tomcat.apache.org > > > Betreff: RE: [OT] issues with Tomcat to Siteminder communication post > > > mod- proxy setup > > > > > > Here is the error we are getting. The login form, hosted by Tomcat, > > > does a POST to the /login/login.fcc for siteminder which is on the > > > HTTPD server and is not behind the proxypass or proxypassreverse. > > > > > > javax.net.ssl|DEBUG|96|https-jsse-nio-8305-exec-1|2022-07-12 > > > 13:12:49.399 > > > PDT|SSLSocketImpl.java:1615|close the SSL connection (passive) <class> > > > PDT|12 > > > Jul 2022 13:12:49,399 ERROR [https-jsse-nio-8305-exec-1]: DEVT: <app> > > > Unable to get Channel Secure Session: Unable to perform siteminder > > > handshake > > > java.lang.Exception: Unable to perform siteminder handshake > > > > > > Our SiteMinder team is telling us it's not their issue. Again, this > > > POST worked fine when using mod_jk and SSL wasn't enabled for > > connection on Tomcat. > > > > > > Thanks, > > > > > > > This error message is most likely thrown by the application and not by > > tomcat. > > The underlying error would be important including the full stack below. > > Are there some "caused by" Exceptions below? > > Otherwise the siteminder application is hiding the underlying Exception. > > > > > > > jonmcalexan...@wellsfargo.com > > > This message may contain confidential and/or privileged information. > > > If you are not the addressee or authorized to receive this for the > > > addressee, you must not use, copy, disclose, or take any action based > > > on this message or any information herein. If you have received this > > > message in error, please advise the sender immediately by reply e-mail > > > and delete this message. Thank you for your cooperation. > > > > > > > > > > -----Original Message----- > > > > From: jonmcalexan...@wellsfargo.com.INVALID > > > > <jonmcalexan...@wellsfargo.com.INVALID> > > > > Sent: Tuesday, July 12, 2022 5:22 PM > > > > To: users@tomcat.apache.org > > > > Subject: RE: [OT] issues with Tomcat to Siteminder communication > > > > post > > > > mod- proxy setup > > > > > > > > I'm wondering if it is having to do with the SMSESSION cookie not > > > > getting passed correctly. Still trying to figure this one out. > > > > > > > > Thanks, > > > > > > > > Dream * Excel * Explore * Inspire > > > > Jon McAlexander > > > > Senior Infrastructure Engineer > > > > Asst. Vice President > > > > He/His > > > > > > > > Middleware Product Engineering > > > > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > > > > > > > 8080 Cobblestone Rd | Urbandale, IA 50322 > > > > MAC: F4469-010 > > > > Tel 515-988-2508 | Cell 515-988-2508 > > > > > > > > jonmcalexan...@wellsfargo.com > > > > This message may contain confidential and/or privileged information. > > > > If you are not the addressee or authorized to receive this for the > > > > addressee, you must not use, copy, disclose, or take any action > > > > based on this message or any information herein. If you have > > > > received this message in error, please advise the sender immediately > > > > by reply e-mail and delete this message. Thank you for your > cooperation. > > > > > > > > > -----Original Message----- > > > > > From: Christopher Schultz <ch...@christopherschultz.net> > > > > > Sent: Tuesday, July 12, 2022 9:16 AM > > > > > To: users@tomcat.apache.org > > > > > Subject: Re: [OT] issues with Tomcat to Siteminder communication > > > > > post > > > > > mod- proxy setup > > > > > > > > > > Jon, > > > > > > > > > > On 7/8/22 16:48, jonmcalexan...@wellsfargo.com.INVALID wrote: > > > > > > Chris, > > > > > > > > > > > > Moving this discussion to here. Yes, it appears that I broke > > > > > > something when > > > > > setting up the Tomcat Connector for the mod-proxy that is now > > > > > affecting, somehow, the SSL communication with the Site Minder > > > > > services. Here is the connector we added below. > > > > > > > > > > The only reason I can think of that would cause your Tomcat TLS > > > > > connector configuration to affect your SiteMinder thing is if you > > > > > are trying to specify the javax.net.ssl.trustStore system property > > > > > for the entire JVM, and allowing Tomcat to inherit that. > > > > > > > > > > > Temporarily have set certificateVerification to optional to see > > > > > > if it was something with the communication between HTTPD and > > Tomcat. > > > > > > > > > > > > <Connector port="8305" > > > > > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > > > > maxThreads="100" > > > > > > compression="on" scheme="https" SSLEnabled="true" > > secure="true"> > > > > > > > > > > > > <SSLHostConfig > protocols="TLSv1.2" > > > > > certificateVerification="optional" truststoreFile="" > > > truststorePassword="" > > > > > truststoreType="JKS" > > > > > > > > > > > > ciphers="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, > > > > > > > > > > Assuming truststoreFile is not actually _blank_, then this should > be fine. > > > > > > > > > > > > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, > > > > > > > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, > > > > > > > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > > > > > > > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > > > > > > TLS_DHE_RSA_WITH_AES_128_CCM, > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_128_CCM, > > > > > > TLS_DHE_RSA_WITH_AES_128_CCM_8, > > > > > > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, > > > > > > > > > > > > TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, > > > > > > > > > > > > TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, > > > > > > > > > > > > TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"> > > > > > > > > > > > > <Certificate > > > > > > Type="RSA" certificateKeystoreFile="<certificate>.pfx" > > > > > > certificateKeystorePassword="" certificateKeystoreType="pkcs12" > > > > > > /> > > > > > > > > > > Note: none of the TLS_XXX_ECDSA_* cipher suites will do anything > > > > > for you, since you are using only an RSA key. > > > > > > > > > > Is your SiteMinder client code using its own special trust store > > > > > and key > > > > store? > > > > > If you are getting a handshake failure (mentioned in your message > > > > > to dev@httpd but not here yet: > "javax.net.ssl.SSLHandshakeException: > > > > > Received fatal alert: bad_certificate error"), you might want to > > > > > start looking there. The problem is very unlikely to be your > > > > > Tomcat configuration or anything related to it, unless you use the > > > > > same key store and trust store for both. > > > > > > > > > > -chris > > > > > > > > > > ------------------------------------------------------------------ > > > > > -- > > > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > > > > -------------------------------------------------------------------- > > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
