Help coderanch get a
new server
by contributing to the fundraiser

Thomas Willingham

+ Follow
since Jun 24, 2010
Merit badge: grant badges
For More
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Thomas Willingham

I have the same project on both eclipse and netbeans, both use build.xml I provide, on eclipse and command line and netbeans compile everything works just fine,
however netbeans auto-complete doesn't work for j2eeclasses, works for all my other packages, and all j2ee references are in read. I have the j2ee jars in classpath but it still gives this error. This is an application library project and not a j2ee server deployed project.

I have determined that netbeans is purposely ignoring j2ee classes I include in classpath, how do I make it stop doing this ?
13 years ago
got it working with this

I am using hibernate, jpa 2.0, I can persist a OneToMany relationship ok but can't update it (by adding a new element), I have tried many methods and get 1 of two errors each time, "can't insert null into user_id" or "UserRoles is transient persist first". There seems to be no way to do this, are my annotations wrong. It seems it wants me to persist user roles first but if I try it tells me user_id can not be null, but I can't set user id only user object???

after going thru dozen of tutorials that don't work, this one

actually works in firefox (p12),

but the converted (p12 to pem) doesnt work in my php stream socket client,
Warning: stream_socket_client() []: SSL operation failed with code 1. OpenSSL Error messages: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown in C:\apache2\htdocs\rtest2.php on line 44

Warning: stream_socket_client() []: Failed to enable crypto in C:\apache2\htdocs\rtest2.php on line 44

Warning: stream_socket_client() []: unable to connect to ssl://localhost:443 (Unknown error) in C:\apache2\htdocs\rtest2.php on line 44

same error in openssl client test
C:\Documents and Settings\guest>openssl s_client -cert c:\apache2\htdocs\apache2client.pem -CAfile c:\ssl\ca\ca.pem -
connect localhost:443
Loading 'screen' into random state - done
depth=1 /C=US/ST=NY/L=NY/O=MyCA/OU=MyCA/CN=MyCA/
verify return:1
depth=0 /C=US/ST=NY/L=NY/O=MyCompany/OU=MyCompany/CN=First Last
verify return:1
4556:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:.\ssl\s3_pkt.c:1061:SSL alert number 46
4556:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib.c:188:
14 years ago
unfortunately I tried that many times, getting it to work without client authentication is easy but that doesnt provide any security, we need to use the
certificates we already have and have the client authenticate
14 years ago
you may also want to check the http header for the referer ip if the ip can not be detected or is being proxied by a proxy that doesn't remove it , by reading the http header
14 years ago
I am trying to get ssl working with tomcat
I have ssl pem file in tomcat home c:\tomcat6

tomcat config looks like (non-apr version - I got an error whenever I used any apr dll file at startup)

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS" SSLEngine="on" SSLPassword="mypassword"
keystoreFile="/tomcatkeystore" keystorePass="mypassword"

I have generated my keys multiple times from isntructions on the internet and dont think they are the issue,
I used getty to put the pem files into the keystore and believe them to be ok, the openssl commands are below:

to test I am using:
openssl s_client -cert h:\stuff2\client.pem -CAfile h:\stuff3\ca.pem -connect

here are the ssl commands:
# generate the certificate authority key (key)
openssl genrsa -out h:\stuff3\ca.key
# generate the certificate authority unsigned certificate (csr)
openssl req -new -key h:\stuff3\ca.key -out h:\stuff3\ca.csr
# create the signed certificate (crt)
openssl x509 -req -days 3650 -in h:\stuff3\ca.csr -signkey h:\stuff3\ca.key -out h:\stuff3\ca.crt
# generate the server key
openssl genrsa -out h:\stuff3\server.key
# generate the service unsigned certificate (csr)
openssl req -new -key h:\stuff3\server.key -out h:\stuff3\server.csr
# create the signed server certificate (crt) using the server unsigned certificate and ca signed certificate
openssl ca -in h:\stuff3\server.csr -cert h:\stuff3\ca.crt -keyfile h:\stuff3\ca.key -out h:\stuff3\server.crt
# generate a client key (key)
openssl genrsa -des3 -out h:\stuff3\client1.key 1024
# generate the client unsigned certificate (csr)
openssl req -new -key h:\stuff3\client1.key -out h:\stuff3\client1.csr
# sign the client key
openssl ca -in h:\stuff3\client1.csr -cert h:\stuff3\ca.crt -keyfile h:\stuff3\ca.key -out h:\stuff3\client1.crt
# convert the client certificate to pkcs12
openssl pkcs12 -export -clcerts -in h:\stuff3\client1.crt -inkey h:\stuff3\client1.key -out h:\stuff3\client1.p12
# convert the client certificate to pem
openssl pkcs12 -in client1.p12 -out client1.pem -nodes -passin pass:mypassword
# create a javakeystore out of the client
java -classpath h:\jetty-util-6.1.24.jar;h:\jetty-6.1.24.jar h:\stuff3\server.p12 h:\stuff3\tomcatkeystore
copy h:\stuff3\tomcatkeystore c:\tomcat6\
openssl pkcs12 -export -clcerts -in h:\stuff3\ca.crt -inkey h:\stuff3\ca.key -out h:\stuff3\ca.p12
openssl pkcs12 -in h:\stuff3\ca.p12 -out h:\stuff3\ca.pem -nodes -passin pass:mypassword
openssl pkcs12 -export -clcerts -in h:\stuff3\server.crt -inkey h:\stuff3\server.key -out h:\stuff3\server.p12
openssl pkcs12 -in h:\stuff3\server.p12 -out h:\stuff3\server.pem -nodes -passin pass:mypassw

to test I am using:
openssl s_client -cert h:\stuff3\client1.pem -CAfile h:\stuff3\ca.pem -connect

the error I get is below:

C:\Openssl-0.9.8l-Win32\bin>openssl s_client -cert h:\stuff3\client1.pem -CAfile h:\stuff3\ca.pem -connect
Loading 'screen' into random state - done
depth=1 /C=US/ST=New York/L=MyCompany/O=MyCompany/OU=MyCompany/CN=MyCompanyCA/
verify return:1
depth=0 /C=US/ST=New York/O=MyCompany/OU=MyCompany/
verify return:1
2988:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:.\ssl\s3_pkt.c:1061:SSL alert number 46
2988:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib.c:188:

any ideas, I have spent days figuring out the certs and getting everything setup, still no luck, I get the same sslv3 alert certificate unknown error in firefox after
importing the client certificate and ca there
14 years ago