Subject: SSL enabled in Jetty but HTTPS returns broken page - msg#00094

Previous Message by Date: click to view message preview

Re: different ssl certificates

Hi again, Robert, This is beyond the limits of what I myself have tested with IPTABLES, but I think the problem may be that the REDIRECT target changes _both_ the port _and_ the destination address, which it appears (from the rather ambiguous documentation) to change to 127.0.0.1. So try changing both your Jetty listeners to listen to 127.0.0.1 (but still the same two ports of 8443 and 8444), and leave the IPTABLES set-up as it is. I'll be interested to hear if this works. Chris "Robert Jaros" replied: > Dnia 03-08-27 20:39, Użytkownik Chris Haynes napisał: > > You need to give the Listeners separate ports. Assuming port 8444 is > > free... > > I did so but I don't realy understand what is wrong with having two > listeners on the same port but on _different_ IP addresses ? > > > > > Change the SECOND redirect to read: REDIRECT --to-port 8444 > > > > and the second listener to read: > > > > <New class="org.mortbay.http.SunJsseListener"> > > <Set name="Port">8444</Set> > > <Set name="Host">212.244.232.31</Set> > > ... > > It works ok when I call https://212.244.232.31:8444/ > But when I just call https://212.244.232.31/ It doesn't work. My > firewall shows packets going to port 8444 but to 212.244.232.30 address > (!). And my browser prints "Connecting 212.244.232.31" at the same time > ... What is wrong? > 1. iptables redirects packtes to 212.244.232.30:8444 even though they > are addressed for 212.244.232.31:443 ? (it would explain why the browser > shows the wrong certificate when both listeners are on 8443) > 2. Or maybe Jetty is doing something strange when answering the request > making IE contact the wrong IP address ? > I will be gratefull for any suggestions. > > Robert Jaros > ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy Ink Cartridges or Refill Kits for Your HP, Epson, Canon or Lexmark Printer at Myinks.com. Free s/h on orders $50 or more to the US & Canada. http://www.c1tracking.com/l.asp?cid=5511 http://us.click.yahoo.com/l.m7sD/LIdGAA/qnsNAA/CefplB/TM ---------------------------------------------------------------------~-> For the latest information about Jetty, please see http://jetty.mortbay.org Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Next Message by Date: click to view message preview

Re: SSL enabled in Jetty but HTTPS returns broken page

Werner, You don't tell us which Java version you are using. If it is a 1.4 series it should have all the security stuff already in it, so having jcert.jar and jssse.jar in the classpath might be causing problems. Other than that it looks OK. See if the port is working OK. First check your use of telnet by telnet localhost 80 GET / HTTP/1.0 <empty line> You should see the HTTP + HTML for whaever is your welcome page. Now try telnet localhost 8443 <several garbage characters> You should get different garbage back, then your telnet telling you that the connection to the host was lost. This indicates that SSL was there and probably working OK (you just didn't give it the correct response). If that is OK, turn on full Jetty logging (I don't know JBOSS. In Jetty I just include -DDEBUG in the command line) and see if you can see connections being made. If nothing is visible, turn on SSL debugging by including -Djavax.net.debug=ssl and see if the connections is being correctly negotiated. HTH Chris "Werner Liebenberg" asked: > Hi! > > I've been stuck with this for two days. PLEASE HELP! > > I'm using JBoss 3.0.4. with Jetty as the default web server. I have a WAR file called eperson.war, which I hot-deploy by dropping it into the folder C:\jboss-3.0.4\server\default\deploy. It deploys normally, and the Web application displays normally in my browser when I navigate to http://localhost:8080/eperson/ . > > I have also set up SSL in Jetty, by editing the following file: C:\jboss-3.0.4\server\default\deploy\jbossweb.sar\META-INF\jboss-servi ce.xml . I uncommented the SSL portion and specified the location of my keystore, as well as my passwords. Here is the XML: > > <Call name="addListener"> > <Arg> > <New class="org.mortbay.http.SunJsseListener"> > <Set name="Port">8443</Set> > <Set name="MinThreads">5</Set> > <Set name="MaxThreads">100</Set> > <Set name="MaxIdleTimeMs">30000</Set> > <Set name="LowResourcePersistTimeMs">2000</Set> > <Set name="Keystore"><SystemProperty name="jetty.home" default="C:/Documents and Settings/Werner"/>/epersontruststore/mykeystorefile.jks</Set> > <Set name="Password">mypassword</Set> > <Set name="KeyPassword">mypassword</Set> > </New> > </Arg> > </Call> > > I generated the keystore using the JDK keytool. As far as I know, the keystore file is fine. I've used it successfully for other encryption work as well. > > This is my System CLASSPATH value: > CLASSPATH=.;C:\jdk1.3.1_01\lib\tools.jar;C:\j2sdkee1.3\lib\j2ee.jar;C: \j2sdkee1.3\locale;C:\jsse1.0.3_01\lib\jcert.jar;C:\jsse1.0.3_01\lib\j net.jar;C:\jsse1.0.3_01\lib\jsse.jar > > When I start JBoss up, I get no exceptions whatsoever. JBoss starts up without a hitch. This is part of the output that scrolls: > > 13:30:13,250 INFO [jbossweb] Starting Jetty/4.1 > 13:30:13,281 INFO [jbossweb] Started org.mortbay.http.NCSARequestLog@6be68f > 13:30:13,296 INFO [jbossweb] Started SocketListener on 0.0.0.0:8080 > 13:30:13,312 INFO [jbossweb] jetty.ssl.keystore=C:/Documents and Settings/Werner/epersontruststore/IntegrationBusKeystore.jks > 13:30:13,328 INFO [jbossweb] jetty.ssl.password=******** > 13:30:13,328 INFO [jbossweb] jetty.ssl.keypassword=******** > 13:30:13,343 INFO [jbossweb] jetty.ssl.keystore.type=jks > 13:30:13,343 INFO [jbossweb] jetty.ssl.keystore.provider.name=[DEFAULT] > 13:30:22,171 INFO [jbossweb] SSLServerSocketFactory=com.sun.net.ssl.internal.ssl.SSLServerSocketFac toryImpl@27968 > 13:30:26,265 INFO [jbossweb] JsseListener.needClientAuth=false > 13:30:31,765 INFO [jbossweb] Started SocketListener on 0.0.0.0:8443 > 13:30:31,953 INFO [jbossweb] Started AJP13Listener on 0.0.0.0:8009 > 13:30:31,968 INFO [jbossweb] NOTICE: AJP13 is not a secure protocol. Please protect the port 0.0.0.0:8009 > 13:30:31,968 INFO [jbossweb] Started org.jboss.jetty.Jetty@68c26c > 13:30:31,984 INFO [JettyService] Started > > I assume, based on the above output, that SSL is correctly enabled in Jetty. While the Web application displays normally when I go to http://localhost:8080/eperson/, when I go to https://localhost:8843/eperson/ the browser immediately returns with a broken page, i.e. an error like this: > "The page cannot be displayed > > The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings." > When I point the browser to https://localhost:8080/eperson/ (in other words, using https, but on port 8080), the browser takes a few moments to respond and then again simply gives a broken page. > > Questions: > 1. Based on the information I've provided above, *is* SSL actually correctly set up in Jetty? > 2. Should I be able to see the web site when going to https://localhost:8843/eperson/ ? > 3. If so, why do I only get a broken page? > > Werner Liebenberg ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy Ink Cartridges or Refill Kits for Your HP, Epson, Canon or Lexmark Printer at Myinks.com. Free s/h on orders $50 or more to the US & Canada. http://www.c1tracking.com/l.asp?cid=5511 http://us.click.yahoo.com/l.m7sD/LIdGAA/qnsNAA/CefplB/TM ---------------------------------------------------------------------~-> For the latest information about Jetty, please see http://jetty.mortbay.org Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Previous Message by Thread: click to view message preview

Disable sessions for particular URLs

Is there a way to disable creating session and sending JSESSIONID cookie for some servlet or path? ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy Ink Cartridges or Refill Kits for Your HP, Epson, Canon or Lexmark Printer at Myinks.com. Free s/h on orders $50 or more to the US & Canada. http://www.c1tracking.com/l.asp?cid=5511 http://us.click.yahoo.com/l.m7sD/LIdGAA/qnsNAA/CefplB/TM ---------------------------------------------------------------------~-> For the latest information about Jetty, please see http://jetty.mortbay.org Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Next Message by Thread: click to view message preview

Re: SSL enabled in Jetty but HTTPS returns broken page

Werner, You don't tell us which Java version you are using. If it is a 1.4 series it should have all the security stuff already in it, so having jcert.jar and jssse.jar in the classpath might be causing problems. Other than that it looks OK. See if the port is working OK. First check your use of telnet by telnet localhost 80 GET / HTTP/1.0 <empty line> You should see the HTTP + HTML for whaever is your welcome page. Now try telnet localhost 8443 <several garbage characters> You should get different garbage back, then your telnet telling you that the connection to the host was lost. This indicates that SSL was there and probably working OK (you just didn't give it the correct response). If that is OK, turn on full Jetty logging (I don't know JBOSS. In Jetty I just include -DDEBUG in the command line) and see if you can see connections being made. If nothing is visible, turn on SSL debugging by including -Djavax.net.debug=ssl and see if the connections is being correctly negotiated. HTH Chris "Werner Liebenberg" asked: > Hi! > > I've been stuck with this for two days. PLEASE HELP! > > I'm using JBoss 3.0.4. with Jetty as the default web server. I have a WAR file called eperson.war, which I hot-deploy by dropping it into the folder C:\jboss-3.0.4\server\default\deploy. It deploys normally, and the Web application displays normally in my browser when I navigate to http://localhost:8080/eperson/ . > > I have also set up SSL in Jetty, by editing the following file: C:\jboss-3.0.4\server\default\deploy\jbossweb.sar\META-INF\jboss-servi ce.xml . I uncommented the SSL portion and specified the location of my keystore, as well as my passwords. Here is the XML: > > <Call name="addListener"> > <Arg> > <New class="org.mortbay.http.SunJsseListener"> > <Set name="Port">8443</Set> > <Set name="MinThreads">5</Set> > <Set name="MaxThreads">100</Set> > <Set name="MaxIdleTimeMs">30000</Set> > <Set name="LowResourcePersistTimeMs">2000</Set> > <Set name="Keystore"><SystemProperty name="jetty.home" default="C:/Documents and Settings/Werner"/>/epersontruststore/mykeystorefile.jks</Set> > <Set name="Password">mypassword</Set> > <Set name="KeyPassword">mypassword</Set> > </New> > </Arg> > </Call> > > I generated the keystore using the JDK keytool. As far as I know, the keystore file is fine. I've used it successfully for other encryption work as well. > > This is my System CLASSPATH value: > CLASSPATH=.;C:\jdk1.3.1_01\lib\tools.jar;C:\j2sdkee1.3\lib\j2ee.jar;C: \j2sdkee1.3\locale;C:\jsse1.0.3_01\lib\jcert.jar;C:\jsse1.0.3_01\lib\j net.jar;C:\jsse1.0.3_01\lib\jsse.jar > > When I start JBoss up, I get no exceptions whatsoever. JBoss starts up without a hitch. This is part of the output that scrolls: > > 13:30:13,250 INFO [jbossweb] Starting Jetty/4.1 > 13:30:13,281 INFO [jbossweb] Started org.mortbay.http.NCSARequestLog@6be68f > 13:30:13,296 INFO [jbossweb] Started SocketListener on 0.0.0.0:8080 > 13:30:13,312 INFO [jbossweb] jetty.ssl.keystore=C:/Documents and Settings/Werner/epersontruststore/IntegrationBusKeystore.jks > 13:30:13,328 INFO [jbossweb] jetty.ssl.password=******** > 13:30:13,328 INFO [jbossweb] jetty.ssl.keypassword=******** > 13:30:13,343 INFO [jbossweb] jetty.ssl.keystore.type=jks > 13:30:13,343 INFO [jbossweb] jetty.ssl.keystore.provider.name=[DEFAULT] > 13:30:22,171 INFO [jbossweb] SSLServerSocketFactory=com.sun.net.ssl.internal.ssl.SSLServerSocketFac toryImpl@27968 > 13:30:26,265 INFO [jbossweb] JsseListener.needClientAuth=false > 13:30:31,765 INFO [jbossweb] Started SocketListener on 0.0.0.0:8443 > 13:30:31,953 INFO [jbossweb] Started AJP13Listener on 0.0.0.0:8009 > 13:30:31,968 INFO [jbossweb] NOTICE: AJP13 is not a secure protocol. Please protect the port 0.0.0.0:8009 > 13:30:31,968 INFO [jbossweb] Started org.jboss.jetty.Jetty@68c26c > 13:30:31,984 INFO [JettyService] Started > > I assume, based on the above output, that SSL is correctly enabled in Jetty. While the Web application displays normally when I go to http://localhost:8080/eperson/, when I go to https://localhost:8843/eperson/ the browser immediately returns with a broken page, i.e. an error like this: > "The page cannot be displayed > > The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings." > When I point the browser to https://localhost:8080/eperson/ (in other words, using https, but on port 8080), the browser takes a few moments to respond and then again simply gives a broken page. > > Questions: > 1. Based on the information I've provided above, *is* SSL actually correctly set up in Jetty? > 2. Should I be able to see the web site when going to https://localhost:8843/eperson/ ? > 3. If so, why do I only get a broken page? > > Werner Liebenberg ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy Ink Cartridges or Refill Kits for Your HP, Epson, Canon or Lexmark Printer at Myinks.com. Free s/h on orders $50 or more to the US & Canada. http://www.c1tracking.com/l.asp?cid=5511 http://us.click.yahoo.com/l.m7sD/LIdGAA/qnsNAA/CefplB/TM ---------------------------------------------------------------------~-> For the latest information about Jetty, please see http://jetty.mortbay.org Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/