tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: New to SSL - debugging tomcat
Date Thu, 22 Dec 2016 15:38:24 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Peter,

On 12/22/16 2:43 AM, Peter Wallis wrote:
> Hi Christopher, so it seems I have done something exceptional :-)
> Thanks for taking a look...
> 
> <Connector port="443" 
> protocol="org.apache.coyote.http11.Http11NioProtocol" 
> maxThreads="150" SSLEnabled="true" scheme="https" secure="true" 
> keystoreFile="/home/peter/.keystore" alias="tomcat" 
> keystorePass="changeit" clientAuth="false" sslProtocol="TLS" />

This looks fine except for one thing: you are using port 443 on a *NIX
system which requires you to either run as root (bad) or make other
arrangements. Have you made such arrangements?

> Keystore type: JKS Keystore provider: SUN
> 
> Your keystore contains 2 entries
> 
> Alias name: gandi Creation date: 21-Dec-2016 Entry type:
> trustedCertEntry

Okay, that's your CA.

> Alias name: tomcat Creation date: 21-Dec-2016 Entry type:
> trustedCertEntry

Okay, that's presumably your server's cert.

> Owner: CN=alexa.proseco.co.uk, OU=Gandi Standard SSL, OU=Domain
> Control Validated

If that's your site name (alexa.proseco.co.uk) this looks good.

What happens if you do this from the outside (e.g. not on the pi itself)
:

$ openssl s_client -connect alexa.proseco.co.uk:443

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYW/NwAAoJEBzwKT+lPKRYbf0P/3LawCFJivA7997fbYvFCw5h
A9p1aWXNYMzRiaGcltoYk+fZVtTQ0Ve5mBtSDV8nN+mulEt2mPD6nxbvhjw1H24z
pononiduIpv30QduqlXQeczUtdptjNMzsDP+zg1HdnEF45xSmQl/egn3/QCBqMIH
hYNmxgxJpipDlruv5sNhM/0BRF2jvmG3mqByX/ayguCP7eC16nXMzYriVMauUj+L
QVZHlitdeLu8ZcHMxKz0B60gho64Hivlf/HlEiEINtyq5jYgN16dLNRzuMlZ34cd
UAdOtT28eA4hIfK4KQZrpO/iSNn4gaKV7wBH8FswvgqJdLBT/ucKuzWOmfMY0cBx
vLtBK6y1XFasfkGOkWoS8I2ViomygUgWDTIsFSmikaMgqJg2joxatLx50rT6oXyo
KM4y074J8CSwxP+/UiwugRGCfiDfRHDZErEWXTpQmcsHrrSwJWlqCk6l/gUscB/X
XM3XLKFK+8JUXnsYHYe9lylrrfHKUm8SgNVkQsBF7b7RHtKh1kWJjD2/xMFb3C0P
FuZnNdFc22MEaDnisp5ofqDAYNTDvJLkVn+2ererNmeWdrRq8Cf7/X4QrLeTlMh/
7GcRGq0C9/2ZRc+1pyFhjfef6MwZ1wceqiquBZYokdyoPHdQ82VAyPg1ffVRfskl
1TsRsxA+hHeIkgCE161B
=yhHl
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message