To ensure you have a valid keystore with the included private key and a
refer to an alias 'tomcat' I recommend strongly to create a new keystore as
described in the reference (see links in other answer mails). At least you
can create a self-signed certificate if you don't need one signed by a
trusted CA.
To check if SSL is running you can test it from a Linux or Unix box with
installed OpenSSL with the following command:
echo -e "GET /jsp-examples/index.jsp HTTP/1.0\r\n\r\n"|openssl
s_client -connect localhost:8443 -ssl3 -debug -quiet
Replace URI-context and welcome file, replace hostname and port if
neccessary, change SSL mode to ssl2 or tsl as needed
Johann
----- Original Message -----
From: "Bob Grabbe" <bgrabbe@umich.edu>
To: "'Tomcat Users List'" <users@tomcat.apache.org>
Sent: Monday, November 26, 2007 10:48 PM
Subject: RE: SSL problem with Tomcat 5.5
> OK, I've attached a new file with the startup. Unfortunately I'm not
> seeing
> anything in any logs that indicate any https requests.
> Just in case, what's the command to generate a new empty keystore file ?
> I've seen the notes on the tomcat docs for creating the csr, but I didn't
> do
> that this time. I might try it though, if I can get godaddy to go through
> the process with me again,
>
> Thanks
>
> Bob Grabbe
> University of Michigan
> bgrabbe@umich.edu
> _________________________________________________________________________
> "Research is the process of going up alleys to see if they are blind." --
> Marston Bates
>
>> -----Original Message-----
>> From: Hassan Schroeder [mailto:hassan.schroeder@gmail.com]
>> Sent: Monday, November 26, 2007 4:09 PM
>> To: Tomcat Users List
>> Subject: Re: SSL problem with Tomcat 5.5
>> What would be best would be catalina.log at startup, showing
>> whether the SSL connector started cleanly.
>>
>> And of course, any log entry relating specifically to an HTTPS
>> request.
>>
>> > I didn't generate a new csr, I figured renewing the cert shouldn't
>> need
>> > that. Do I need to go through that or should I be able to just renew
>> it ?
>>
>> Dunno about GoDaddy, but when I "renew" a Thawte cert for one of
>> my sites, I have to generate a new cert request. So I just create a new
>> keystore file, named something like keystore-example.com-2007, and
>> use that for the new cert.
>>
>> HTH!
>> --
>> Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
--------------------------------------------------------------------------------
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|