#1
  1. No Profile Picture
    Mentat of IX
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Location
    Bucuresti / Toronto
    Posts
    112
    Rep Power
    12

    problems with setting up a SSL port on tomcat


    I am trying to open up a SSL port on tomcat . I have gone through some JSSE documentation and the tomcat documentation and I found out that i need to use the "keytool" ... tool to generate a key

    Tomcat and it's java apps are run on top of a FreeBSD 4.8 server and the linux-jdk1.4 . I have also installed the freebsd one , however i don't have that one setup as JAVA_HOME for tomcat .

    Well my problem is that when i do :


    keytool -genkey -alias tomcat -keyalg RSA


    using the linux path for keytool i'm thrown this error :


    Exception in thread "main" java.lang.InternalError: URLSeedGenerator file:/dev/random reached end of file

    By using the keytool in the freebsd jdk , i don't get any errors , however Tomcat is configured to work with the linux version and crashes when i try to restart it ...

    I am using the linux jdk on freebsd because suposedly the freeBSD based jdk is of alpha quality and the linux one is recomended


    Does anyone have any clue on how to work arround this thing ?


    thanks
    FreeBSD , dooing more with less since 10 years ago
  2. #2
  3. No Profile Picture
    Mentat of IX
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Location
    Bucuresti / Toronto
    Posts
    112
    Rep Power
    12
    well i've managed to create a certificate key with the freeBSD keytool and then i signed it with the linux keytool ( it worked ) .

    I was happy at first but then it seems that i can't get tomcat working with ssl . Here is what i have added in my server.xml :
    Code:
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                   port="8443" minProcessors="5" maxProcessors="75"
                   enableLookups="false"
    	       acceptCount="100" debug="0" scheme="https" secure="true"
                   useURIValidationHack="false" disableUploadTimeout="true">
          <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
                   clientAuth="false" protocol="TLS" keystoreFile="/root/.keystore" />
        </Connector>
    I have tried that default keystore location and a different custom location . both locations have the right keystore and password ( i checked ) .

    However when i restart tomcat it simply dies with no error message

    does anybody have any ideeas on what can I do with this ? ?
  4. #3
  5. Modding: Oracle MsSQL Firebird
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2001
    Location
    Outside US
    Posts
    8,527
    Rep Power
    539
  6. #4
  7. No Profile Picture
    Mentat of IX
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Location
    Bucuresti / Toronto
    Posts
    112
    Rep Power
    12
    nope thanks , i'm a noob , nothing is obvious yet ... that's the entire problem ...

    anywais i did now and they are empty
  8. #5
  9. No Profile Picture
    Mentat of IX
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Location
    Bucuresti / Toronto
    Posts
    112
    Rep Power
    12
    heh finally i found a relevant error . in catalina.out :
    Exception during startup processing
    java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
    Caused by: java.lang.InternalError: URLSeedGenerator file:/dev/random reached end of file
    at sun.security.provider.SeedGenerator$URLSeedGenerator.getSeedByte(SeedGenerator.java:476)
    and it goes on down here ...

    well my initial problem was that i could not generate a key with the linux JDK because of that /dev/random file , it seems that tomcat does not want to start now because of that file .

    Can anybody here sugest a workarround ?
  10. #6
  11. No Profile Picture
    Mentat of IX
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Location
    Bucuresti / Toronto
    Posts
    112
    Rep Power
    12
    found a cheap workarround for the development/testing enviroement

    I removed the /dev/random file and linked /dev/urandom to it . Works like a charm however I don't think this is a real solution since from my understading SSL needs random numbers to generate random keys , and i'm not using a random file
  12. #7
  13. Modding: Oracle MsSQL Firebird
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2001
    Location
    Outside US
    Posts
    8,527
    Rep Power
    539
    I think that the problem arises from the use of the linux jdk on freebsd, can't you avoid this (maybe with IBM's jdk or other)?
  14. #8
  15. No Profile Picture
    Mentat of IX
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Location
    Bucuresti / Toronto
    Posts
    112
    Rep Power
    12
    this is the recomended solution for running a stable JDK on FreeBSD . I'll look into it some more , eventually even test this on FreeBSD 5.0 , who knows , maybe in the meantime they might make the Native FreeBSD JDK stable too

IMN logo majestic logo threadwatch logo seochat tools logo