Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: pass (athena.apache.org: domain of bjselman@travelhost.com
 designates 66.195.108.124 as permitted sender)
From: BJ Selman <bjselman@travelhost.com>
To: "users@tomcat.apache.org" <users@tomcat.apache.org>
Date: Tue, 18 Aug 2009 09:46:25 -0500
Subject: SSL error & certificate question
Thread-Topic: SSL error & certificate question
Thread-Index: AcogEqlliZh4VcD5SL+JC2T16Y3ObQ==
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative;
	boundary="_000_0A19173DC914E04F93486F50BE5609B06F5A2419CEthdal90ex01tr_"
MIME-Version: 1.0
Message-Id: <20090818144656.38F0C7248BF@athena.apache.org>

--_000_0A19173DC914E04F93486F50BE5609B06F5A2419CEthdal90ex01tr_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

First of all, is there a specific extension required for SSL certificates o=
n an Apache/Tomcat server?  i.e. Does it have to be a "crt" or a "cert" or =
?  Seems like I read that it needs to be "PEM-encoded" - that's about all I=
 could find.

Also, my error log is showing the below... Where should I start looking for=
 the problem?  (Trying to 'rewrite' a certain page to httpS - it never gets=
 redirected... if I manually add the "s", the browser tells me its trying t=
o connect to SSL, but when I 'proceed' through the security warning, the "s=
" disappears from the URL)

[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_kernel.c(1752): OpenSSL: Hand=
shake: start
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop=
: before/accept initialization
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_io.c(1817): OpenSSL: read 11/=
11 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_io.c(1750): +----------------=
---------------------------------------------------------+
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_io.c(1789): | 0000: 47 45 54 =
20 2f 66 61 76-69 63 6f                 GET /favico      |
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_io.c(1795): +----------------=
---------------------------------------------------------+
[Mon Aug 17 15:00:19 2009] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit=
: error in SSLv2/v3 read client hello A
[Mon Aug 17 15:00:19 2009] [info] [client 1.2.3.4] SSL handshake failed: HT=
TP spoken on HTTPS port; trying to send HTML error page
[Mon Aug 17 15:00:19 2009] [info] SSL Library Error: 336027804 error:140760=
9C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS =
port!?
[Mon Aug 17 15:00:22 2009] [info] [client 1.2.3.4] Connection to child 57 e=
stablished (server www.domain.com:443)
[Mon Aug 17 15:00:22 2009] [info] Seeding PRNG with 144 bytes of entropy

 This is what my sslerror.log says:

[Mon Aug 17 13:39:45 2009] [info] Initial (No.1) HTTPS request received for=
 child 61 (server www.domain.com:443)
[Mon Aug 17 13:39:45 2009] [debug] ssl_engine_io.c(1828): OpenSSL: I/O erro=
r, 5 bytes expected to read on BIO#%p [mem: %p]
[Mon Aug 17 13:39:45 2009] [info] [client 172.1.2.3] (70014)End of file fou=
nd: SSL input filter read failed.
[Mon Aug 17 13:39:45 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL: Writ=
e: SSL negotiation finished successfully
[Mon Aug 17 13:39:45 2009] [info] [client 172.1.2.3] Connection closed to c=
hild 61 with standard shutdown (server www.domain.com:443)


Thanks

--_000_0A19173DC914E04F93486F50BE5609B06F5A2419CEthdal90ex01tr_--