13 Replies Latest reply: Jul 25, 2012 7:22 PM by 951558 RSS

    Unable to securely request for a page

    951558
      Question:
      a) I'm unable to securely request for my webpage : https://127.0.0.1:8443/Blah , instead I get the following Error:

      Firefox can't establish a connection to the server at localhost:8443.
      The site could be temporarily unavailable or too busy. Try again in a few
      moments.
      If you are unable to load any pages, check your computer's network
      connection.
      If your computer or network is protected by a firewall or proxy, make sure
      that Firefox is permitted to access the Web.

      On Internet Explorer I simply get:
      Internet Explorer cannot display the webpage

      b) How do I know which SSL Implementation my tomcat is making use of: JSSE/APR

      Details:

      web.xml

      <?xml version="1.0"?>
      <!DOCTYPE web-app PUBLIC
      "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
      "http://java.sun.com/dtd/web-app_2_3.dtd">

      <web-app
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns="http://java.sun.com/xml/ns/javaee"
      xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      id="Your_WebApp_ID"
      version="2.5">

      <description>The standard web descriptor for the email client</description>

      <servlet>
      <servlet-name>AuthenticateUser</servlet-name>
      <servlet-class>MailBoxController</servlet-class>
      </servlet>
      <servlet-mapping>
      <servlet-name>AuthenticateUser</servlet-name>
      <url-pattern>/ControlPanel</url-pattern>
      </servlet-mapping>
      <welcome-file-list>
      <welcome-file>login.jsp</welcome-file>
      </welcome-file-list>
      <error-page>
      <error-code>401</error-code>
      <location>/authenticationFailed.jsp</location>
      </error-page>
      <context-param>
      <param-name>serverName</param-name>
      <param-value>Gmail</param-value>
      </context-param>
      <context-param>
      <param-name>port</param-name>
      <param-value>993</param-value>
      </context-param>
      <context-param>
      <param-name>ip</param-name>
      <param-value>imap.gmail.com</param-value>
      </context-param>

      <session-config>
      <session-timeout>30</session-timeout>
      </session-config>

      <listener>
      <listener-class>Logger</listener-class>
      </listener>

      <security-constraint>
      <web-resource-collection>
      <url-pattern>/*</url-pattern>
      <http-method>POST</http-method>
      </web-resource-collection>

      <auth-constraint>
      <role-name>administrator</role-name>
      </auth-constraint>

      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      </login-config>

      <security-role>
      <role-name>administrator</role-name>
      </security-role>

      </web-app>

      tomcat-users.xml :

      <tomcat-users>
      <role rolename="administrator"/>
      <user username="admin" password="system123#" roles="administrator"/>
      </tomcat-users>

      Following tag was added in web.xml in conf of tomcat :

      <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
      <Connector
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      port="8443" maxThreads="200"
      scheme="https" secure="true" SSLEnabled="true"
      keystoreFile="C:/Users/.keystore" keystorePass="changeit"
      clientAuth="false" sslProtocol="TLS"/>


      Can anybody please help me with my problem. Am I going wrong with configuring SSL?

      Thanks
      Krutika
        • 1. Re: Unable to securely request for a page
          handat
          Does C:/Users/.keystore actually contain your server certificate?
          • 2. Re: Unable to securely request for a page
            951558
            Yes it does.
            • 3. Re: Unable to securely request for a page
              EJP
              Are you really running in the same host as Tomcat?

              Is Tomcat really running at all?

              Can you telnet 127.0.0.1 8443 without getting a connection refusal?
              • 4. Re: Unable to securely request for a page
                951558
                I get this:
                Connecting To 127.0.0.1...Could not open connection to the host, on port 8443: Connect failed
                • 5. Re: Unable to securely request for a page
                  951558
                  I edited the path(in my question) for privacy sake actually:
                  The path originally is: C:/Users/Krutika Ravi/.keystore (which is where my .keystore is present)

                  And that is what I mentioned even in the web.xml present in my system.

                  Could it be that the path comprises of a space thats why I'm facing this issue?
                  • 6. Re: Unable to securely request for a page
                    EJP
                    Connecting To 127.0.0.1...Could not open connection to the host, on port 8443: Connect failed
                    So Tomcat isn't running in the same host as the client. It may be running elsewhere, in which case you need to fix the URL, or you may have forgotten to start it, or you may have failed to observe a startup error that it logged.
                    • 7. Re: Unable to securely request for a page
                      951558
                      I did notice an exception in web.xml of tomcat which now has been rectified so my console now displays:

                      Jul 25, 2012 10:48:37 PM org.apache.catalina.core.AprLifecycleListener init
                      INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4
                      .6.
                      Jul 25, 2012 10:48:38 PM org.apache.catalina.core.AprLifecycleListener init
                      INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra
                      ndom [true].
                      Jul 25, 2012 10:48:39 PM org.apache.catalina.core.AprLifecycleListener initializ
                      eSSL
                      INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012)
                      Jul 25, 2012 10:48:39 PM org.apache.coyote.AbstractProtocol init
                      INFO: Initializing ProtocolHandler ["http-apr-8080"]
                      Jul 25, 2012 10:48:39 PM org.apache.coyote.AbstractProtocol init
                      INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
                      Jul 25, 2012 10:48:39 PM org.apache.catalina.startup.Catalina load
                      INFO: Initialization processed in 2654 ms
                      Jul 25, 2012 10:48:39 PM org.apache.catalina.core.StandardService startInternal
                      INFO: Starting service Catalina
                      Jul 25, 2012 10:48:39 PM org.apache.catalina.core.StandardEngine startInternal
                      INFO: Starting Servlet Engine: Apache Tomcat/7.0.29
                      Jul 25, 2012 10:48:39 PM org.apache.catalina.startup.HostConfig deployWAR
                      INFO: Deploying web application archive C:\Junkyard\apache-tomcat-7.0.29\webapps
                      \Blah.war
                      Jul 25, 2012 10:48:40 PM org.apache.catalina.loader.WebappClassLoader validateJa
                      rFile
                      INFO: validateJarFile(C:\Junkyard\apache-tomcat-7.0.29\webapps\Blah\WEB-INF\lib\
                      javax.servlet-5.1.12.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2.
                      Offending class: javax/servlet/Servlet.class
                      Logger Contructor
                      Servlet Context has been initialized
                      Jul 25, 2012 10:48:41 PM org.apache.catalina.startup.HostConfig deployDirectory
                      INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                      ps\docs
                      Jul 25, 2012 10:48:41 PM org.apache.catalina.startup.HostConfig deployDirectory
                      INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                      ps\examples
                      Jul 25, 2012 10:48:42 PM org.apache.catalina.startup.HostConfig deployDirectory
                      INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                      ps\host-manager
                      Jul 25, 2012 10:48:42 PM org.apache.catalina.startup.HostConfig deployDirectory
                      INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                      ps\manager
                      Jul 25, 2012 10:48:42 PM org.apache.catalina.startup.HostConfig deployDirectory
                      INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                      ps\ROOT
                      Jul 25, 2012 10:48:42 PM org.apache.coyote.AbstractProtocol start
                      INFO: Starting ProtocolHandler ["http-apr-8080"]
                      Jul 25, 2012 10:48:42 PM org.apache.coyote.AbstractProtocol start
                      INFO: Starting ProtocolHandler ["ajp-apr-8009"]
                      Jul 25, 2012 10:48:42 PM org.apache.catalina.startup.Catalina start
                      INFO: Server startup in 2680 ms


                      Question:
                      INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012) in the above console screenshot means anything?

                      Points:
                      -I did telnet again but got the same response.
                      -Tomcat is very well running as its the second page which is secured and the first page is working fine.
                      -Didn't face any exception this time as per the console logs pasted.
                      -I checked the Task Manager and no other instance is working, where else it might be running? Could you please help me in fixing the URL if that is the case?

                      Thanks a lot.
                      • 8. Re: Unable to securely request for a page
                        gimbal2
                        I'm no expert, but in that logging I see OpenSSL being initialized, but I don't see any mention of something being attached to port 8443. Are you sure the HTTPS connector is actually activated in the server.xml file? By default it is commented out.
                        • 9. Re: Unable to securely request for a page
                          951558
                          I did add these lines:

                          <Connector
                               protocol="org.apache.coyote.http11.Http11NioProtocol"
                               port="8443" maxThreads="200"
                               scheme="https" secure="true" SSLEnabled="true"
                               keystoreFile="C:/Users/Krutika Ravi/.keystore" keystorePass="changeit"
                               clientAuth="false" sslProtocol="TLS"/>

                          to the web.xml contained in conf folder of tomcat.


                          But didn't fiddle with server.xml -

                          After un-commenting
                          <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                          maxThreads="150" scheme="https" secure="true"
                          clientAuth="false" sslProtocol="TLS" />

                          in server.xml contained in conf folder I get the following exceptions


                          Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
                          INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4
                          .6.
                          Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
                          INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra
                          ndom [true].
                          Jul 25, 2012 11:11:43 PM org.apache.catalina.core.AprLifecycleListener initializ
                          eSSL
                          INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012)
                          Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
                          INFO: Initializing ProtocolHandler ["http-apr-8080"]
                          Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
                          INFO: Initializing ProtocolHandler ["http-apr-8443"]
                          Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
                          SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-ap
                          r-8443"]
                          java.lang.Exception: Connector attribute SSLCertificateFile must be defined when
                          using SSL with APR
                          at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
                          at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
                          a:610)
                          at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
                          at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
                          81)
                          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
                          at org.apache.catalina.core.StandardService.initInternal(StandardService
                          .java:559)
                          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
                          at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
                          ava:814)
                          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
                          at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
                          at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
                          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
                          java:57)
                          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
                          sorImpl.java:43)
                          at java.lang.reflect.Method.invoke(Method.java:601)
                          at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
                          at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)

                          Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService initInternal
                          SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
                          org.apache.catalina.LifecycleException: Failed to initialize component [Connecto
                          r[HTTP/1.1-8443]]
                          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
                          at org.apache.catalina.core.StandardService.initInternal(StandardService
                          .java:559)
                          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
                          at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
                          ava:814)
                          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
                          at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
                          at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
                          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
                          java:57)
                          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
                          sorImpl.java:43)
                          at java.lang.reflect.Method.invoke(Method.java:601)
                          at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
                          at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
                          Caused by: org.apache.catalina.LifecycleException: Protocol handler initializati
                          on failed
                          at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
                          83)
                          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
                          ... 12 more
                          Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be d
                          efined when using SSL with APR
                          at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
                          at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
                          a:610)
                          at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
                          at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
                          81)
                          ... 13 more

                          Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
                          INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
                          Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.Catalina load
                          INFO: Initialization processed in 2945 ms
                          Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService startInternal
                          INFO: Starting service Catalina
                          Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardEngine startInternal
                          INFO: Starting Servlet Engine: Apache Tomcat/7.0.29
                          Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.HostConfig deployWAR
                          INFO: Deploying web application archive C:\Junkyard\apache-tomcat-7.0.29\webapps
                          \Blah.war
                          Jul 25, 2012 11:11:44 PM org.apache.catalina.loader.WebappClassLoader validateJa
                          rFile
                          INFO: validateJarFile(C:\Junkyard\apache-tomcat-7.0.29\webapps\Blah\WEB-INF\lib\
                          javax.servlet-5.1.12.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2.
                          Offending class: javax/servlet/Servlet.class
                          Logger Contructor
                          Servlet Context has been initialized
                          Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
                          INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                          ps\docs
                          Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
                          INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                          ps\examples
                          Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
                          INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                          ps\host-manager
                          Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
                          INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                          ps\manager
                          Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
                          INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
                          ps\ROOT
                          Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
                          INFO: Starting ProtocolHandler ["http-apr-8080"]
                          Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
                          INFO: Starting ProtocolHandler ["ajp-apr-8009"]
                          Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.Catalina start
                          INFO: Server startup in 2728 ms

                          Edited by: 948555 on Jul 25, 2012 10:42 AM
                          • 10. Re: Unable to securely request for a page
                            951558
                            Do I need to add keystore information in server.xml as well like done in web.xml?
                            • 11. Re: Unable to securely request for a page
                              951558
                              After making the above changes I m able to telnet but

                              a) I get the above exception in console.
                              b) and the secured page is loading forever to display.

                              Thanks..
                              • 12. Re: Unable to securely request for a page
                                EJP
                                The Connector configuration goes in server.xml, not web.xml.
                                • 13. Re: Unable to securely request for a page
                                  951558
                                  Thank you guys. Got the problem solved :)