« previous next »
Pages: [1]

Author Topic: Apache Tomcat, SSL, java 7 shenanigans  (Read 619 times)

Fitz

  • Face-melter
  • friend
  • Senior Member
  • ***
  • Posts: 6,254
  • Floyd Rose is my homeboy
    • My Book
Apache Tomcat, SSL, java 7 shenanigans
« on: March 13, 2013, 02:21:44 PM »
APS brain trust, i have one for ya.

I have a few web applications that run off apache tomcat for windows. We're on version 6 right now.

Now, a few things... we're on a version of java that needs to be updated. Java 6 will no longer be maintained, so I need to upgrade to 7.

I took a snapshot of the server, stopped tomcat, and installed the latest version of java. I changed my configs and windows env variables to reflect the new path, and started tomcat again.

SSL handshake now failing from the client to the server.

I SUSPECT that I may need to recreate my keyfile/certificate again, but I'm not sure. Has anyone run across this issue before? Will i need to uppgrade apache tomcat to 7.0.whateverthehellthey'reon?

Thanks in advance
Report to moderator   Logged
Fitz

---------------
I have reached a conclusion regarding every member of this forum.
I no longer respect any of you. I hope the following offends you as much as this thread has offended me:
You are all awful people. I mean this *expletive deleted*ing seriously.

-MicroBalrog

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: Apache Tomcat, SSL, java 7 shenanigans
« Reply #1 on: March 13, 2013, 02:46:10 PM »
Apache or tomcat on windows hurts my brain.  Are you using Apache + mod_jk to handle SSL?

Updating java likely broke some part of Tomcat's key management. Probably overwrote some path or executable. First, check to make sure Java is pointing at the right keystore location, using keytool or conf/server.xml.  

Second, try importing the keys again?


« Last Edit: March 13, 2013, 02:53:39 PM by RevDisk »
Report to moderator   Logged
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

Fitz

  • Face-melter
  • friend
  • Senior Member
  • ***
  • Posts: 6,254
  • Floyd Rose is my homeboy
    • My Book
Re: Apache Tomcat, SSL, java 7 shenanigans
« Reply #2 on: March 13, 2013, 03:09:23 PM »
Quote from: RevDisk on March 13, 2013, 02:46:10 PM
Apache or tomcat on windows hurts my brain.  Are you using Apache + mod_jk to handle SSL?

Updating java likely broke some part of Tomcat's key management. Probably overwrote some path or executable. First, check to make sure Java is pointing at the right keystore location, using keytool or conf/server.xml.  

Second, try importing the keys again?




I don't think overwriting is likely.. apache and java are stored in completely seperate paths. The keystore is in a third, again, different path. The server.xml file shows the right keystore, but we get no connection.

On second thought, I think there's something to this "upgrade tomcat" idea... Im seeing scuttlebut on the internet about certain webapps breaking when java is updated, because java 7u17 requires tomcat 7 for those to work correctly.

In any case, that'll probably be my first step, since tomcat is on the list of things i need to update

As for apache on windows... RD< if you take this job, you're more than welcome to build us a super secure, light, linux box and put our web apps on it ;-)
Report to moderator   Logged
Fitz

---------------
I have reached a conclusion regarding every member of this forum.
I no longer respect any of you. I hope the following offends you as much as this thread has offended me:
You are all awful people. I mean this *expletive deleted*ing seriously.

-MicroBalrog

CNYCacher

  • friend
  • Senior Member
  • ***
  • Posts: 4,438
Re: Apache Tomcat, SSL, java 7 shenanigans
« Reply #3 on: March 13, 2013, 03:37:11 PM »
Got any error logs or anything you can share?
Report to moderator   Logged
On two occasions, I have been asked [by members of Parliament], "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question.
Charles Babbage

Fitz

  • Face-melter
  • friend
  • Senior Member
  • ***
  • Posts: 6,254
  • Floyd Rose is my homeboy
    • My Book
Re: Apache Tomcat, SSL, java 7 shenanigans
« Reply #4 on: March 13, 2013, 03:45:54 PM »
Meh. Not right now. Big no-no for me to take logs off the system. Sorry :-(

Tomorrow i'll see if they can be suitably redacted
Report to moderator   Logged
Fitz

---------------
I have reached a conclusion regarding every member of this forum.
I no longer respect any of you. I hope the following offends you as much as this thread has offended me:
You are all awful people. I mean this *expletive deleted*ing seriously.

-MicroBalrog

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: Apache Tomcat, SSL, java 7 shenanigans
« Reply #5 on: March 13, 2013, 04:16:17 PM »
Quote from: Fitz on March 13, 2013, 03:09:23 PM
I don't think overwriting is likely.. apache and java are stored in completely seperate paths. The keystore is in a third, again, different path. The server.xml file shows the right keystore, but we get no connection.

On second thought, I think there's something to this "upgrade tomcat" idea... Im seeing scuttlebut on the internet about certain webapps breaking when java is updated, because java 7u17 requires tomcat 7 for those to work correctly.

In any case, that'll probably be my first step, since tomcat is on the list of things i need to update

As for apache on windows... RD< if you take this job, you're more than welcome to build us a super secure, light, linux box and put our web apps on it ;-)

*scratches head*

CentOS install
yum install tomcat7-webapps tomcat7-docs-webapp tomcat7-admin-webapps openssl httpd wget
Open up 80, 443, 22 in iptables

Done. Pretty secure. You put the polish on by removing anything unnecessary. Unneeded services, depreciated ciphers, some tweaking for DoS resistance.

Gets slightly more convoluted if you start tossing on extra stuff like postfix, mysql, etc.

Report to moderator   Logged
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

Fitz

  • Face-melter
  • friend
  • Senior Member
  • ***
  • Posts: 6,254
  • Floyd Rose is my homeboy
    • My Book
Re: Apache Tomcat, SSL, java 7 shenanigans
« Reply #6 on: March 13, 2013, 05:02:55 PM »
Quote from: RevDisk on March 13, 2013, 04:16:17 PM
*scratches head*

CentOS install
yum install tomcat7-webapps tomcat7-docs-webapp tomcat7-admin-webapps openssl httpd wget
Open up 80, 443, 22 in iptables

Done. Pretty secure. You put the polish on by removing anything unnecessary. Unneeded services, depreciated ciphers, some tweaking for DoS resistance.

Gets slightly more convoluted if you start tossing on extra stuff like postfix, mysql, etc.



Our needs are simple. Single web app on 443 that receives data from a mobile device, and makes it into pretty xml. Another box on the network takes that XML and puts that into SQL.

Although, tango MDM does require windows... so if we want to have both on the same box (simplifies our IA/purchasing/etc requirements) we have to stay with windows
Report to moderator   Logged
Fitz

---------------
I have reached a conclusion regarding every member of this forum.
I no longer respect any of you. I hope the following offends you as much as this thread has offended me:
You are all awful people. I mean this *expletive deleted*ing seriously.

-MicroBalrog
Pages: [1]
« previous next »