Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 32970 invoked from network); 28 Jan 2011 17:35:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 28 Jan 2011 17:35:17 -0000 Received: (qmail 3452 invoked by uid 500); 28 Jan 2011 17:35:13 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 2861 invoked by uid 500); 28 Jan 2011 17:35:10 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 2622 invoked by uid 99); 28 Jan 2011 17:35:09 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Jan 2011 17:35:09 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of spring@gmx.eu designates 213.165.64.23 as permitted sender) Received: from [213.165.64.23] (HELO mailout-de.gmx.net) (213.165.64.23) by apache.org (qpsmtpd/0.29) with SMTP; Fri, 28 Jan 2011 17:35:01 +0000 Received: (qmail invoked by alias); 28 Jan 2011 17:34:40 -0000 Received: from e178094068.adsl.alicedsl.de (EHLO msrvcn04) [85.178.94.68] by mail.gmx.net (mp039) with SMTP; 28 Jan 2011 18:34:40 +0100 X-Authenticated: #2635966 X-Provags-ID: V01U2FsdGVkX199f54Bzx99l9FHylHR0I1bGQTaT6CWL/T11R80HW /IKOiYUfXaAkum From: To: "'Tomcat Users List'" References: Subject: RE: SSL not working Date: Fri, 28 Jan 2011 18:34:41 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: Acu/ArsYKjYBIJowQiqNej8EJJfIhAADg9aQ In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4721 X-Y-GMX-Trusted: 0 X-Virus-Checked: Checked by ClamAV on apache.org Hi, it is TC 7.0.5, Java 1.6_22. When I use a selfsigned certificate everything is fine - same server config, just the other certificate. So it must be something wrong with the certificate. But I have no clue what. How can I debug the SSL-Handshake process? The cert not working has: #7: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #8: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL client SSL server ] So it should be the right type of cert. Thank you > -----Original Message----- > From: Thad Humphries [mailto:thad.humphries@gmail.com] > Sent: Freitag, 28. Januar 2011 16:47 > To: Tomcat Users List > Subject: Re: SSL not working > > I've been fooling around *a lot* lately with SSL, so I > thought I'd give this > a try. I'm not very experienced, but I'll offer my two cents. > > First of all, what version of Tomcat, Java, etc. are you > running? Such a > statement is *de rigueur* for practically any question to > this forum. My > system looks like > > ** Server: SuSE 11.3 (2.6.34.7-0.7-desktop #1 SMP PREEMPT 2010-12-13 > 11:13:53 +0100 i686 i686 i386 GNU/Linux) > ** Tomcat 6.0.30 > ** Java: JRE 1.5.0_22 (though my keystore was self-generated with JDK > 1.6.0_23) > > That said, the connector you describe is working for me, even when I > intentionally misname my keyAlias. However I have only one > entry in my > keystore. I'm guessing that it can screw up if you have more > than one and > you give the wrong alias. > > You're using a JSSE implementation, correct? Run > > $ keytool -list -keystore $CATALINA_HOME/conf/keystore.jks -v > > and see what you get. > > > (BTW, my self-generated openssl can be read with > > $ keytool -printcert -file /srv/apache2/conf/server.crt -v > > I say this only because I've also been fiddling, > successfully, with the APR > and mod_jk connector.) > > On Fri, Jan 28, 2011 at 8:06 AM, wrote: > > > Hi, > > > > I did it now so many times - it always worked - configuring > tomcat for SSL. > > > > Today: New server, new certificate. > > > > Create new keystore, imported root, intermediate and server > certificate, > > configured the connector, same as usual. > > > > But... http does not work. No error in tomcats log, > nothing. Browser says > > that it cannot load the page due to a connection problem, > maybe security > > issue. > > > > How can I debug this ssl problem? > > > > > SSLEnabled="true" > > clientAuth="want" > > maxThreads="150" > > port="8443" > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > scheme="https" > > secure="true" > > sslProtocol="TLS" > > keystoreFile="conf/tomcat.jks" > > keystoreType="JKS" > > keyAlias="tomcat" > > keystorePass="changeit" > > /> > > > > Thank you > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > > For additional commands, e-mail: users-help@tomcat.apache.org > > > > > > > -- > "Hell hath no limits, nor is circumscrib'd In one self-place; > but where we > are is hell, And where hell is, there must we ever be" --Christopher > Marlowe, *Doctor Faustus* (v, 121-24) > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org