tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Tanner <rtan...@linfield.edu>
Subject Re: Can't get tomcat-5.5.9 to talk SSL
Date Tue, 14 Jun 2005 04:10:13 GMT
Caldarale, Charles R wrote:

>>From: Rob Tanner [mailto:rtanner@linfield.edu] 
>>Subject: Can't get tomcat-5.5.9 to talk SSL
>>
>>I try to access port 8443 (https://www:8443) and Firefox pops up a 
>>dialogue box with the message "Firefox and www cannot communicate
>>securely because they have no common encryption algorithms".
>>    
>>
>
>Do you have the following in the connector?
>	sslProtocol="TLS"
>Although this is supposed to be the default, there's a bug in 5.5.9 that
>doesn't establish the default properly, so you have to specify the
>protocol explicitly.  I believe the fix is already in CVS and will be
>part of the 5.5.10 release.
>
>If you did specify the sslProtocol explicitly, then I don't know what to
>tell you, since following the SSL instructions worked for me on several
>different platforms.
>
> - Chuck
>
>
>THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>MATERIAL and is thus for use only by the intended recipient. If you
>received this in error, please contact the sender and delete the e-mail
>and its attachments from all computers.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>  
>
Unfortunately, I do have it in there. This is the exact connector entry 
in server.xml (sans password, of course):

<Connector port="8443" maxHttpHeaderSize="8192"
keystoreFile="/usr/java/security/cacerts"
keystorePass="******"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

Is there something required somewhere else in server.xml or in a 
different file? The other thing I wonder about because it's not clear to 
me: the certs file, /usr/java/security/cacerts, contains both the Thawte 
root certificate (already included in the jvm) and the certificate 
signed by Thawte. Is that correct or should they be two separate files 
and how are they declared?

Thanks.

-- 
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR


Mime
View raw message