AW: TOMCAT CERTIFICATE RENEWAL
Hello Ganesan, > -Ursprüngliche Nachricht- > Von: Ganesan, Prabu > Gesendet: Montag, 19. Februar 2024 08:41 > An: Tomcat Users List > Betreff: RE: TOMCAT CERTIFICATE RENEWAL > > Hi Tomas > > Thanks for your information - its jks file do we have any specific command to > pass them for renew the certificate? You have several options: 1) use a tool like https://keystore-explorer.org/ 2) fiddle around with the command line tool "keytool" 3) Change to pem files and modify the server.xml accordingly. See https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html for more information > > Thanks & Regards, > _ > PrabuGanesan > Consultant|MS-Nordics > capgemini India Pvt. Ltd. | Bangalore > Contact: +91 8526554535 > Email: prabhu.c.gane...@capgemini.com > > www.capgemini.com > People matter, results count. > __ > Connect with Capgemini: > > > Please consider the environment and do not print this email unless absolutely > necessary. > Capgemini encourages environmental awareness. > > -Original Message- > From: Thomas Hoffmann (Speed4Trade GmbH) > > Sent: Monday, February 19, 2024 12:49 PM > To: Tomcat Users List > Subject: AW: TOMCAT CERTIFICATE RENEWAL > > **This mail has been sent from an external source. Do not reply to it, or > open any links/attachments unless you are sure of the sender's > identity.** > > Hello Ganesan, > > > Von: Ganesan, Prabu > > Gesendet: Montag, 19. Februar 2024 08:07 > > An: Tomcat Users List > > Betreff: TOMCAT CERTIFICATE RENEWAL > > Priorität: Hoch > > > > Hi Guys, > > How to renew the certificate in Tomcat Can anyone provide with steps as we > have Our tomcat certificate is about to expire in Next week, Anybody can help > with renew steps: > > Tomcat version : 8.5.5.0 > > Thanks & Regards, > > _ > > PrabuGanesan > > Consultant|MS-Nordics > > capgemini India Pvt. Ltd. | Bangalore > > Contact: +91 8526554535 > > Take a look at the server.xml and inspect the https connector. > There should be a reference to the key file and certificate-file. > Depending on the used format (pem, jks etc) you need to update these files. > > Greetings, > Thomas > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > This message contains information that may be privileged or confidential and > is the property of the Capgemini Group. It is intended only for the person to > whom it is addressed. If you are not the intended recipient, you are not > authorized to read, print, retain, copy, disseminate, distribute, or use this > message or any part thereof. If you receive this message in error, please > notify > the sender immediately and delete all copies of this message. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Manager 403's with LDAP Realm
On 17/02/2024 21:42, Dan McLaughlin wrote: We've had the same LDAP realm configured for probably 10 years, and the same roles in our LDAP for probably the same. We have 4 roles configured in LDAP manager-gui, manager-jmx, manager-script, and manager-status. My user only has the manager-gui role. Everything has worked fine up until about the time we moved to Tomcat 10.1. Now, I can log in just fine, but if I try to click stop, start, reload, or undeploy, I always get a 403. I don't see any errors in the logs telling me why. Does anyone have pointers on debugging this? My user only has the manager-gui role; the only users with the JMX or script roles are the users I use for Nagios monitoring of JMX parameters. FYI... I can't reproduce it using Tomcat 10.1 running in docker using the same LDAP realm configuration, so that tells me it has nothing to do with the roles not being correct...and they should be correct since they haven't changed since I set things up probably 10 years ago. The only change has been the upgrade of Tomcat. Could CSRF somehow be involved? It might be about when CSRF was introduced that I started having issues. I haven't tried removing the filter yet, only because it really doesn't seem related based on my understanding of how the filter works. If someone knows the specific packages, I might want to bump up the logging on; that would probably be most helpful at this point. Try: org.apache.catalina.filters.CsrfPreventionFilter.level=ALL Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The custom 404 page of Tomcat8 suddenly becomes invalid
On 19/02/2024 01:35, LeventLee wrote: Hello, Here is my information: openjdk version "1.8.0_345" | OpenJDK Runtime Environment (build 1.8.0_345-b01) | OpenJDK 64-Bit Server VM (build 25.345-b01, mixed mode) Linux 5.10.134-12.al8.x86_64 Apache Tomcat/8.0.24 That version is over 8 years old. The 8.0.x has been unsupported for more than 5 years (since 30 Jun 2018). Note that 8.5.x will reach EOL on 31 March 2024. You *really* need to upgrade. Upgrading to 9.0.x will be easiest as it still uses the Java EE APIs. You may want to consider an upgrade to 10.1.x but that will be more work is there is a package change related to the Java EE to Jakarta EE change. Now, please let me explain the problems encountered: Previously, I set up a custom 404 page in tomcat's WEB INF/web.xml, so that once the client accesses a non-existent page, it will return to this 404 page. However, not long ago, after Tomcat restarted, it was unable to return the custom 404 page and only returned the browser's 404 page. I have checked the localhost logs of Tomcat and found a large number of errors:org.apache.catalina.core.ApplicationContext.log ssi: Can't serve file:/WEB-INF/index/my404page Is that the full error message? Why is SSI involved? Is the rest of the application working correctly? Mark But the custom 404 page does exist,and the path is right. I want to figure out what this error means. If possible, maybe can try this problem. Thanks in advance for your suggestions! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[ANN] Apache Tomcat 9.0.86 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.86. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.86 is a bugfix and feature release. The notable changes compared to 9.0.85 include: - Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns. - Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ. - Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. Along with lots of other bug fixes and improvements. Please refer to the change log for the complete list of changes: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Downloads: https://tomcat.apache.org/download-90.cgi Migration guides from Apache Tomcat 7.x and 8.x: https://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Persistent Manager Implementation Question
hey one question regarding this topic I'm facing an issue where my old app
is doing a creation of multiple sessions but just one is the correct one or
at least is who contains the data and works fine. the others sessions that
are created contains random data that im not sure yet what information
contains. I saw that some dependencies as javamelody create or trigger the
creation of sessions.
these are the blobs that were encrypted :
¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹ xp Â*jƒsq
~ Â*¼£sr java.lang.Integer â ¤÷ ‡8 I valuexq ~ sr java.lang.BooleanÍ
r€Õœúî Z valuexp sq ~ sq ~ Â*¼¥t E822F1886161BDE64BBAF294330834E0ppsq
~ t
testAttributet testValue
¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹ xp  –âsq
~  –ãsr java.lang.Integer â ¤÷ ‡8 I valuexq ~ sr java.lang.BooleanÍ
r€Õœúî Z valuexp sq ~ sq ~  ™nt 07CED191BB6F3412FF9CF706F8A6CCD3ppsq
~ t org.apache.struts.action.LOCALEsr java.util.Locale~ø `œ0ùì I
hashcodeL countryt Ljava/lang/String;L
extensionsq ~ L languageq ~ L scriptq ~ L variantq ~ xpt USt t enq ~ q
~ x
The first one is the new application where i was setting a testAttribute a
"testvalue"
but the other one is what im trying to figure out which process is doing
that.
I already turn on the logger with
org.apache.catalina.session.level = ALL
java.util.logging.ConsoleHandler.level=ALL
I can see how the sessions are being moved to stored but is there any way
to print what is saving? or to undo the encript i have a method where im
hitting the bd and getting the data
@GetMapping("/checkB")
public Map checkB() {
logger.log(Level.INFO, "Msg");
Map response = new HashMap<>();
try {
String sql = "SELECT session_data FROM tomcat_sessions WHERE
session_id='130B672C9914E98D4C11FAC8ECA621F8'"; // add your condition
here
String serializedData = jdbcTemplate.queryForObject(sql, String.class);
Object deserializedObject = deserializeData(serializedData);
// Handle the deserialized object as needed
response.put("status", "success");
response.put("message", "Session data deserialized successfully.");
} catch (Exception e) {
e.printStackTrace();
response.put("status", "error");
response.put("message", "Failed to deserialize session data.");
}
return response;
}
private Object deserializeData(String serializedData) throws Exception {
// Decode Base64 encoded serialized data
byte[] serializedBytes = Base64.getDecoder().decode(serializedData);
// Deserialize the data using ObjectInputStream
ByteArrayInputStream bis = new ByteArrayInputStream(serializedBytes);
ObjectInputStream ois = new ObjectInputStream(bis);
Object deserializedObject = ois.readObject();
// Close the input streams
ois.close();
bis.close();
return deserializedObject;
}
but it fails on the function of the decode() . Is there any way to do that?
Any help is appreciate it Thanks!
El lun, 12 feb 2024 a las 9:52, Miguel Vidal ()
escribió:
> Yes both are pointing the same configuration because i was doing some
> testing how it works all of this about session, i wasnt able to get it to
> work in a new application just using spring boot , but i just did it on
> friday. what i was missing it was use the session and not only a getter or
> endpoint without any use of the session.
> it seems to get it to work that you need to use the session, the
> configuration is already working
> maxInactiveInterval="3600" debug="0" saveOnRestart="true"
> maxActiveSessions="-1" minIdleSwap="1" maxIdleSwap="2" maxIdleBackup="1" >
> dataSourceName="jdbc/tomcat"
>driverName="com.mysql.jdbc.Driver"
>sessionAppCol="app_name"
>sessionDataCol="session_data"
>sessionIdCol="session_id"
>sessionLastAccessedCol="last_access"
>sessionMaxInactiveCol="max_inactive"
>sessionTable="tomcat_sessions"
>sessionValidCol="valid_session"
> />
>
>
> name="jdbc/tomcat"
> auth="Container"
> type="javax.sql.DataSource"
> factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
> validationQuery="select 1"
> testOnBorrow="true"
> removeAbandoned="true"
> logAbandoned="true"
> jdbcInterceptors=
> "org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"
> testWhileIdle="true"
> username="root"
> password="admin"
> driverClassName="com.mysql.jdbc.Driver"
> url="jdbc:mysql://localhost:3306/tomcat?autoReconnect=true"/>
>
> jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
> org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
> org.apache.tomcat.
