tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanaullah <sanaulla...@gmail.com>
Subject Re: FIPS compliancy on Tomcat 7.00.062
Date Wed, 05 Aug 2015 09:54:49 GMT
Hi Nikhita,

run the sslscan tool from the command line or openssl s_client in debug mode
https://github.com/rbsec/sslscan

Regards,
Sanaullah

On Wed, Aug 5, 2015 at 2:23 PM, Nikitha Benny <nikki.benny@gmail.com> wrote:

> Hi Mark,
>
> My server is not on a public domain.
> How can i verify the setup which is on a private network?
>
> Regards,
> Nikitha
>
> On Wed, Aug 5, 2015 at 2:14 PM, Mark Thomas <markt@apache.org> wrote:
>
> > On 05/08/2015 07:32, Nikitha Benny wrote:
> > > Hi Mark,
> > >
> > > When I try to run Tomcat on the https server port:
> > >
> > > *https://<ip address>:8444/*
> > >
> > > It says as below:
> > > ----------
> > >
> > > *SSL connection error*
> > >
> > > *ERR_SSL_PROTOCOL_ERROR*
> > >
> > > *Unable to make a secure connection to the server. This may be a
> problem
> > > with the server, or it may be requiring a client authentication
> > certificate
> > > that you don't have*
> > > *------------*
> >
> > That is the client side. What about server side logs?
> >
> > > We have set the client authentication to False, so it does not need any
> > > client authorized certificate.
> >
> > I recommend you run https://www.ssllabs.com/ssltest/ against your
> > server. That will tell you if you have a server side issue, a client
> > side issue or simply a mismatch between the two.
> >
> > Mark
> >
> > >
> > > Regards,
> > > Nikitha
> > >
> > > On Wed, Aug 5, 2015 at 10:07 AM, Nikitha Benny <nikki.benny@gmail.com>
> > > wrote:
> > >
> > >>> But still Tomcat does not run on the https port.
> > >>
> > >> As in, when we run Tomcat on the https server port it does not display
> > the
> > >> page.
> > >> Where as it goes through fine on the http port. The url opens.
> > >>
> > >>
> > >>
> > >> On Tue, Aug 4, 2015 at 6:18 PM, Mark Thomas <markt@apache.org> wrote:
> > >>
> > >>> On 04/08/2015 13:19, Nikitha Benny wrote:
> > >>>> Hello Mark,
> > >>>>
> > >>>> Thanks for your valuable suggestion.
> > >>>>
> > >>>> We were successful in creating the pkcs12 keystore which picks
up
> > >>> SHA256 as
> > >>>> shown below:
> > >>>
> > >>> <snip/>
> > >>>
> > >>>> But still Tomcat does not run on the https port.
> > >>>
> > >>> Define "does not run".
> > >>>
> > >>>> Any clue as to why this happens?
> > >>>
> > >>> Based on the information provided so far, no.
> > >>>
> > >>>> The protocol I am using is*
> > "org.apache.coyote.http11.Http11Protocol".*
> > >>>
> > >>> OK. That is the HTTP BIO connector.
> > >>>
> > >>>> Could it be because I am not using an APR connector protocol?
> > >>>
> > >>> No.
> > >>>
> > >>> Mark
> > >>>
> > >>>
> > >>> ---------------------------------------------------------------------
> > >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > >>> For additional commands, e-mail: users-help@tomcat.apache.org
> > >>>
> > >>>
> > >>
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message