.keystore, Tomcat, NetBeans and Java

Posted on November 26, 2010 by Ken

I give a course on Servlets and JSPs at Concordia University’s School of Extended Learning. One of the topics is SSL. I demonstrate how to create a .keystore file using Java’s keytool.exe. Then I edit Tomcat’s server.xml. Presto! All you have to do is use https rather than http and my lecture on SSL is about done. Not this time.

It worked flawlessly when I did the course last spring. This time around Tomcat delivered numerous stack traces during its start-up. The first error message stated that the certificate file could either not be found or was in the wrong format. The rest of the errors claimed that port 8443 was already in use. I had never seen this before and so I had to sheepishly tell my students that it was likely a configuration problem with my computer but it should work for them. Then it was off to the next topic on authentication.

Today I had some time to look into the problem. While my hardware/software configuration is unusual it had all worked just a few months ago. I use a 2008 2.4 Ghz Core 2 Duo MacBook with 4 GB of RAM running OS X 10.6.5. I am lusting after a MacBook Air but it tops out at 2.1 Ghz. As few of my students use a Mac and the school labs are all Windows, I run VMWare Fusion 3.1.1 running Windows 7. I like the Mac because it is excellent hardware. I hate the Mac because its GUI remains state of the art for 1995. But enough of my superfluous comments.

I use NetBeans 6.9.1 at Concordia although I use Eclipse 3.5 on the same computer at my day job as a teacher in Computer Science Technology at Dawson College. I find NetBeans a better integrated environment than Eclipse and so I find it a better teaching tool. At Concordia I can make the decision about what IDE to use on my own but at Dawson the department decided to go with the IDE more commonly found in industry. Superfluous comment alert: why can’t the Eclipse foundation get it’s sh!t together and make a Visual Editor that can compete with what NetBeans or Visual Studio has. Eclipse gives me the impression that they have written off desktop applications.

Now it’s off to Google to find the answer. Most queries using terms like Java, SSL, Tomcat and NetBeans lead to same documentation copied across a range of sites. When it comes to generating a .keystore file they all show:
keytool -genkey -alias tomcat -keyalg RSA
This does produce a .keystore file but Tomcat clearly does not like it. Then I noticed a Google reference to http://confluence.atlassian.com/display/CROWD/Configuring+Crowd+to+Work+with+SSL. It discusses how to set up SSL for their Dashboard software called Crowd. In it they simply reprint the Tomcat SSL instructions except for one new point. Here is what they wrote:

Apparently on JDK 1.6 you also need to specify the -sigalg MD5withRSA flag since -keyalg RSA will still result in SHA1 being used.

WTF! Not a word of this on the Tomcat documentation pages. Since I was doing my research on my desktop machine rather than the Mac I tested the new syntax:
keytool -genkey -alias tomcat -keyalg RSA -sigalg MD5withRSA

Started up Tomcat and entered https://localhost:8443 into IE9 and it worked flawlessly. But wait a minute, it always worked flawlessly on my desktop. I deleted the .keystore file and recreated it without the –sigalg MD5withRSA and Tomcat continued to work. I guess that’s why there was nothing about it on the Tomcat pages. So much for Atlassian having the solution. Interestingly I am looking into dashboard software so I’ll be back at this site to learn more about Crowd.

While doing my reading I came across references to Tomcat using APR, the Apache Portable Runtime dll file. I read that if APR is being used it wants an OpenSSL formatted certificate. But if it was not running it would need a JSSE formatted certificate which is what keygen produces. I examined the start-up log info on both my desktop and Macbook. I discovered that the APR was not running on my desktop but was running on the Macbook. The desktop log stated that Tomcat could not find the APR file tcnative-1.dll. But it was in Tomcat’s bin folder on both machines.

And then I finally had my epiphany. My desktop is running 64 bit Windows 7 and my Macbook is running 32 bit Windows 7. I downloaded the 64 bit version of Tomcat 6 to my desktop and it started with APR and rejected my .keystore file. Now both the desktop and the Macbook behaved the same way. I can surmise that the 32 bit version of tcnative-1.dll would not run on 64 bit Windows and so the .keystore file was accepted.
So after all this the solution was simple. First, all the Tomcat documentation is correct. All I had to do was rename tcnative-1.dll to something like tcnative-1.dll.disable and Tomcat would start without it. No more start-up errors and https worked in both 32 and 64 bit environments.

My last puzzle was why this happened at all. It did not happen in the past. The version of Tomcat was 6.0.26 and it was installed by NetBeans. I went to the Tomcat archives and started looking at previous versions. What I learned was that starting with 6.0.24 there was a Windows specific version. All the non-Windows specific zip versions do not include tcnative-1.dll. When I updated NetBeans to 6.9.1 I allowed it to install its included version of Tomcat. It used the Windows specific version for the first time with NetBeans 6.9.1.

Case closed.

Posted in Apache, Java, NetBeans, Servlets and JSP, Uncategorized | Tagged , , | Leave a comment

My First Week With The Amazon Kindle

Posted on January 3, 2010 by Ken

I received an Amazon Kindle for Xmas. It wasn’t a surprise as I put it on the Xmas list my family insisted I provide. My wife had me order it with her credit card to make sure it was exactly what I wanted. The order was placed at the beginning of December to ensure it would arrive on time. It took just four days to arrive here in Montreal from Amazon in the US.

Originally I had the Sony PRS-600 reader on my list. I made the list in mid-November and the Kindle was not available in Canada. But at the end of November Amazon announced it would ship to Canada. Even then I leaned towards the Sony. It was smaller but with the same size screen. It had a touch screen and expandable memory. It was compatible with Adobe’s ePub and other formats. But in the end it was price that made the difference. At the beginning of December a Sony PRS-600 at Best Buy was $399 CDN plus tax for a total of $450 CDN. With a hot Canadian dollar this worked out to $428 US.

The Kindle was $259 US plus $21 shipping and $31 import fees for a total of $311 US which was $327 CDN. The $100 difference was significant and since there was the possibility the Kindle might just become a desk decoration if I didn’t like it I could not justify the Sony pricing. Sony did reduce the list price to $359CDN and even down to $299CDN briefly before Xmas. But that was too late for me. So from the second week of December till Xmas morning I waited to open my Kindle.

Of course I did far too much research on the Kindle. I learned that it used a Linux 2.2 kernel. I found web sites that explained how to get a console prompt on it, use foreign language fonts, and change the screen saver images. I also learned that for all of these hacks to work I would need to ‘jailbreak’ the Kindle and risk ‘bricking’ it. What I did find that interested me was free book sites such as Google books, FreeKindleBooks.org, and the Baen Free Library.

Xmas morning finally came and as is the tradition at our house we each opened a single present in advance of the rest of the family arriving in the afternoon when all the presents would be opened. For my wife Santa brought her a Fuval Edge aquarium. My son received an MSI laptop and my daughter received an iPod compatible clock radio (there was more good stuff in the afternoon). I received the Kindle.

Since the Kindle can only be ordered online its packaging is quite plain since it does not need to attract attention on a retailer’s shelf. The box is completely sealed and you must pull a tab to rip off a strip of the box. Fed Ex and UPS boxes do this well, Amazon does not. The tab to grab is too small. I almost went for pliers to hold the tab. I also got the Amazon leather portfolio case for the Kindle and I had to use scissors to open that box because the tab of its box came off in my hands. But I did get the box opened.

The Kindle is beautiful piece of technology. Although the pictures on the web site are quite accurate, seeing it up close and then holding it in your own hands was a thrill. It is white and you expect to find an Apple logo somewhere on it. It already has an image on its screen telling you to plug it in. It comes with a USB cable and an AC plug. The cable can either plug into a computer or the AC plug much the same as an iPhone. It is usable while it is charging so I proceeded to set it up.

When a Kindle is ordered you must set up an account on Amazon. The Kindle is then registered to you when it arrives. If you check off on the order that it is a gift then it arrives unregistered. But it takes only moments to unregister it from one account and then register it with a new account. Mine was unregistered and so I registered it with my own Amazon account. I had to accept the dreaded One-Click purchase feature. Unlike Apple that encourages one-click but allows you to enter a password for every iTunes purchase, Amazon only supports one-click on the Kindle. Some web sites expressed concerns in the event that your Kindle was stolen. However, if you report your Kindle as stolen to Amazon they will cancel purchases made by the thief and remove the books from the Kindle.

The Kindle uses the cell phone network for purchases. Americans know who their carrier is. Foreign buyers using the International Edition such as myself do not officially know who the carrier is. We suspect that in Canada it is Rogers. I do not know what the official reason is for withholding the carrier’s name. I suspect it is because they are overcharging Amazon and which we end up paying for and Amazon does not want to deal with a grass roots rebellion aimed at a particular carrier.

There is no fee for using the Kindle wirelessly to shop for books. You do not need a computer to buy books; you can do everything from the Kindle. Amazon pays the network charges for your browsing. In the US the price of a book includes the network delivery of the book. In Canada and other international markets Amazon adds an additional fee. In Canada that amounts to $2 US a book. Although there is an Amazon.ca that prices its books in Canadian dollars, all Kindle books must be purchased from Amazon.com and so all prices are in US dollars.

Americans can browse a number of web sites such as Wikipedia, Google, CNN, and CNET. Canadians can only access Wikipedia. Having access to an on-line encyclopaedia is good but since we already pay a premium to buy books I would think carrier X could allow more access. You also get an email address for your Kindle such as ‘yournamehere@Kindle.com’. In the US you use this address to email books to your Kindle. There is no email service in Canada.

The book shopping experience is quite good. The response from the web site is excellent and all the features of buying on a PC are there on the Kindle such as reading preview chapters. Once you decide on a book it really does arrive in less than a minute as the Kindle web page promotes. For my first book I purchased Death Masks by Jim Butcher at a cost of $8.59 US which comes to $9.03 CDN. This is pretty much in line with the cost of a paperback book. An American Kindle user would have paid only $6.59 US. It almost makes me think of driving to the US border to buy books. Alas, I would still pay the Canadian price even if I was in the US.

The real test of the Kindle was to read with it. So on December 27 and still suffering from an annoying common cold, I stayed in bed all day and read Death Mask. I found the experience identical to reading a dead tree version. The Kindle’s screen is sharp and clear. The buttons for turning pages are large and convenient. I strongly recommend the leather portfolio cover as it gives you more options for holding the Kindle comfortably.

There are six font sizes you can choose from. I started reading at size 4 with size 1 the smallest and size 6 the largest. By the second hour of reading I was down to size 2. There was no eyestrain. I was worried that the technology would be distracting while I read but that was not the case. It took about six hours to read the 384 page novel. There are 108,216 words. So I was reading at about 300 words a minute which is my average for works of fiction.

Before I put an e-book reader on my Xmas list I read the opinions of people who already had one. The consistent message was that a reader was ideal for sequential reading such as you do when reading fiction. For reading technical documents and manuals these reader were judged inferior to their paper versions. The Kindle now displays PDF files perfectly. However you cannot change the size of the text as you can for a native Kindle text. Coloured text in the PDF is too faint to read. Going to landscape mode helps and so in a pinch using a technical PDF on the Kindle is possible. There is a 9” Kindle but it is not available internationally and it costs more than $500.

I decided on a Kindle for reading fiction. I have only had it for a week so I cannot tell if the Kindle will be a constant companion. I am quite satisfied with it and I have no reservations in recommending it to anyone interested in trying the e-book reader waters. I also recommend an open source program called Calibre for managing the Kindle when it is connected to a PC or MAC.

Posted in EBook Reader, Kindle, Kindle Review | Leave a comment