tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Schadler Johann" <aon.913111...@aon.at>
Subject Re: SSL problem with Tomcat 5.5
Date Tue, 27 Nov 2007 00:29:33 GMT
To ensure you have a valid keystore with the included private key and a 
refer to an alias 'tomcat' I recommend strongly to create a new keystore as 
described in the reference (see links in other answer mails). At least you 
can create a self-signed certificate if you don't need one signed by a 
trusted CA.

To check if SSL is running you can test it from a Linux or Unix box with 
installed OpenSSL with the following command:

echo -e "GET /jsp-examples/index.jsp HTTP/1.0\r\n\r\n"|openssl 
s_client -connect localhost:8443 -ssl3 -debug -quiet

Replace URI-context and welcome file, replace hostname and port if 
neccessary, change SSL mode to ssl2 or tsl as needed

Johann


----- Original Message ----- 
From: "Bob Grabbe" <bgrabbe@umich.edu>
To: "'Tomcat Users List'" <users@tomcat.apache.org>
Sent: Monday, November 26, 2007 10:48 PM
Subject: RE: SSL problem with Tomcat 5.5


> OK, I've attached a new file with the startup. Unfortunately I'm not 
> seeing
> anything in any logs that indicate any https requests.
> Just in case, what's the command to generate a new empty keystore file ?
> I've seen the notes on the tomcat docs for creating the csr, but I didn't 
> do
> that this time. I might try it though, if I can get godaddy to go through
> the process with me again,
>
> Thanks
>
> Bob Grabbe
> University of Michigan
> bgrabbe@umich.edu
> _________________________________________________________________________
> "Research is the process of going up alleys to see if they are blind." --
> Marston Bates
>
>> -----Original Message-----
>> From: Hassan Schroeder [mailto:hassan.schroeder@gmail.com]
>> Sent: Monday, November 26, 2007 4:09 PM
>> To: Tomcat Users List
>> Subject: Re: SSL problem with Tomcat 5.5
>> What would be best would be catalina.log at startup, showing
>> whether the SSL connector started cleanly.
>>
>> And of course, any log entry relating specifically to an HTTPS
>> request.
>>
>> > I didn't generate a new csr, I figured renewing the cert shouldn't
>> need
>> > that. Do I need to go through that or should I be able to just renew
>> it ?
>>
>> Dunno about GoDaddy, but when I "renew" a Thawte cert for one of
>> my sites, I have to generate a new cert request. So I just create a new
>> keystore file, named something like keystore-example.com-2007, and
>> use that for the new cert.
>>
>> HTH!
>> --
>> Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>


--------------------------------------------------------------------------------


> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message