tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Crypto Sal <crypto....@gmail.com>
Subject Re: SSL with multiple Tomcat instances
Date Wed, 26 Aug 2009 20:48:15 GMT
Don,
It's very strange that one works and the other does not especially since
they're from the same CA and presenting the same information. (Just
different common names) I can't connect to your external site [webadvisor]
via Firefox 3.5 or Chrome 4.0 due to the fact that your CA's OCSP responder
is down.[ Error Code: 403 Forbidden. The server denied the specified Uniform
Resource Locator (URL). Contact the server administrator. (12202) ].  I have
to disable OCSP in Firefox 3.5 to continue, but I do get a valid connection.

Has the error message changed at all since we've been working? Or are you
still getting a response that relates to "Unknown Issuer"?



On Wed, Aug 26, 2009 at 9:01 AM, Don Prezioso <dprez@ashland.edu> wrote:

> Sal,
>
> Thanks again.
>
> When I connect using port 8443 or 443, or using the FQDN or the IP address,
> I get the same response from the s_client request.
>
> The reason I am using port 8443 is so I don't have to have root running the
> tomcat instance. My understanding was that you had to be root to allocate
> ports under 1024. Just to have that extra little bit of security we have a
> user 'tomcat' that runs the tomcat instances. I didn't want to have to
> specify the port number in URLs, and we had some problems with people who
> weren't able to connect out through their company's firewall on port 8443,
> so we wanted to make it appear that they were connecting on port 443, but
> really be using 8443.
>
> So, when I connect in a browser, I use https://webui.ashland.edu
>
> Don
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message