[jcifs] Davenport Issue Report

David D.Kilzer ddkilzer at kilzer.net
Sat Jan 1 18:16:40 GMT 2005 

On Dec 31, 2004, at 6:51 PM, Peter Walter wrote:

> Server configuration: SME Server 6.01-01 (based on RHL 7.3) in 
> firewalled-server mode (external / internal network cards) with Java 
> VM (j2re-1-4_2_06-linux-i586.rpm) and Samba  2.2.8a-2cb.
> [...]

You don't mention which Java application server you're using, but my 
guess is that it's Tomcat 4.x or 5.0.x.

> [...]
> 2) I cannot seem to figure out how to turn on / force https access. I 
> can only access the interface from 
> http://www.mydomain.com:8080/servername (externally and internally) or 
> http://servername:8080/servername (internally). Trying 
> https://www.mydomain.com:8080/servername results in a dialog box which 
> says "The connection to www.mydomain.com:8080 has terminated 
> unexpectedly. Some data may have been transferred"
> [...]

Setting up https on Tomcat is orthogonal to configuring web.xml (which 
means SSL is configured separately from web.xml).  Here are links to 
the relevant Tomcat documentation:

http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html

Basically, you're going to have to do the following:

1. Generate a private key and self-signed SSL certificate for use with 
SSL.  (Use the "keytool" utility to do this.  Tomcat wants the private 
key and certificate stored in a "JKS" formatted file, which is what 
keytool generates.  Alternatively, you may generate a certificate 
signing request and send that to a certifying authority (CA) like 
Verisign or Thawte to obtain a "trusted" SSL certificate, for a fee.)

2. Modify Tomcat's server.xml to add a "Connector" on port 8443, and 
configure it to use the JKS file that you generated in Step 1.  (Note 
that you may change the port to 8080 if you'd like, and then 
"https://www.mydomain.com:8080" would work, but you'll have to disable 
the Connector for 8080 in server.xml first.  Note that if you use port 
443, this is the "standard" SSL port, so that would change your URL to 
"https://www.mydomain.com/".)

3. Restart Tomcat.  Watch for (new) error messages in its log file.

4. Try connecting to the server using "https://www.mydomain.com:8443/", 
or whatever URL is appropriate.

BTW, the reason you're getting the "terminated unexpectedly" error 
message because an SSL (https) connection attempts to do a key exchange 
first, and when the server isn't configured for SSL, it looks like a 
failure in the key exchange process.

> [...]
> 6) When start.jar is started, the console lists the following message:
> "18:39:59.864 EVENT  NOTICE: AJP13 is not a secure protocol. Please 
> protect the port 0.0.0.0:8009". Is this anything to be concerned 
> about?

The AJP 1.3 ("AJP13") protocol is used when you put an Apache web 
server "in front" of the Tomcat server so that all http requests go 
through Apache, and then Apache "proxies" the requests back to the 
Tomcat application server.  There are a number of benefits for doing 
this, but it can be a pain to configure.  You may turn off the AJP13 
protocol in server.xml by commenting-out the appropriate Connector, 
then restarting Tomcat.  If you're not going to use this, then turn it 
off.

Dave

More information about the jcifs mailing list