Thomas Willingham

Greenhorn
+ Follow
since Jun 24, 2010
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Thomas Willingham

I have the same project on both eclipse and netbeans, both use build.xml I provide, on eclipse and command line and netbeans compile everything works just fine,
however netbeans auto-complete doesn't work for j2eeclasses, works for all my other packages, and all j2ee references are in read. I have the j2ee jars in classpath but it still gives this error. This is an application library project and not a j2ee server deployed project.

I have determined that netbeans is purposely ignoring j2ee classes I include in classpath, how do I make it stop doing this ?
11 years ago
got it working with this

I am using hibernate, jpa 2.0, I can persist a OneToMany relationship ok but can't update it (by adding a new element), I have tried many methods and get 1 of two errors each time, "can't insert null into user_id" or "UserRoles is transient persist first". There seems to be no way to do this, are my annotations wrong. It seems it wants me to persist user roles first but if I try it tells me user_id can not be null, but I can't set user id only user object???




after going thru dozen of tutorials that don't work, this one

http://marc.info/?l=tomcat-user&m=106293430225790&w=2

actually works in firefox (p12),



but the converted (p12 to pem) doesnt work in my php stream socket client,
getting,
Warning: stream_socket_client() [function.stream-socket-client]: SSL operation failed with code 1. OpenSSL Error messages: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown in C:\apache2\htdocs\rtest2.php on line 44

Warning: stream_socket_client() [function.stream-socket-client]: Failed to enable crypto in C:\apache2\htdocs\rtest2.php on line 44

Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://localhost:443 (Unknown error) in C:\apache2\htdocs\rtest2.php on line 44



same error in openssl client test
C:\Documents and Settings\guest>openssl s_client -cert c:\apache2\htdocs\apache2client.pem -CAfile c:\ssl\ca\ca.pem -
connect localhost:443
Loading 'screen' into random state - done
CONNECTED(00000774)
depth=1 /C=US/ST=NY/L=NY/O=MyCA/OU=MyCA/CN=MyCA/emailAddress=me@me.com
verify return:1
depth=0 /C=US/ST=NY/L=NY/O=MyCompany/OU=MyCompany/CN=First Last
verify return:1
4556:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:.\ssl\s3_pkt.c:1061:SSL alert number 46
4556:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib.c:188:
11 years ago
unfortunately I tried that many times, getting it to work without client authentication is easy but that doesnt provide any security, we need to use the
certificates we already have and have the client authenticate
11 years ago
you may also want to check the http header for the referer ip if the ip can not be detected or is being proxied by a proxy that doesn't remove it , by reading the http header
11 years ago
JSF
I am trying to get ssl working with tomcat
I have ssl pem file in tomcat home c:\tomcat6

tomcat config looks like (non-apr version - I got an error whenever I used any apr dll file at startup)

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS" SSLEngine="on" SSLPassword="mypassword"
keystoreFile="/tomcatkeystore" keystorePass="mypassword"
/>

I have generated my keys multiple times from isntructions on the internet and dont think they are the issue,
I used getty to put the pem files into the keystore and believe them to be ok, the openssl commands are below:

to test I am using:
openssl s_client -cert h:\stuff2\client.pem -CAfile h:\stuff3\ca.pem -connect 1.2.3.4:443


here are the ssl commands:
# generate the certificate authority key (key)
openssl genrsa -out h:\stuff3\ca.key
# generate the certificate authority unsigned certificate (csr)
openssl req -new -key h:\stuff3\ca.key -out h:\stuff3\ca.csr
# create the signed certificate (crt)
openssl x509 -req -days 3650 -in h:\stuff3\ca.csr -signkey h:\stuff3\ca.key -out h:\stuff3\ca.crt
# generate the server key
openssl genrsa -out h:\stuff3\server.key
# generate the service unsigned certificate (csr)
openssl req -new -key h:\stuff3\server.key -out h:\stuff3\server.csr
# create the signed server certificate (crt) using the server unsigned certificate and ca signed certificate
openssl ca -in h:\stuff3\server.csr -cert h:\stuff3\ca.crt -keyfile h:\stuff3\ca.key -out h:\stuff3\server.crt
# generate a client key (key)
openssl genrsa -des3 -out h:\stuff3\client1.key 1024
# generate the client unsigned certificate (csr)
openssl req -new -key h:\stuff3\client1.key -out h:\stuff3\client1.csr
# sign the client key
openssl ca -in h:\stuff3\client1.csr -cert h:\stuff3\ca.crt -keyfile h:\stuff3\ca.key -out h:\stuff3\client1.crt
# convert the client certificate to pkcs12
openssl pkcs12 -export -clcerts -in h:\stuff3\client1.crt -inkey h:\stuff3\client1.key -out h:\stuff3\client1.p12
# convert the client certificate to pem
openssl pkcs12 -in client1.p12 -out client1.pem -nodes -passin pass:mypassword
# create a javakeystore out of the client
java -classpath h:\jetty-util-6.1.24.jar;h:\jetty-6.1.24.jar org.mortbay.jetty.security.PKCS12Import h:\stuff3\server.p12 h:\stuff3\tomcatkeystore
copy h:\stuff3\tomcatkeystore c:\tomcat6\
openssl pkcs12 -export -clcerts -in h:\stuff3\ca.crt -inkey h:\stuff3\ca.key -out h:\stuff3\ca.p12
openssl pkcs12 -in h:\stuff3\ca.p12 -out h:\stuff3\ca.pem -nodes -passin pass:mypassword
openssl pkcs12 -export -clcerts -in h:\stuff3\server.crt -inkey h:\stuff3\server.key -out h:\stuff3\server.p12
openssl pkcs12 -in h:\stuff3\server.p12 -out h:\stuff3\server.pem -nodes -passin pass:mypassw

to test I am using:
openssl s_client -cert h:\stuff3\client1.pem -CAfile h:\stuff3\ca.pem -connect myhost.com:443


the error I get is below:

C:\Openssl-0.9.8l-Win32\bin>openssl s_client -cert h:\stuff3\client1.pem -CAfile h:\stuff3\ca.pem -connect myhost.com:443
Loading 'screen' into random state - done
CONNECTED(00000774)
depth=1 /C=US/ST=New York/L=MyCompany/O=MyCompany/OU=MyCompany/CN=MyCompanyCA/emailAddress=someone@yahoo.com
verify return:1
depth=0 /C=US/ST=New York/O=MyCompany/OU=MyCompany/CN=myhost.com/emailAddress=someone@yahoo.com
verify return:1
2988:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:.\ssl\s3_pkt.c:1061:SSL alert number 46
2988:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib.c:188:


any ideas, I have spent days figuring out the certs and getting everything setup, still no luck, I get the same sslv3 alert certificate unknown error in firefox after
importing the client certificate and ca there
11 years ago