tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Eldenmalm <...@eldenmalm.com>
Subject Tomcat 5.5.20 SSL "no errors" not working
Date Tue, 13 Feb 2007 03:12:52 GMT
Hello,

I have configured tomcat  (5.5.20 on a windows server 2003)  to use SSL
on port 443 on a specific IP, using a java keystore file:

     <Connector address="88.208.211.112" port="443" maxHttpHeaderSize="8192"
                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                enableLookups="true" disableUploadTimeout="true"
                acceptCount="100" scheme="https" secure="true"
                clientAuth="false" sslProtocol="TLS"
                keystoreFile="conf/ssl/obsid.key" keystorePass="******"  />

Additionally I have verified that the redirect port settings are ok:

     <Connector address="88.208.211.112" port="80"
maxHttpHeaderSize="8192"
                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                enableLookups="true" redirectPort="443" acceptCount="100"
                connectionTimeout="10000" disableUploadTimeout="true" />

When starting tomcat i get no erros in any logs:

Feb 13, 2007 2:28:41 AM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-127.0.0.1-8009
Feb 13, 2007 2:28:41 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 875 ms
Feb 13, 2007 2:28:42 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Feb 13, 2007 2:28:42 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.20
Feb 13, 2007 2:28:42 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Feb 13, 2007 2:28:42 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Feb 13, 2007 2:28:43 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-88.208.211.111-80
Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-88.208.211.112-80
Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-88.208.211.112-443
Feb 13, 2007 2:28:43 AM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-127.0.0.1-8009
Feb 13, 2007 2:28:43 AM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
Feb 13, 2007 2:28:44 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2093 ms

as you can try your self..... https://www.obsid.net does not resond
properly...where as http://www.obsid.net does - the https responds
somewhat though....

In my search for a solution - I even tried setting the keystoreFile and
keystore PAss URL to an "absolute" url - and to a "wrong" url - neither
makes it work - nor create any error logs.

        keystoreFile="conf/junkinexistentfolder/ssl/obsid.key"
keystorePass="somethingwrong"  />

Never the less - if I remove the connector from server.xml - the log no
longer specifies that it started the connector .. it does not show this
anymore:
Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-88.208.211.112-443

I have checked the firewall - and if I remove the accept rule for 443  -
I get no response what so ever - so I presume that the firewall settings
are OK. ( I also tried connecting to localhost - which gives the same
"bad" connection that returns nothing...but seems open.... and my
external portscanners say that the port is open - my conclusion....it's
open.

I have tested the keystore files on my development machine - and it
works like a dream..... instantly.... ( I created the keystore file on
this development machine - and imported the certs, intermediary certs
and root certs on this development machine )

I have checked he windows event log - and it contains nothing related to
tomcat, nor any port conflicts or other things even remotely connected
to a web server or network connections...

Any insights into where to start looking for the problem would be much
appreciated.


// Jan





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message