From owner-freebsd-java Sat Mar 22 19: 8:34 2003 Delivered-To: freebsd-java@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DB6F37B401 for ; Sat, 22 Mar 2003 19:08:33 -0800 (PST) Received: from smtp.jcnet.ad.jp (smtp.jcnet.ad.jp [218.219.80.139]) by mx1.FreeBSD.org (Postfix) with SMTP id 1ACDE43FDD for ; Sat, 22 Mar 2003 19:08:32 -0800 (PST) (envelope-from westbay@seaple.icc.ne.jp) Received: (qmail 9180 invoked from network); 23 Mar 2003 12:08:30 +0900 Received: from unknown (HELO vcgw3.mta.jcnet.ad.jp) (10.1.0.99) by ml02vsv.sv.jcnet.ad.jp with SMTP; 23 Mar 2003 12:08:30 +0900 Received: from vcgw1.mta.jcnet.ad.jp (localhost [127.0.0.1]) by vcgw3.mta.jcnet.ad.jp (Postfix) with ESMTP id 5852436602 for ; Sun, 23 Mar 2003 12:08:30 +0900 (JST) Received: from seaple.icc.ne.jp (cr1-167-204.seaple.icc.ne.jp [219.117.167.204]) by vcgw1.mta.jcnet.ad.jp (Postfix) with ESMTP id C7E6A57005 for ; Sun, 23 Mar 2003 12:08:29 +0900 (JST) Date: Sun, 23 Mar 2003 12:08:30 +0900 Subject: Re: keytool and Tomcat https under 1.4.1 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v551) From: Westbay Family To: freebsd-java@FreeBSD.ORG Content-Transfer-Encoding: 7bit In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.551) Sender: owner-freebsd-java@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2003.3.23, at 06:43 AM, Tom Samplonius-san wrote: > Disable the port's silly startup script in /usr/local/etc/rc.d, and > use > Tomcat's own startup script startup.sh in the bin directory. See the > Tomcat install docs. I was using the startup scripts that came with both the jakarta-tomcat-4.1.21-LE-jdk14 and jakarta-tomcat4.1.[18|24]. The problem, as confirmed by Zelkin-san is with SSL in the JDK 1.4.1 current patch set. JDK 1.4.1 works fine when I leave the HTTPS connector off in conf/server.xml. SSL works fine with the HTTPS connector on using JDK 1.3.1. > In many cases, "ports" of Java applications is needless. The binary > is > cross-platform already. And wrapping the app in a undocumented > propietary startup script isn't helping anyone. Actually, I like the tomcat41ctl script as it allows me to run Tomcat with the unprivileged www account. It may not be the pinnacle of safety, but it's something. If you know of a better way run with the standard scripts as a user without a shell account, I'd like to know about it. Learning jail is on my list of things to do, but thanks to tomcat41ctl, it isn't that high at the moment. > Most people are going to > better off downloading the Tomcat binary from http://jakarta.apache.org > than using the FreeBSD port. Just untar it, and run startup.sh. Agreed. One can keep more up to date by downloading the most recent version. Just rename its directory to /usr/local/jakarta-tomcat4.1 without uninstalling a previous port install and one can still use tomcat41ctl to run it as the www user. I like the various alternatives that have been proposed that are configurable. --- Michael Westbay Work: Beacon-IT http://www.beacon-it.co.jp/ Home: http://www1.seaple.icc.ne.jp/westbay Commentary: http://www.japanesebaseball.com/forum/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message