tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thad Humphries <>
Subject Re: SSL not working
Date Fri, 28 Jan 2011 15:47:23 GMT
I've been fooling around *a lot* lately with SSL, so I thought I'd give this
a try.  I'm not very experienced, but I'll offer my two cents.

First of all, what version of Tomcat, Java, etc. are you running? Such a
statement is *de rigueur* for practically any question to this forum. My
system looks like

** Server: SuSE 11.3 ( #1 SMP PREEMPT 2010-12-13
11:13:53 +0100 i686 i686 i386 GNU/Linux)
** Tomcat 6.0.30
** Java:  JRE 1.5.0_22 (though my keystore was self-generated with JDK

That said, the connector you describe is working for me, even when I
intentionally misname my keyAlias.  However I have only one entry in my
keystore.  I'm guessing that it can screw up if you have more than one and
you give the wrong alias.

You're using a JSSE implementation, correct? Run

$ keytool -list -keystore $CATALINA_HOME/conf/keystore.jks -v

and see what you get.

(BTW, my self-generated openssl can be read with

$ keytool -printcert -file /srv/apache2/conf/server.crt -v

I say this only because I've also been fiddling, successfully, with the APR
and mod_jk connector.)

On Fri, Jan 28, 2011 at 8:06 AM, <> wrote:

> Hi,
> I did it now so many times - it always worked - configuring tomcat for SSL.
> Today: New server, new certificate.
> Create new keystore, imported root, intermediate and server certificate,
> configured the connector, same as usual.
> But... http does not work. No error in tomcats log, nothing. Browser says
> that it cannot load the page due to a connection problem, maybe security
> issue.
> How can I debug this ssl problem?
>  <Connector
>        SSLEnabled="true"
>        clientAuth="want"
>        maxThreads="150"
>        port="8443"
>        protocol="org.apache.coyote.http11.Http11NioProtocol"
>        scheme="https"
>        secure="true"
>        sslProtocol="TLS"
>        keystoreFile="conf/tomcat.jks"
>        keystoreType="JKS"
>        keyAlias="tomcat"
>        keystorePass="changeit"
>        />
> Thank you
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v, 121-24)

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message