tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From BJ Selman <bjsel...@travelhost.com>
Subject SSL error & certificate question
Date Tue, 18 Aug 2009 14:46:25 GMT
First of all, is there a specific extension required for SSL certificates on an Apache/Tomcat
server?  i.e. Does it have to be a "crt" or a "cert" or ?  Seems like I read that it needs
to be "PEM-encoded" - that's about all I could find.

Also, my error log is showing the below... Where should I start looking for the problem? 
(Trying to 'rewrite' a certain page to httpS - it never gets redirected... if I manually add
the "s", the browser tells me its trying to connect to SSL, but when I 'proceed' through the
security warning, the "s" disappears from the URL)

[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept
initialization
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_io.c(1817): OpenSSL: read 11/11 bytes from BIO#%p
[mem: %p] \xa0\x11\xd2o
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_io.c(1789): | 0000: 47 45 54 20 2f 66 61 76-69
63 6f                 GET /favico      |
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv2/v3
read client hello A
[Mon Aug 17 15:00:19 2009] [info] [client 1.2.3.4] SSL handshake failed: HTTP spoken on HTTPS
port; trying to send HTML error page
[Mon Aug 17 15:00:19 2009] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http
request speaking HTTP to HTTPS port!?
[Mon Aug 17 15:00:22 2009] [info] [client 1.2.3.4] Connection to child 57 established (server
www.domain.com:443)
[Mon Aug 17 15:00:22 2009] [info] Seeding PRNG with 144 bytes of entropy

 This is what my sslerror.log says:

[Mon Aug 17 13:39:45 2009] [info] Initial (No.1) HTTPS request received for child 61 (server
www.domain.com:443)
[Mon Aug 17 13:39:45 2009] [debug] ssl_engine_io.c(1828): OpenSSL: I/O error, 5 bytes expected
to read on BIO#%p [mem: %p]
[Mon Aug 17 13:39:45 2009] [info] [client 172.1.2.3] (70014)End of file found: SSL input filter
read failed.
[Mon Aug 17 13:39:45 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation
finished successfully
[Mon Aug 17 13:39:45 2009] [info] [client 172.1.2.3] Connection closed to child 61 with standard
shutdown (server www.domain.com:443)


Thanks

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message