[jcifs] Davenport Issue Report
David D.Kilzer
ddkilzer at kilzer.net
Sat Jan 1 18:16:40 GMT 2005
On Dec 31, 2004, at 6:51 PM, Peter Walter wrote:
> Server configuration: SME Server 6.01-01 (based on RHL 7.3) in
> firewalled-server mode (external / internal network cards) with Java
> VM (j2re-1-4_2_06-linux-i586.rpm) and Samba 2.2.8a-2cb.
> [...]
You don't mention which Java application server you're using, but my
guess is that it's Tomcat 4.x or 5.0.x.
> [...]
> 2) I cannot seem to figure out how to turn on / force https access. I
> can only access the interface from
> http://www.mydomain.com:8080/servername (externally and internally) or
> http://servername:8080/servername (internally). Trying
> https://www.mydomain.com:8080/servername results in a dialog box which
> says "The connection to www.mydomain.com:8080 has terminated
> unexpectedly. Some data may have been transferred"
> [...]
Setting up https on Tomcat is orthogonal to configuring web.xml (which
means SSL is configured separately from web.xml). Here are links to
the relevant Tomcat documentation:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
Basically, you're going to have to do the following:
1. Generate a private key and self-signed SSL certificate for use with
SSL. (Use the "keytool" utility to do this. Tomcat wants the private
key and certificate stored in a "JKS" formatted file, which is what
keytool generates. Alternatively, you may generate a certificate
signing request and send that to a certifying authority (CA) like
Verisign or Thawte to obtain a "trusted" SSL certificate, for a fee.)
2. Modify Tomcat's server.xml to add a "Connector" on port 8443, and
configure it to use the JKS file that you generated in Step 1. (Note
that you may change the port to 8080 if you'd like, and then
"https://www.mydomain.com:8080" would work, but you'll have to disable
the Connector for 8080 in server.xml first. Note that if you use port
443, this is the "standard" SSL port, so that would change your URL to
"https://www.mydomain.com/".)
3. Restart Tomcat. Watch for (new) error messages in its log file.
4. Try connecting to the server using "https://www.mydomain.com:8443/",
or whatever URL is appropriate.
BTW, the reason you're getting the "terminated unexpectedly" error
message because an SSL (https) connection attempts to do a key exchange
first, and when the server isn't configured for SSL, it looks like a
failure in the key exchange process.
> [...]
> 6) When start.jar is started, the console lists the following message:
> "18:39:59.864 EVENT NOTICE: AJP13 is not a secure protocol. Please
> protect the port 0.0.0.0:8009". Is this anything to be concerned
> about?
The AJP 1.3 ("AJP13") protocol is used when you put an Apache web
server "in front" of the Tomcat server so that all http requests go
through Apache, and then Apache "proxies" the requests back to the
Tomcat application server. There are a number of benefits for doing
this, but it can be a pain to configure. You may turn off the AJP13
protocol in server.xml by commenting-out the appropriate Connector,
then restarting Tomcat. If you're not going to use this, then turn it
off.
Dave
More information about the jcifs
mailing list