tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anthony Nolan" <ano...@bigpicture.ie>
Subject Tomcat 3.2.1 Standalone with SSL , Genuine Signed Certificate
Date Wed, 26 Mar 2003 12:07:31 GMT
Hi,

I have been having a problem with getting tomcat 3.2.1 to work with SSL in
standalone. Previously we had used Apache for our SSL, but have had some
difficulties with this lately. Due to the fact that SSL was the only thing
we used Apache for, we decided to investigate running SSL on tomcat
standalone.

If I generate a self signed certificate using the keytool in jdk 1.3, I can
run ssl on tomcat standalone. The problem arises when I then generate a
certificate signing request and send it to our certificate provider. They
return a signed certificate which I then install, according to the
instructions given both in the tomcat docs and in the keytool docs. This
seems ok, but on closer examination of the SSL connection between tomcat and
the browser, I see that it is the original self signed certificate which is
being used to run the connection, the valid (and expensive!) real
certificate is having no influence on the process. I can remove the paid for
cert and ssl still works, I can then replace it and then remove the self
signed cert and ssl breaks.

>From browsing the tomcat docs and searching the archives of this list it
appears that many people have had this problem, but none of the solutions
offered have been satisfactory for me.

We may at this stage revert to letting Apache do the SSL, but we feel as
though we are very close to getting tomcat to work and this would provide us
with a neater solution.

Does anyone know of any standalone tomcat ssl installations that are using
commercially signed certificates rather than the self signed certificates
generated by the keytool?

By the way I have taken a look at the page
http://www.comu.de/docs/tomcat_ssl.jsp
which is cited several times in the documentation. It provides an
alternative to keytool for importing the keypair initially generated. This
also did not work for me, even though I followed the instructions exactly.

My operating system is windows 2000 pro, I have tried IE6 and Netscape 6 and
7 browsers. Tomcat version is 3.2.1, although I have tried 4.1.18, but not
to the same extent. We would be happy to upgrade to 4.1.18 if it will solve
our problem. With Netscape the errors are more useful, the certificate is
loaded from the server, I can examine it and all appears well, but then an
error code -12227 is displayed when I click the ok button. IE just gives a
page cannot be displayed error. The tomcat console displays the following 2
lines for each attempt to connect:

2003-03-26 11:35:02 - Ctx(  ): 400 R( /) null
2003-03-26 11:35:02 - Ctx(  ): IOException in: R( /) Socket closed

Any help on this would be greatly appreciated, not only by me as I think
there are plenty of other users out there experiencing similar difficulty.
Apologies for the long mail, but I wanted to get as much detail in as
possible.

Regards

Anthony Nolan



This E-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they   
are addressed. If you have received this E-mail in error please notify us immediately and
delete this E-mail from your system. Thank you.
It is possible for data transmitted by email to be deliberately or
accidentally corrupted or intercepted. For this reason, where the
communication is by E-mail, the Big Picture Group does not accept 
any responsibility for any breach of confidence which may arise through the use of this medium.
Opinions, conclusions and other information in this message that do not relate to the official
business of Big Picture Group shall be understood as neither given nor endorsed by it.
This footnote also confirms that this email message has been swept for the presence of known
computer viruses.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message