tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikitha Benny <nikki.be...@gmail.com>
Subject Re: FIPS compliancy on Tomcat 7.00.062
Date Wed, 05 Aug 2015 09:23:57 GMT
Hi Mark,

My server is not on a public domain.
How can i verify the setup which is on a private network?

Regards,
Nikitha

On Wed, Aug 5, 2015 at 2:14 PM, Mark Thomas <markt@apache.org> wrote:

> On 05/08/2015 07:32, Nikitha Benny wrote:
> > Hi Mark,
> >
> > When I try to run Tomcat on the https server port:
> >
> > *https://<ip address>:8444/*
> >
> > It says as below:
> > ----------
> >
> > *SSL connection error*
> >
> > *ERR_SSL_PROTOCOL_ERROR*
> >
> > *Unable to make a secure connection to the server. This may be a problem
> > with the server, or it may be requiring a client authentication
> certificate
> > that you don't have*
> > *------------*
>
> That is the client side. What about server side logs?
>
> > We have set the client authentication to False, so it does not need any
> > client authorized certificate.
>
> I recommend you run https://www.ssllabs.com/ssltest/ against your
> server. That will tell you if you have a server side issue, a client
> side issue or simply a mismatch between the two.
>
> Mark
>
> >
> > Regards,
> > Nikitha
> >
> > On Wed, Aug 5, 2015 at 10:07 AM, Nikitha Benny <nikki.benny@gmail.com>
> > wrote:
> >
> >>> But still Tomcat does not run on the https port.
> >>
> >> As in, when we run Tomcat on the https server port it does not display
> the
> >> page.
> >> Where as it goes through fine on the http port. The url opens.
> >>
> >>
> >>
> >> On Tue, Aug 4, 2015 at 6:18 PM, Mark Thomas <markt@apache.org> wrote:
> >>
> >>> On 04/08/2015 13:19, Nikitha Benny wrote:
> >>>> Hello Mark,
> >>>>
> >>>> Thanks for your valuable suggestion.
> >>>>
> >>>> We were successful in creating the pkcs12 keystore which picks up
> >>> SHA256 as
> >>>> shown below:
> >>>
> >>> <snip/>
> >>>
> >>>> But still Tomcat does not run on the https port.
> >>>
> >>> Define "does not run".
> >>>
> >>>> Any clue as to why this happens?
> >>>
> >>> Based on the information provided so far, no.
> >>>
> >>>> The protocol I am using is*
> "org.apache.coyote.http11.Http11Protocol".*
> >>>
> >>> OK. That is the HTTP BIO connector.
> >>>
> >>>> Could it be because I am not using an APR connector protocol?
> >>>
> >>> No.
> >>>
> >>> Mark
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>>
> >>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message