tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Johnson <st...@parisgroup.net>
Subject Help troubleshooting SSL certificate problem
Date Sat, 07 Aug 2010 21:20:47 GMT
  Greetings,

We're developing an application on top of Tomcat.  Our incoming 
connections are always HTTPS.  We've been using the self signed cert 
that came with tcServer for testing, but now I'm trying to get our setup 
working with an officially signed certificate we just got from GoDaddy.

I've followed the GoDaddy instructions for adding a total of 4 certs 
(root + 2 intermediates + ours) to a fresh keystore file.  I used the 
same keystorePass and keyAlias values as already specified for the 
default keystore file.  I then replaced the working keystore file (with 
self signed cert) with this new keystore file and restarted Tomcat.

Once I do this, my HTTPS port stops working.  Firefox says this:

    The connection to alpha.filethis.com was interrupted while the page 
was loading.

I'm stuck at this point.  I can find no supporting information for this 
failure in Tomcat's logs.  The logs are unchanged after attempting to 
access our app via HTTPS.  I tried upping the log levels in 
logging.properties, but even after getting huge log files to be spit 
out, nothing is added to the logs in response to these erring HTTPS 
requests.

My guess is that this problem has to do with my setup not matching the 
domain name in the certificate, even though I'm coming in via that 
domain on the URL.  All the docs I've seen so far online, however, don't 
mention having to do anything special in this regard.

I'm running tcServer, which it appears is Tomcat 6.0.26.  My server.xml 
file is included at the bottom of this post.

Can anyone tell me what might be going wrong, or how to enable some sort 
of diagnostics that might tell me something about why this isn't working?

Any help would be greatly appreciated.

Take care

Steve

server.xml
==========

<?xml version='1.0' encoding='utf-8'?>
<Server port="${shutdown.port}" shutdown="SHUTDOWN">

<Listener className="org.apache.catalina.core.JasperListener" />
<Listener 
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener 
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

<Listener 
className="com.springsource.tcserver.serviceability.rmi.JmxSocketListener"
             port="${jmx.port}"
             bind="127.0.0.1"
             useSSL="false"
             passwordFile="${catalina.base}/conf/jmxremote.password"
             accessFile="${catalina.base}/conf/jmxremote.access"
             authenticate="true"/>

<Listener 
className="com.springsource.tcserver.serviceability.deploy.TcContainerDeployer" 
/>

<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
               type="org.apache.catalina.UserDatabase"
               description="User database that can be updated and saved"
               factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
               pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>

<Service name="Catalina">

<Executor name="tomcatThreadPool" namePrefix="tomcat-http--" 
maxThreads="300" minSpareThreads="50"/>

<Connector executor="tomcatThreadPool"
                port="${http.port}"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                connectionTimeout="20000"
                redirectPort="${https.port}"
                acceptCount="100"
                maxKeepAliveRequests="15"/>

<Connector executor="tomcatThreadPool"
                port="${https.port}"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                connectionTimeout="20000"
                redirectPort="${https.port}"
                acceptCount="100"
                maxKeepAliveRequests="15"
                keystoreFile="${catalina.base}/conf/tcserver.keystore"
                keystorePass="changeme"
                keyAlias="tcserver"
                SSLEnabled="true"
                scheme="https"
                sslProtocol="TLS"
                clientAuth="false"
                secure="true"/>

<Engine name="Catalina" defaultHost="localhost">

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
              resourceName="UserDatabase"/>

<Host name="localhost"  appBase="webapps"
             unpackWARs="true" autoDeploy="true" deployOnStartup="true" 
deployXML="true"
             xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
</Server>










---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message