This discussion is archived
13 Replies Latest reply: Jul 25, 2012 7:22 PM by 951558 RSS

Unable to securely request for a page

951558 Newbie
Currently Being Moderated
Question:
a) I'm unable to securely request for my webpage : https://127.0.0.1:8443/Blah , instead I get the following Error:

Firefox can't establish a connection to the server at localhost:8443.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

On Internet Explorer I simply get:
Internet Explorer cannot display the webpage

b) How do I know which SSL Implementation my tomcat is making use of: JSSE/APR

Details:

web.xml

<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="Your_WebApp_ID"
version="2.5">

<description>The standard web descriptor for the email client</description>

<servlet>
<servlet-name>AuthenticateUser</servlet-name>
<servlet-class>MailBoxController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticateUser</servlet-name>
<url-pattern>/ControlPanel</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>401</error-code>
<location>/authenticationFailed.jsp</location>
</error-page>
<context-param>
<param-name>serverName</param-name>
<param-value>Gmail</param-value>
</context-param>
<context-param>
<param-name>port</param-name>
<param-value>993</param-value>
</context-param>
<context-param>
<param-name>ip</param-name>
<param-value>imap.gmail.com</param-value>
</context-param>

<session-config>
<session-timeout>30</session-timeout>
</session-config>

<listener>
<listener-class>Logger</listener-class>
</listener>

<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>administrator</role-name>
</security-role>

</web-app>

tomcat-users.xml :

<tomcat-users>
<role rolename="administrator"/>
<user username="admin" password="system123#" roles="administrator"/>
</tomcat-users>

Following tag was added in web.xml in conf of tomcat :

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Users/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>


Can anybody please help me with my problem. Am I going wrong with configuring SSL?

Thanks
Krutika
  • 1. Re: Unable to securely request for a page
    handat Expert
    Currently Being Moderated
    Does C:/Users/.keystore actually contain your server certificate?
  • 2. Re: Unable to securely request for a page
    951558 Newbie
    Currently Being Moderated
    Yes it does.
  • 3. Re: Unable to securely request for a page
    EJP Guru
    Currently Being Moderated
    Are you really running in the same host as Tomcat?

    Is Tomcat really running at all?

    Can you telnet 127.0.0.1 8443 without getting a connection refusal?
  • 4. Re: Unable to securely request for a page
    951558 Newbie
    Currently Being Moderated
    I get this:
    Connecting To 127.0.0.1...Could not open connection to the host, on port 8443: Connect failed
  • 5. Re: Unable to securely request for a page
    951558 Newbie
    Currently Being Moderated
    I edited the path(in my question) for privacy sake actually:
    The path originally is: C:/Users/Krutika Ravi/.keystore (which is where my .keystore is present)

    And that is what I mentioned even in the web.xml present in my system.

    Could it be that the path comprises of a space thats why I'm facing this issue?
  • 6. Re: Unable to securely request for a page
    EJP Guru
    Currently Being Moderated
    Connecting To 127.0.0.1...Could not open connection to the host, on port 8443: Connect failed
    So Tomcat isn't running in the same host as the client. It may be running elsewhere, in which case you need to fix the URL, or you may have forgotten to start it, or you may have failed to observe a startup error that it logged.
  • 7. Re: Unable to securely request for a page
    951558 Newbie
    Currently Being Moderated
    I did notice an exception in web.xml of tomcat which now has been rectified so my console now displays:

    Jul 25, 2012 10:48:37 PM org.apache.catalina.core.AprLifecycleListener init
    INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4
    .6.
    Jul 25, 2012 10:48:38 PM org.apache.catalina.core.AprLifecycleListener init
    INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra
    ndom [true].
    Jul 25, 2012 10:48:39 PM org.apache.catalina.core.AprLifecycleListener initializ
    eSSL
    INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012)
    Jul 25, 2012 10:48:39 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["http-apr-8080"]
    Jul 25, 2012 10:48:39 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
    Jul 25, 2012 10:48:39 PM org.apache.catalina.startup.Catalina load
    INFO: Initialization processed in 2654 ms
    Jul 25, 2012 10:48:39 PM org.apache.catalina.core.StandardService startInternal
    INFO: Starting service Catalina
    Jul 25, 2012 10:48:39 PM org.apache.catalina.core.StandardEngine startInternal
    INFO: Starting Servlet Engine: Apache Tomcat/7.0.29
    Jul 25, 2012 10:48:39 PM org.apache.catalina.startup.HostConfig deployWAR
    INFO: Deploying web application archive C:\Junkyard\apache-tomcat-7.0.29\webapps
    \Blah.war
    Jul 25, 2012 10:48:40 PM org.apache.catalina.loader.WebappClassLoader validateJa
    rFile
    INFO: validateJarFile(C:\Junkyard\apache-tomcat-7.0.29\webapps\Blah\WEB-INF\lib\
    javax.servlet-5.1.12.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2.
    Offending class: javax/servlet/Servlet.class
    Logger Contructor
    Servlet Context has been initialized
    Jul 25, 2012 10:48:41 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\docs
    Jul 25, 2012 10:48:41 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\examples
    Jul 25, 2012 10:48:42 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\host-manager
    Jul 25, 2012 10:48:42 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\manager
    Jul 25, 2012 10:48:42 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\ROOT
    Jul 25, 2012 10:48:42 PM org.apache.coyote.AbstractProtocol start
    INFO: Starting ProtocolHandler ["http-apr-8080"]
    Jul 25, 2012 10:48:42 PM org.apache.coyote.AbstractProtocol start
    INFO: Starting ProtocolHandler ["ajp-apr-8009"]
    Jul 25, 2012 10:48:42 PM org.apache.catalina.startup.Catalina start
    INFO: Server startup in 2680 ms


    Question:
    INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012) in the above console screenshot means anything?

    Points:
    -I did telnet again but got the same response.
    -Tomcat is very well running as its the second page which is secured and the first page is working fine.
    -Didn't face any exception this time as per the console logs pasted.
    -I checked the Task Manager and no other instance is working, where else it might be running? Could you please help me in fixing the URL if that is the case?

    Thanks a lot.
  • 8. Re: Unable to securely request for a page
    gimbal2 Guru
    Currently Being Moderated
    I'm no expert, but in that logging I see OpenSSL being initialized, but I don't see any mention of something being attached to port 8443. Are you sure the HTTPS connector is actually activated in the server.xml file? By default it is commented out.
  • 9. Re: Unable to securely request for a page
    951558 Newbie
    Currently Being Moderated
    I did add these lines:

    <Connector
         protocol="org.apache.coyote.http11.Http11NioProtocol"
         port="8443" maxThreads="200"
         scheme="https" secure="true" SSLEnabled="true"
         keystoreFile="C:/Users/Krutika Ravi/.keystore" keystorePass="changeit"
         clientAuth="false" sslProtocol="TLS"/>

    to the web.xml contained in conf folder of tomcat.


    But didn't fiddle with server.xml -

    After un-commenting
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" />

    in server.xml contained in conf folder I get the following exceptions


    Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
    INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4
    .6.
    Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
    INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra
    ndom [true].
    Jul 25, 2012 11:11:43 PM org.apache.catalina.core.AprLifecycleListener initializ
    eSSL
    INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012)
    Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["http-apr-8080"]
    Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["http-apr-8443"]
    Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
    SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-ap
    r-8443"]
    java.lang.Exception: Connector attribute SSLCertificateFile must be defined when
    using SSL with APR
    at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
    a:610)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
    81)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardService.initInternal(StandardService
    .java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
    ava:814)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
    java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
    sorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)

    Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService initInternal
    SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
    org.apache.catalina.LifecycleException: Failed to initialize component [Connecto
    r[HTTP/1.1-8443]]
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
    at org.apache.catalina.core.StandardService.initInternal(StandardService
    .java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
    ava:814)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
    java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
    sorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
    Caused by: org.apache.catalina.LifecycleException: Protocol handler initializati
    on failed
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
    83)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    ... 12 more
    Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be d
    efined when using SSL with APR
    at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
    a:610)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
    81)
    ... 13 more

    Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
    Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.Catalina load
    INFO: Initialization processed in 2945 ms
    Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService startInternal
    INFO: Starting service Catalina
    Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardEngine startInternal
    INFO: Starting Servlet Engine: Apache Tomcat/7.0.29
    Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.HostConfig deployWAR
    INFO: Deploying web application archive C:\Junkyard\apache-tomcat-7.0.29\webapps
    \Blah.war
    Jul 25, 2012 11:11:44 PM org.apache.catalina.loader.WebappClassLoader validateJa
    rFile
    INFO: validateJarFile(C:\Junkyard\apache-tomcat-7.0.29\webapps\Blah\WEB-INF\lib\
    javax.servlet-5.1.12.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2.
    Offending class: javax/servlet/Servlet.class
    Logger Contructor
    Servlet Context has been initialized
    Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\docs
    Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\examples
    Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\host-manager
    Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\manager
    Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\ROOT
    Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
    INFO: Starting ProtocolHandler ["http-apr-8080"]
    Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
    INFO: Starting ProtocolHandler ["ajp-apr-8009"]
    Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.Catalina start
    INFO: Server startup in 2728 ms

    Edited by: 948555 on Jul 25, 2012 10:42 AM
  • 10. Re: Unable to securely request for a page
    951558 Newbie
    Currently Being Moderated
    Do I need to add keystore information in server.xml as well like done in web.xml?
  • 11. Re: Unable to securely request for a page
    951558 Newbie
    Currently Being Moderated
    After making the above changes I m able to telnet but

    a) I get the above exception in console.
    b) and the secured page is loading forever to display.

    Thanks..
  • 12. Re: Unable to securely request for a page
    EJP Guru
    Currently Being Moderated
    The Connector configuration goes in server.xml, not web.xml.
  • 13. Re: Unable to securely request for a page
    951558 Newbie
    Currently Being Moderated
    Thank you guys. Got the problem solved :)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points