Tomcat SSL servlet

Discussion in 'Java' started by David G. Folch, May 7, 2004.

  1. > Hi folks!!
    >
    > I'm new to SSL and I've been working arround for 3 days to adapt my

    servlets
    > to HTTPS.
    >
    > I've correctly configured jakarta-tomcat 4.1.30 as shown in
    > http://jakarta.apache.org/tomcat-4.1-doc/ssl-howto.html on a WinXP box.
    >
    > My servlet "users" works fine with
    > http://localhost:8080/myapp/services/users
    >
    > But when I call it with https://localhost:8443/myapp/services/users on

    IE6.0
    > and Mozilla1.6 both show me info about certificate and I accept, then two
    > results occurs on each client:
    >
    > 1. Internet Explorer: show me the user form correctly, but no security
    > status icon is shown, if i click where it should be the icon, IE show me
    > info aboud the certificate and tells me is valid, every thing seems to be
    > correct. But no icon is shown.
    >
    > 2. Mozilla: tells me "You have requested an encripted page that contains
    > some unencrypted information. Information that you see or enter on this
    > page could easily be read by a third party." and the security status icon

    is
    > closed but scratched in red.
    >
    > When I change to a non SSL address both clients tell me I'm leaving a "ssl
    > connection".
    >
    > I've generated the certificate with keyTool from JDK1.4.1_04.
    >
    > Mi servlet does nothing at all about security, because I understand that
    > tomcat is container security based.
    >
    > And now I'm lost at this point. Did I forget something??? I hope nop!
    >
    > Please, anyone can help to solve what's going on??
    > Saludos
    > David G. Folch (Barcelona/Spain)
    >
    >
    David G. Folch, May 7, 2004
    #1
    1. Advertising

  2. David G. Folch

    Sudsy Guest

    David G. Folch wrote:
    <snip>
    >>But when I call it with https://localhost:8443/myapp/services/users on

    >
    > IE6.0
    >
    >>and Mozilla1.6 both show me info about certificate and I accept, then two
    >>results occurs on each client:
    >>
    >>1. Internet Explorer: show me the user form correctly, but no security
    >>status icon is shown, if i click where it should be the icon, IE show me
    >>info aboud the certificate and tells me is valid, every thing seems to be
    >>correct. But no icon is shown.
    >>
    >>2. Mozilla: tells me "You have requested an encripted page that contains
    >>some unencrypted information. Information that you see or enter on this
    >>page could easily be read by a third party." and the security status icon

    <snip>

    The key comes from the Mozilla message. You're obviously combining
    secure and insecure elements on the same page, i.e. you're accessing
    the page with https but something like an image is specifying a URL
    with http as the protocol.
    This "mixed" content is likely why the security icon isn't displayed
    in IE.
    Sudsy, May 7, 2004
    #2
    1. Advertising

  3. Thanx Sudsy!

    Your answer is right!!

    100000000000000000 Thanks.


    "Sudsy" <> escribió en el mensaje
    news:...
    > David G. Folch wrote:
    > <snip>
    > >>But when I call it with https://localhost:8443/myapp/services/users on

    > >
    > > IE6.0
    > >
    > >>and Mozilla1.6 both show me info about certificate and I accept, then

    two
    > >>results occurs on each client:
    > >>
    > >>1. Internet Explorer: show me the user form correctly, but no security
    > >>status icon is shown, if i click where it should be the icon, IE show me
    > >>info aboud the certificate and tells me is valid, every thing seems to

    be
    > >>correct. But no icon is shown.
    > >>
    > >>2. Mozilla: tells me "You have requested an encripted page that contains
    > >>some unencrypted information. Information that you see or enter on this
    > >>page could easily be read by a third party." and the security status

    icon
    > <snip>
    >
    > The key comes from the Mozilla message. You're obviously combining
    > secure and insecure elements on the same page, i.e. you're accessing
    > the page with https but something like an image is specifying a URL
    > with http as the protocol.
    > This "mixed" content is likely why the security icon isn't displayed
    > in IE.
    >
    David G. Folch, May 7, 2004
    #3
  4. On Fri, 7 May 2004 21:14:13 +0200, David G. Folch wrote:

    > Thanx Sudsy!
    >
    > Your answer is right!!
    >
    > 100000000000000000 Thanks.


    What's the going rate for a Thank?

    If it were 1000 to a cent, that would be,
    ...one thousand ..billion dollars.

    Should be good for a few beers. ;-)

    --
    Andrew Thompson
    http://www.PhySci.org/ Open-source software suite
    http://www.PhySci.org/codes/ Web & IT Help
    http://www.1point1C.org/ Science & Technology
    Andrew Thompson, May 7, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 620
    Replies:
    2
    Views:
    996
    Murat Tunaboylu
    Jan 6, 2004
  2. Sean Clarke
    Replies:
    1
    Views:
    1,891
    Sudsy
    Jan 7, 2004
  3. circuit_breaker
    Replies:
    2
    Views:
    1,993
    Jack Jia
    Apr 4, 2004
  4. Doug McCann
    Replies:
    1
    Views:
    1,001
    William Brogden
    Aug 5, 2004
  5. Replies:
    0
    Views:
    844
Loading...

Share This Page