Unable to set up ssl

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Unable to set up ssl

Oleg Andreyev
Hi,

Last days I tried to set up SSL on Geronimo 3.0.1 and finally had to
admit defeat.

My steps:

- Downloaded 3.0.1 (Linux x64, Web profile, run with Oracle JDK 1.6.0_14)
- Changed ports to 80/443 in config-substitution.properties
- Log in to Web console
- Created new keystore, enabled it, generated key, CSR, imported answer
from CA

No errors so far. The key looks like:

Version:     3
Subject:     CN=xxx.yyyyy.com, OU=Domain Control Validated
Issuer:     SERIALNUMBER=10688435, CN=Starfield Secure Certification
Authority, OU=http://certificates.starfieldtech.com/repository,
O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Serial Number:     2292395462585499
Valid From:     Fri Aug 02 20:15:19 EDT 2013
Valid To:     Wed Jul 30 16:46:03 EDT 2014
Signature Alg:     SHA1withRSA
Public Key Alg:     RSA
critical ext:     2.5.29.15
critical ext:     2.5.29.19
non-critical ext:     2.5.29.14
non-critical ext:     1.3.6.1.5.5.7.1.1
non-critical ext:     2.5.29.31
non-critical ext:     2.5.29.32
non-critical ext:     2.5.29.37
non-critical ext:     2.5.29.35
non-critical ext:     2.5.29.17

Also I have changed Web servers/TomcatWebSSLConnector to set correct
keystoreFile and keystore password and stop/start it.

So, I tried connect with https and after some time "The connection was
reset". And I see error in geronimo log:
2013-08-02 20:19:22,861 ERROR [JIoEndpoint]
java.lang.NullPointerException
     at
org.apache.tomcat.util.net.JIoEndpoint.processSocket(JIoEndpoint.java:525)
     at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:230)
     at java.lang.Thread.run(Thread.java:619)

I describe this attempts because it is most appropriate to documentation
but I tried different JDK, geronimo 3.0.0, keystore created by keytool
and so on.

Any clue?
Reply | Threaded
Open this post in threaded view
|

Re: Unable to set up ssl

thiyagu_r
Please share the config.xml

Sent from my iPhone

On Aug 3, 2013, at 10:23 AM, "Oleg Andreyev [via Apache Geronimo]" <[hidden email]> wrote:

Hi,

Last days I tried to set up SSL on Geronimo 3.0.1 and finally had to
admit defeat.

My steps:

- Downloaded 3.0.1 (Linux x64, Web profile, run with Oracle JDK 1.6.0_14)
- Changed ports to 80/443 in config-substitution.properties
- Log in to Web console
- Created new keystore, enabled it, generated key, CSR, imported answer
from CA

No errors so far. The key looks like:

Version:     3
Subject:     CN=xxx.yyyyy.com, OU=Domain Control Validated
Issuer:     SERIALNUMBER=10688435, CN=Starfield Secure Certification
Authority, OU=http://certificates.starfieldtech.com/repository,
O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Serial Number:     2292395462585499
Valid From:     Fri Aug 02 20:15:19 EDT 2013
Valid To:     Wed Jul 30 16:46:03 EDT 2014
Signature Alg:     SHA1withRSA
Public Key Alg:     RSA
critical ext:     2.5.29.15
critical ext:     2.5.29.19
non-critical ext:     2.5.29.14
non-critical ext:     1.3.6.1.5.5.7.1.1
non-critical ext:     2.5.29.31
non-critical ext:     2.5.29.32
non-critical ext:     2.5.29.37
non-critical ext:     2.5.29.35
non-critical ext:     2.5.29.17

Also I have changed Web servers/TomcatWebSSLConnector to set correct
keystoreFile and keystore password and stop/start it.

So, I tried connect with https and after some time "The connection was
reset". And I see error in geronimo log:
2013-08-02 20:19:22,861 ERROR [JIoEndpoint]
java.lang.NullPointerException
     at
org.apache.tomcat.util.net.JIoEndpoint.processSocket(JIoEndpoint.java:525)
     at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:230)
     at java.lang.Thread.run(Thread.java:619)

I describe this attempts because it is most appropriate to documentation
but I tried different JDK, geronimo 3.0.0, keystore created by keytool
and so on.

Any clue?



If you reply to this email, your message will be added to the discussion below:
http://apache-geronimo.328035.n3.nabble.com/Unable-to-set-up-ssl-tp3987094.html
To start a new topic under Users, email [hidden email]
To unsubscribe from Users, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: Unable to set up ssl

Oleg Andreyev
There are no handmade changes in config.xml. It's the same as in
geronimo-tomcat7-javaee6-web-3.0.1-bin.tar.gz

On 08/03/2013 10:04 PM, thiyagu_r wrote:

> Please share the config.xml
>
> Sent from my iPhone
>
> On Aug 3, 2013, at 10:23 AM, "Oleg Andreyev [via Apache Geronimo]"
> <[hidden email] </user/SendEmail.jtp?type=node&node=3987095&i=0>> wrote:
>
>> Hi,
>>
>> Last days I tried to set up SSL on Geronimo 3.0.1 and finally had to
>> admit defeat.
>>
>> My steps:
>>
>> - Downloaded 3.0.1 (Linux x64, Web profile, run with Oracle JDK 1.6.0_14)
>> - Changed ports to 80/443 in config-substitution.properties
>> - Log in to Web console
>> - Created new keystore, enabled it, generated key, CSR, imported answer
>> from CA
>>
>> No errors so far. The key looks like:
>>
>> Version:     3
>> Subject:     CN=xxx.yyyyy.com <http://xxx.yyyyy.com>, OU=Domain
>> Control Validated
>> Issuer:     SERIALNUMBER=10688435, CN=Starfield Secure Certification
>> Authority, OU=http://certificates.starfieldtech.com/repository,
>> O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
>> Serial Number:     2292395462585499
>> Valid From:     Fri Aug 02 20:15:19 EDT 2013
>> Valid To:     Wed Jul 30 16:46:03 EDT 2014
>> Signature Alg:     SHA1withRSA
>> Public Key Alg:     RSA
>> critical ext:     2.5.29.15
>> critical ext:     2.5.29.19
>> non-critical ext:     2.5.29.14
>> non-critical ext:     1.3.6.1.5.5.7.1.1
>> non-critical ext:     2.5.29.31
>> non-critical ext:     2.5.29.32
>> non-critical ext:     2.5.29.37
>> non-critical ext:     2.5.29.35
>> non-critical ext:     2.5.29.17
>>
>> Also I have changed Web servers/TomcatWebSSLConnector to set correct
>> keystoreFile and keystore password and stop/start it.
>>
>> So, I tried connect with https and after some time "The connection was
>> reset". And I see error in geronimo log:
>> 2013-08-02 20:19:22,861 ERROR [JIoEndpoint]
>> java.lang.NullPointerException
>>      at
>> org.apache.tomcat.util.net.JIoEndpoint.processSocket(JIoEndpoint.java:525)
>>
>>      at
>> org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:230)
>>      at java.lang.Thread.run(Thread.java:619)
>>
>> I describe this attempts because it is most appropriate to documentation
>> but I tried different JDK, geronimo 3.0.0, keystore created by keytool
>> and so on.
>>
>> Any clue?
>>
>>
>> ------------------------------------------------------------------------
>> If you reply to this email, your message will be added to the
>> discussion below:
>> http://apache-geronimo.328035.n3.nabble.com/Unable-to-set-up-ssl-tp3987094.html
>>
>> To start a new topic under Users, email [hidden email]
>> </user/SendEmail.jtp?type=node&node=3987095&i=1>
>> To unsubscribe from Users, click here.
>> NAML
>> <http://apache-geronimo.328035.n3.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
>
> ------------------------------------------------------------------------
> View this message in context: Re: Unable to set up ssl
> <http://apache-geronimo.328035.n3.nabble.com/Unable-to-set-up-ssl-tp3987094p3987095.html>
> Sent from the Users mailing list archive
> <http://apache-geronimo.328035.n3.nabble.com/Users-f328036.html> at
> Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: Unable to set up ssl

Ivan Xu
Hi,

Per the stacktrace, it looks like the executor was not configured correctly.

In Geronimo 3.0.*, the var/catalina/server.xml is used as the tomcat container configuration file, could you show us that file ? I guess that the ssl connector was updated incorrectly in that file. You may also compare that file with the original one to check what was changed.

Thanks.


2013/8/5 Oleg Andreyev <[hidden email]>
There are no handmade changes in config.xml. It's the same as in geronimo-tomcat7-javaee6-web-3.0.1-bin.tar.gz


On 08/03/2013 10:04 PM, thiyagu_r wrote:
Please share the config.xml

Sent from my iPhone

On Aug 3, 2013, at 10:23 AM, "Oleg Andreyev [via Apache Geronimo]"
<[hidden email] </user/SendEmail.jtp?type=node&node=3987095&i=0>> wrote:

Hi,

Last days I tried to set up SSL on Geronimo 3.0.1 and finally had to
admit defeat.

My steps:

- Downloaded 3.0.1 (Linux x64, Web profile, run with Oracle JDK 1.6.0_14)
- Changed ports to 80/443 in config-substitution.properties
- Log in to Web console
- Created new keystore, enabled it, generated key, CSR, imported answer
from CA

No errors so far. The key looks like:

Version:     3
Subject:     CN=xxx.yyyyy.com <http://xxx.yyyyy.com>, OU=Domain

Control Validated
Issuer:     SERIALNUMBER=10688435, CN=Starfield Secure Certification
Authority, OU=http://certificates.starfieldtech.com/repository,
O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Serial Number:     2292395462585499
Valid From:     Fri Aug 02 20:15:19 EDT 2013
Valid To:     Wed Jul 30 16:46:03 EDT 2014
Signature Alg:     SHA1withRSA
Public Key Alg:     RSA
critical ext:     2.5.29.15
critical ext:     2.5.29.19
non-critical ext:     2.5.29.14
non-critical ext:     1.3.6.1.5.5.7.1.1
non-critical ext:     2.5.29.31
non-critical ext:     2.5.29.32
non-critical ext:     2.5.29.37
non-critical ext:     2.5.29.35
non-critical ext:     2.5.29.17

Also I have changed Web servers/TomcatWebSSLConnector to set correct
keystoreFile and keystore password and stop/start it.

So, I tried connect with https and after some time "The connection was
reset". And I see error in geronimo log:
2013-08-02 20:19:22,861 ERROR [JIoEndpoint]
java.lang.NullPointerException
     at
org.apache.tomcat.util.net.JIoEndpoint.processSocket(JIoEndpoint.java:525)

     at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:230)
     at java.lang.Thread.run(Thread.java:619)

I describe this attempts because it is most appropriate to documentation
but I tried different JDK, geronimo 3.0.0, keystore created by keytool
and so on.

Any clue?


------------------------------------------------------------------------

If you reply to this email, your message will be added to the
discussion below:
http://apache-geronimo.328035.n3.nabble.com/Unable-to-set-up-ssl-tp3987094.html

To start a new topic under Users, email [hidden email]
</user/SendEmail.jtp?type=node&node=3987095&i=1>

To unsubscribe from Users, click here.
NAML
<http://apache-geronimo.328035.n3.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>


------------------------------------------------------------------------

View this message in context: Re: Unable to set up ssl
<http://apache-geronimo.328035.n3.nabble.com/Unable-to-set-up-ssl-tp3987094p3987095.html>

Sent from the Users mailing list archive
<http://apache-geronimo.328035.n3.nabble.com/Users-f328036.html> at
Nabble.com.




--
Ivan
Reply | Threaded
Open this post in threaded view
|

Re: Unable to set up ssl

Oleg Andreyev
Well, I am very sorry first. It's production system on EC2 and I had to
find fast solution and made next AMI. Finally this works with apache +
mod_jk and original directory is removed. I can not share this file.
However all my steps were very simple and based on standard distribution
without any application code or customization (except changing ports).
And although the problem is no longer relevant to me, I ask you to pay
attention to it when you have time. I believe that fundamental
functionality should not require such efforts to set.

On 08/05/2013 03:45 PM, Ivan wrote:

> Hi,
>
> Per the stacktrace, it looks like the executor was not configured correctly.
>
> In Geronimo 3.0.*, the var/catalina/server.xml is used as the tomcat
> container configuration file, could you show us that file ? I guess that
> the ssl connector was updated incorrectly in that file. You may also
> compare that file with the original one to check what was changed.
>
> Thanks.
>
>
> 2013/8/5 Oleg Andreyev <[hidden email]
> <mailto:[hidden email]>>
>
>     There are no handmade changes in config.xml. It's the same as in
>     geronimo-tomcat7-javaee6-web-__3.0.1-bin.tar.gz
>
>
>     On 08/03/2013 10:04 PM, thiyagu_r wrote:
>
>         Please share the config.xml
>
>         Sent from my iPhone
>
>         On Aug 3, 2013, at 10:23 AM, "Oleg Andreyev [via Apache Geronimo]"
>         <[hidden email]
>         </user/SendEmail.jtp?type=__node&node=3987095&i=0>> wrote:
>
>             Hi,
>
>             Last days I tried to set up SSL on Geronimo 3.0.1 and
>             finally had to
>             admit defeat.
>
>             My steps:
>
>             - Downloaded 3.0.1 (Linux x64, Web profile, run with Oracle
>             JDK 1.6.0_14)
>             - Changed ports to 80/443 in config-substitution.properties
>             - Log in to Web console
>             - Created new keystore, enabled it, generated key, CSR,
>             imported answer
>             from CA
>
>             No errors so far. The key looks like:
>
>             Version:     3
>             Subject:     CN=xxx.yyyyy.com <http://xxx.yyyyy.com>
>             <http://xxx.yyyyy.com>, OU=Domain
>
>             Control Validated
>             Issuer:     SERIALNUMBER=10688435, CN=Starfield Secure
>             Certification
>             Authority,
>             OU=http://certificates.__starfieldtech.com/repository
>             <http://certificates.starfieldtech.com/repository>,
>             O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
>             Serial Number:     2292395462585499
>             Valid From:     Fri Aug 02 20:15:19 EDT 2013
>             Valid To:     Wed Jul 30 16:46:03 EDT 2014
>             Signature Alg:     SHA1withRSA
>             Public Key Alg:     RSA
>             critical ext:     2.5.29.15
>             critical ext:     2.5.29.19
>             non-critical ext:     2.5.29.14
>             non-critical ext:     1.3.6.1.5.5.7.1.1
>             non-critical ext:     2.5.29.31
>             non-critical ext:     2.5.29.32
>             non-critical ext:     2.5.29.37
>             non-critical ext:     2.5.29.35
>             non-critical ext:     2.5.29.17
>
>             Also I have changed Web servers/TomcatWebSSLConnector to set
>             correct
>             keystoreFile and keystore password and stop/start it.
>
>             So, I tried connect with https and after some time "The
>             connection was
>             reset". And I see error in geronimo log:
>             2013-08-02 20:19:22,861 ERROR [JIoEndpoint]
>             java.lang.NullPointerException
>                   at
>             org.apache.tomcat.util.net
>             <http://org.apache.tomcat.util.net>.__JIoEndpoint.processSocket(__JIoEndpoint.java:525)
>
>                   at
>             org.apache.tomcat.util.net
>             <http://org.apache.tomcat.util.net>.__JIoEndpoint$Acceptor.run(__JIoEndpoint.java:230)
>                   at java.lang.Thread.run(Thread.__java:619)
>
>             I describe this attempts because it is most appropriate to
>             documentation
>             but I tried different JDK, geronimo 3.0.0, keystore created
>             by keytool
>             and so on.
>
>             Any clue?
>
>
>             ------------------------------__------------------------------__------------
>
>             If you reply to this email, your message will be added to the
>             discussion below:
>             http://apache-geronimo.328035.__n3.nabble.com/Unable-to-set-__up-ssl-tp3987094.html
>             <http://apache-geronimo.328035.n3.nabble.com/Unable-to-set-up-ssl-tp3987094.html>
>
>             To start a new topic under Users, email [hidden email]
>             </user/SendEmail.jtp?type=__node&node=3987095&i=1>
>
>             To unsubscribe from Users, click here.
>             NAML
>             <<a href="http://apache-geronimo.__328035.n3.nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&id=instant_html%__21nabble%3Aemail.naml&base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml">http://apache-geronimo.__328035.n3.nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&id=instant_html%__21nabble%3Aemail.naml&base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml
>             <http://apache-geronimo.328035.n3.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>>
>
>
>
>         ------------------------------__------------------------------__------------
>
>         View this message in context: Re: Unable to set up ssl
>         <http://apache-geronimo.__328035.n3.nabble.com/Unable-__to-set-up-ssl-__tp3987094p3987095.html
>         <http://apache-geronimo.328035.n3.nabble.com/Unable-to-set-up-ssl-tp3987094p3987095.html>>
>
>         Sent from the Users mailing list archive
>         <http://apache-geronimo.__328035.n3.nabble.com/Users-__f328036.html
>         <http://apache-geronimo.328035.n3.nabble.com/Users-f328036.html>> at
>         Nabble.com.
>
>
>
>
>
> --
> Ivan