Apache Tomcat https setup

I am using Apache Tomcat 6. I have setup an https site by installing
some certificates. When  I enter https  url a pop-up message comes
showing the certificate. Is there a way to prevent this pop-up message
because it is annoying to users. We are in an intranet and primary
purpose is to encrypt passwords, data etc sent over the network.

I have seen some other websites using https where the pop-up message
does not come. When I installed certificates in certificate store
using java command I trusted all the certificates, so do not know why
popup-up message comes.


Thanks a lot.
0
zigzagdna
10/13/2010 4:17:42 PM
comp.lang.java.programmer 52266 articles. 40 followers. Post Follow

4 Replies
280 Views

Similar Articles

[PageSpeed] 1
On Oct 13, 12:17=A0pm, zigzagdna <zigzag...@yahoo.com> wrote:
> I am using Apache Tomcat 6. I have setup an https site by installing
> some certificates. When =A0I enter https =A0url a pop-up message comes
> showing the certificate. Is there a way to prevent this pop-up message
> because it is annoying to users. We are in an intranet and primary
> purpose is to encrypt passwords, data etc sent over the network.
>
> I have seen some other websites using https where the pop-up message
> does not come. When I installed certificates in certificate store
> using java command I trusted all the certificates, so do not know why
> popup-up message comes.
>

"A pop-up message ... showing the certificate" is a tad imprecise.  I
assume it's the message asking users to accept the certificate, which
comes up when the certificate is not signed by a trusted authority.

You say you "trusted all the certificates", another imprecise
statement.  Do you mean you went to each user's browser and instructed
it to trust the signing authority of the certificate?

If not, that could explain the issue, assuming my assumption of what
you meant is correct.

--
Lew
0
Lew
10/13/2010 4:47:35 PM
On Oct 13, 12:47=A0pm, Lew <l...@lewscanon.com> wrote:
> On Oct 13, 12:17=A0pm, zigzagdna <zigzag...@yahoo.com> wrote:
>
> > I am using Apache Tomcat 6. I have setup an https site by installing
> > some certificates. When =A0I enter https =A0url a pop-up message comes
> > showing the certificate. Is there a way to prevent this pop-up message
> > because it is annoying to users. We are in an intranet and primary
> > purpose is to encrypt passwords, data etc sent over the network.
>
> > I have seen some other websites using https where the pop-up message
> > does not come. When I installed certificates in certificate store
> > using java command I trusted all the certificates, so do not know why
> > popup-up message comes.
>
> "A pop-up message ... showing the certificate" is a tad imprecise. =A0I
> assume it's the message asking users to accept the certificate, which
> comes up when the certificate is not signed by a trusted authority.
>
> You say you "trusted all the certificates", another imprecise
> statement. =A0Do you mean you went to each user's browser and instructed
> it to trust the signing authority of the certificate?
>
> If not, that could explain the issue, assuming my assumption of what
> you meant is correct.
>
> --
> Lew

Lew:

Yes, pop-up message is for what you say. I did not go to each user's
browser; instead when I was running java commands  on web server to
install certficates in a kety store which is used by Tomcat; java
command asked me whether certificate is to be trusted.
How does browser decides whether
"certificate is not signed by a trusted authority". Is certifcate have
to be installed in some place on user's PC. If yes where?

THANKS A LOT.

Prem
0
zigzagdna
10/13/2010 5:49:31 PM
On 13-10-2010 13:49, zigzagdna wrote:
> Yes, pop-up message is for what you say. I did not go to each user's
> browser; instead when I was running java commands  on web server to
> install certficates in a kety store which is used by Tomcat; java
> command asked me whether certificate is to be trusted.
> How does browser decides whether
> "certificate is not signed by a trusted authority". Is certifcate have
> to be installed in some place on user's PC. If yes where?

This is a security feature.

If a site claims to be java.sun.com and the certificate is
signed by a company that the browser know, then there is no
need to ask.

If the browser does not know the signer of the certificate,
then you get prompted.

There are no way you can disable that server side. For
obvious reasons otherwise the hackers would let their
fake java.sun.com disable the check as well.

You either need to buy a certificate from one of the
known vendors or install the the signing certificate
at each client PC.

How depends on OS and browser.

Arne

0
ISO
10/13/2010 11:57:46 PM
On Oct 13, 7:57=A0pm, Arne Vajh=F8j <a...@vajhoej.dk> wrote:
> On 13-10-2010 13:49, zigzagdna wrote:
>
> > Yes, pop-up message is for what you say. I did not go to each user's
> > browser; instead when I was running java commands =A0on web server to
> > install certficates in a kety store which is used by Tomcat; java
> > command asked me whether certificate is to be trusted.
> > How does browser decides whether
> > "certificate is not signed by a trusted authority". Is certifcate have
> > to be installed in some place on user's PC. If yes where?
>
> This is a security feature.
>
> If a site claims to be java.sun.com and the certificate is
> signed by a company that the browser know, then there is no
> need to ask.
>
> If the browser does not know the signer of the certificate,
> then you get prompted.
>
> There are no way you can disable that server side. For
> obvious reasons otherwise the hackers would let their
> fake java.sun.com disable the check as well.
>
> You either need to buy a certificate from one of the
> known vendors or install the the signing certificate
> at each client PC.
>
> How depends on OS and browser.
>
> Arne

Arne:

Thanks a lot. As alwyas you are extremely knowledagbale and your
answers are very clear.

0
zigzagdna
10/14/2010 1:53:58 AM
Reply:
Similar Artilces:

Error in reporting in apache log file (Apache 2.0.45)
hi I am using Apache/2.0.45 on Linux. I see many messages of the following type, 12.147.4.130 - - [11/Aug/2004:12:00:29 +051800] "GET /companies/computers/software/img/blank.gif HTTP/1.1" 404 343 "http://indiafocus.indiainfo.com/companies/computers/software/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)" On http://indiafocus.indiainfo.com/companies/computers/software/ I access http://indiafocus.indiainfo.com/img/blank.gif but I don't have code that reads http://indiafocus.indiainfo.com/companies/computers/software/img/...

Apache on AIX
I've got to put up an apache server on AIX 5.2. The version I'm using is 1.3.29 (vendor spec). I've been asked to enable a few things I'm not sure about. I need to enable SSL. I need to enable some type of timeout. And, have a password disable if there are too many incorrect attempts. Can someone point me in the right direction? Also, for SSL, do I need to import some type of certificate? "Dale DeRemer" <dderemer_nospam@agmc.org> wrote in message news:<cf0mnf$s32 $1@malgudi.oar.net>... > I've got to put up an apache server on AIX 5.2. The versio...

Apache 2 startup problem
Hi Guys When I try and start apache, the service fails. Looking in the error_log the only thing I can see is [Fri May 07 11:19:32 2004] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2) Anyone else had the same issue or can point me in the right direction to get a more verbose error message? Thanks In article <487b8da.0405070317.4c229b5e@posting.google.com>, google@freelancephp.co.uk (Mark Evans) writes: > When I try and start apache, the service fails. "the service fails"? > Anyone else had the same issue or can point me i...

Tomcat client certificate authentication for SSL
Hello, I am running a web service as a filter inside tomcat. I need to configure it to perform mutual (both server and client) authentication, with SSL. (My app is the server). Looking at http://tomcat.apache.org/tomcat-4.0-doc/ssl-howto.html tells me how to configure the server cert. But how can I make tomcat authenticate the client cert before passing it to my app? Is this doable? >From the docs, setting the clientAuth=true seems to configure tomcat to force a client cert request. But does tomcat actually authenticate the cert? (I am assuming my client certs can be issued by Verisign). ...

apache: failed to get socket for port 80
Apache just quits. C:\Program Files\Apache Group\Apache>apache -v Server version: Apache/1.3.31 (Win32) Server built: May 11 2004 10:03:33 C:\Program Files\Apache Group\Apache>apache [Sun Jun 27 23:31:05 2004] [warn] pid file c:/program files/apache group/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Sun Jun 27 23:31:05 2004] [warn] exec() may not be safe [Sun Jun 27 23:31:05 2004] [warn] exec() may not be safe Apache/1.3.31 (Win32) running... C:\Program Files\Apache Group\Apache> if I delete everything in the log directory (includi...

HPSBUX02308 SSRT080010 rev.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01345501 Version: 1 HPSBUX02308 SSRT080010 rev.1 - HP-UX Running Apache, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-01-30 Last Updated: 2008-01-30 Potential Security Impact: Remote execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities has been identified with HP-UX Apache. These vulnera...

Apache Authentication
Hi all I am new user to this group. I have problem with apache authentication. My apache server is is on lnux machine. There are two apache server on two different machines. as a1 and a2. both having same config files as well as the document root. Authentication on sever work properly while on other it don't bother ask for it...and directly gives error as Authorization Required. ...

SSRT051043 rev.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01232 REVISION: 0 SSRT051043 rev.0 - Apache Remote Unauthorized access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. INITIAL RELEASE: 05 October 2005 POTENTIAL SECURITY IMPACT: Remote unauthorized access. SOURCE: Hewlett-Packard Company HP Software Security Response Team VULNERABILITY SUMMARY: A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to bypass client-based certificate aut...

Setup on Mac OS X Server 10.5
I'm trying to get MySQL up and running on Mac OS X 10.5. When I try to connect the Administrator GUI i get an error message to the effect of. Could not connect to MySQL instance at Silkworth.local. Host 192.168.1.100 not allowed to connect to this MySQL server Code 1130 What does this mean? I'm new to MySQL. Wayne Schmand wrote: > I'm trying to get MySQL up and running on Mac OS X 10.5. When I try to > connect the Administrator GUI i get an error message to the effect of. > > Could not connect to MySQL instance at Silkworth.local. Host > 192.168.1.100 not allow...

Problem installing PHP on Apache server #2
Hi, I am trying to install Apache and PHP. I have installed apache fine where I can type in http://localhost and it displays the default Apache page. When trying to install PHP I have run the installer file which seemed to go OK. It is when configure the Apache httpd.conf file that I get the problem. I have updated the ScriptAlias to read: ScriptAlias /php/ "C:/Program Files/PHP/" And added the following lines: Action application/x-httpd-php "/php/php.exe" AddType application/x-httpd-php .php ...as instructed by the tutorial I was reading. To test PHP, I have cre...

fail2ban fails to ban apache...
Bonjour, I try to configure fail2ban in order to ban IP which try to connect to directories protected by .htaccess. Here is my [apache] section in jail.conf: enabled = true port = http,https filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 3 But I tested the config filling the auth form with erroneous login/password and nothing happens! Nothing appeared in /var/log/fail2ban.log... I tried the same for ssh connections and the IP of the computer from which I tried was banned after the third attempt. What is missing in my config? Here i...

https + security
How secure is it to put debit card details into https sites? Thanks Ps. Browser IE7, cypher strength 256bit OS. Vista 32bit "not_here.5.species8350@xoxy.net" <not_here.5.species8350@xoxy.net> writes: > How secure is it to put debit card details into https sites? > > Thanks > > Ps. Browser IE7, cypher strength 256bit > OS. Vista 32bit Hi Not, You've asked a poorly constrained question unfortunately. All SSL does is secure the data in transit between your web browser and the web site (and the strength of that is dependent on which ciphers the web sit...

apache versus IIS
Hi, where is the best source of web server rankings, showing which servers are the most popular, ie. apache versus IIS etc thanks Portroe Monthly survey of webservers.... http://news.netcraft.com/archives/web_server_survey.html "portroe" <portroe@nospam.com> wrote in message news:bpd08t$fm3$05$1@news.t-online.com... > Hi, > > where is the best source of web server rankings, showing which servers > are the most popular, > > ie. apache versus IIS etc > > thanks > > Portroe > > In article <bpd08t$fm3$05$1@news.t-online.com>, p...

Stats comp.os.linux.setup (last 7 days) #187
Stats comp.os.linux.setup (last 7 days) Top 10 posters for the period: rank posts kbytes name address 1 6 13.6 Matthew Harrison m.harrisson@craznar.com 2 6 9.4 Taylor Sutherland ctaylors@triad.rr.com 3 5 10.8 Lenard lenard@127.0.0.1 4 4 8.3 Unruh unruh-spam@physics.ubc.ca 5 3 7.7 Jean-David Beyer jeandavid8@verizon.net 6 3 6.6 Masroor mmasroorali@cse.buet.ac.b 7 2 27.0 FAQ (bi-weekly) comp.os.linux.setup-FAQ@...

Access 97 changes Paper Size in Page Setup in Reports
I use a DYMO labelwriter with my Access 97 database. I just purchased a new computer and in the report section under page setup/paper size, the new computer keeps changing the size automatically. I know something must be different on the machines. But what? I have checked everything ! Thanks, Ira I am not sure from your description what is happeneing. Is it that they reports you create in Access are not saving their paper sizes properly? If so, I seem to recall that there was a patch for reports in Access not saving their paper sizes and margins properly. (It may have been for A2K, t...

setup.py not found
I'm trying to install a package (cx_Oracle) on a mac running 10.5.7. I've done this on other platforms, but never on a mac. I followed the instructions given, but when I try and run setup I get: Apollo:instantclient_10_2 user$ python setup.py build /System/Library/Frameworks/Python.framework/Versions/2.5/Resources/ Python.app/Contents/MacOS/Python: can't open file 'setup.py': [Errno 2] No such file or directory Is there something else I have to install first to have this? Thanks! In article <3be2bdce-680d-4b32-ad0c-ef46caf556e9@f10g2000vbf.googlegroups.com>, Larry...

apache inquiry
how to enable cgi to be executed in more than one path? appending the new path to the existing one doesn't work... On 2006-05-05, vito <vitogen2003@yahoo.com.hk> wrote: > how to enable cgi to be executed in more than one path? Using multiple ScriptAliases or using Options ExecCGI in the <Directory block. Davide -- "Windows for Dummies" is much more than a book title, it's a Microsoft way of life! "Davide Bianchi" <davideyeahsure@onlyforfun.net> wrote in message news:slrne5luuf.1v9.davideyeahsure@fogg.onlyforfun.net... > On 2006-05-05...

Win XP, Apache, and PHP
I am installing Apache 1-3-31 and PHP 4-3-8 on a Windows XP box. I am able to install Apache, but it does not see PHP. When I view a PHP document through IE, all I see is the HTML code. (I can see the PHP source in View Source). I've tried several different flavors of configuring httpd.conf and php.ini, but nothing seems to work. Dennis grossde@sec.gov (Dennis Gross) wrote in message news:<d7afc9f6.0409131148.361c16f2@posting.google.com>... > I am installing Apache 1-3-31 and PHP 4-3-8 on a Windows XP box. I am > able to install Apache, but it does not see PHP. When I v...

Principal for Apache httpd vhost
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig25ED0B128CAA6A9200EC69C6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, I have a Linux server which is named goofy (as in the output of hostname command) with full qualified hostname goofy.example.com (as indicated by hostname -f on the server itself). DNS has an A record pointing from goofy.example.com to 191.168.0.123, including reverse lookup (dig confirms this, even at other machines). This server runs an Apache httpd with several vhosts configured, one of them www...

eComStation+Apache+tomcat
It may over topic. I want use eComStation to create a Web Server, I want it support php+jsp, I successful install apache+php+jdk 1.4.2.+mySQL. I have unzip tomcat 5.x in eComStation. But I don't know how to config and startup it in eComStation. Would you help me? I want d:\webroot\index.htm--->http://ip or domain/index.htm d:\webroot\index.html--->http://ip or domain/index.html d:\webroot\index.php--->http://ip or domain/index.php d:\webroot\index.jsp--->http://ip or domain/index.jsp I don't want d:\tomcat\jsproot\index.jsp--->http://ip or domain/jsproot/index.jsp How...

ot - linux virus under apache
We have an intranet web site running under linux/apache on an intel box. A customer connected to our network has reported attacks trying to break passwords on one of his servers coming from this system, based on ip address. With Apache shutdown, problem goes away.. Anybody with any experience or suggestions please..??? TIA, jp * To join/leave the list, search archives, change list settings, * * etc., please visit http://raven.utc.edu/archives/hp3000-l.html * Hi John :) First a public reply... remember email is not secure (tho I will sign this one) Has the...

Apache/mod_perl server getting stuck
Lately, in the last week or so, my Apache server with mod_perl began to get stuck. How can I find out where (in mod_perl code) am I stuck, can I maybe send some signal to apache and get a dump of current state of its subprocesses, including state of mod_perl code. Thanks i I found the solution, it is here: http://perl.apache.org/docs/1.0/guide/debug.html Using the Perl Trace To see where an httpd is "spinning", try adding this to your script or a startup file: use Carp (); $SIG{'USR2'} = sub { Carp::confess("caught SIGUSR2!"); }; The above code...

Apache::AuthenNTLM runtime errors from Apache
Hi, We are trying to use the Apache::AuthenNTLM perl module with HP/Apache and mod_perl. We have disable mod_perl from running our cgi-perl scripts (by using apache directives to only use mod_perl from *PL files), as we want to use 5.8 for this, and the HP-supplied mod_perl is tied to 5.6.1 Everything installs ok & the server starts ok. However, we get the following errors in the errorlog: [Fri Aug 08 13:39:47 2003] [error] failed to resolve handler `Apache::AuthenNTLM' [Fri Aug 08 13:39:47 2003] [error] [client 30.254.43.59] Can't find 'boot_Authen__Smb' symbol in /opt/...

TOMCAT REALM dosn't work after DB was down
Hello everybody, I work with Tomcat 4.1.18 and an Oracle DB 8i. My JSP-Application needs authentication via BASIC-Authentification. Everytime when the database is halted an restarted again, the users can't logon to my applicatons. After restarting Tomcat everything works fine again. I think that the JDBC-Realm of Tomcat is not able to reconnect to the database. Is that right? What are my possibilities? I want to run a failovercluster with a round-robin router, two hw-servers, one Apache Web-Server running on each and 2 Tomcats on every hw-server, session-replicated by j...

apache and php
I have been successfully running a local copy of apache2 on Ubuntu 9.10. I have now just upgraded to Ubuntu 10.04 and Firefox, although it deals happily with remote php files, now asks me what I want to do with local php files. I assume this is some sort of apache (or php) configuration problem, but I'm not sure what the problem is. During the upgrade I did get a warning that adodb was now located in a different place and that I might want to edit my php ini file, but (a) I don't have adodb (whatever that is) installed, according to Synaptic, and (b) php.ini doesn'...