tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Meyer <me...@mesw.de>
Subject Re: Strange problems with SSL support in Tomcat 6
Date Wed, 26 Aug 2009 23:48:13 GMT
Just for the record:

many thanks for Martin for helping me off-list. My problem was that I 
had not added the AprLifecycleListener to server.xml.

Lesson learned: do not copy over configuration files from Tomcat 5.5 to 
Tomcat 6 but start with the new ones from Tomcat 6 and insert the 
appropriate directives.


Markus


Markus Meyer schrieb:
> Hi,
> 
> I have a Debian machine where previously, Tomcat 5.5 was installed 
> (using the Tomcat 5.5 Debian package). "uname -a" returns:
> 
> Linux server02 2.6.26-2-amd64 #1 SMP Sun Jul 26 20:35:48 UTC 2009 x86_64 
> GNU/Linux
> 
> Now, for some reason I installed Tomcat 6 by using the binary 
> distribution of Tomcat 6.0.20 downloadable from the website (because 
> there's no Debian package for Tomcat 6 yet). I copied over the 
> configuration files: logging.properties, server.xml, tomcat-users.xml 
> and everything works fine except SSL.
> 
> The server listens on port 80 for HTTP requests and on port 443 for 
> HTTPS requests. With the exact same configuration and certificate file, 
> SSL works with Tomcat 5.5 but not with Tomcat 6. Everything else works 
> without any flaws.
> 
> When I try to access the server using "https://myserver.com/" in 
> firefox, the error code "ssl_error_rx_record_too_long" appears. However, 
> no errors are logged at all, although I set everything to ALL in the 
> logging.properties file.
> 
> I even converted the PKCS12 certificate I use to JKS format but although 
> keytool shows the certificate just fine, using the JKS keystore has the 
> same effect.
> 
> I use the following connector settings in /opt/tomcat6/conf/server.xml:
> 
>     <Connector
>       port="443"
> 
>       scheme="https"
>       secure="true"
>       clientAuth="false"
> 
>       sslProtocol="TLS"
> 
>       keystoreFile="/opt/tomcat6/conf/cert.p12"
>       keystorePass="*************"
>       keystoreType="pkcs12"
> 
>       maxHttpHeaderSize="8192"
>       maxThreads="150"
>       minSpareThreads="25"
>       maxSpareThreads="75"
>       enableLookups="false"
>       connectionTimeout="20000"
>       disableUploadTimeout="true"
>       acceptCount="100"
>       />
> 
> Tomcat is run as root (for now at least), so permission problems should 
> not occur. Of course /opt/tomcat6/conf/cert.p12 exists and is a valid 
> certificate.
> 
> I would be extremely grateful if someone has an idea on how I could 
> attempt to debug this strange problem.
> 
> Thanks in advance!
> 
> Best regards
> Markus
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message