tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Friebel" <andr...@reynolds.com.au>
Subject RE: SSL not working on Tomcat
Date Tue, 14 Nov 2006 06:04:46 GMT
Michael,
	I may have missed something, but did you install your
certificate reply into your keystore?  I can't see any account of that
been done.  I also agree that you need to install the CA root
certificate in your keystore as well.  You need to have the full trust
chain in your keystore.

Another thought is to configure your server.xml slightly differently.
You may want to try the following to get you going:

<Connector port="8443" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS">

	<Factory
className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="c:\files\tomcat"
keystorePass="THEPASS" />

</Connector>

Hope that helps.

Regards,
Andrew

-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net] 
Sent: Thursday, 9 November 2006 9:02 AM
To: Tomcat Users List
Subject: Re: SSL not working on Tomcat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael,

Michael Casale wrote:
> I've installed Firefox 2.0 and I get the error:
> 
> "Firefox can't connect securely to upm.knoa.com because the site uses
a
> security protocol which isn't enabled"
> 
> So... I changed sslProtocol="TLS" to sslProtocol="SSL" and restarted
the
> service. I get the same error.

Wow. Sounds like something is seriously screwed up. Have you tried a
different client machine? Perhaps one of your SSL libraries is hosed.

Have you tried re-installing Tomcat? Perhaps one of TC's SSL libraries
is hosed.

If all else fails, I would run something like memtest86 on your server
to see if the memory is okay. It's tough to do all this crypto stuff and
not have an exception when the littlest thing goes wrong, so something
is definitely amiss. It's not like Sun invented a new SSL protocol and
didn't tell anyone about it ;)

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFUlPC9CaO5/Lv0PARAiljAJ9auqO2pfKdS9+zimV5hFhJR2zn2wCfZkY5
KP4Xe5Do8g1iS9+EYc0LqvA=
=QizN
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message