Sorry I forgot to include what below command generates: openssl c_client -connect host:8443
Here it is: With c_client option fails as indicated: openssl:Error: 'c_client' is an invalid command. Standard commands asn1parse ca ciphers crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engine errstr gendh gendsa genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 prime rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac verify version x509 Message Digest commands (see the `dgst' command for more details) md2 md4 md5 rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 I had to run it as: openssl s_client -connect host:8443 And this is what generates: gethostbyname failure connect:errno=1 Regards. ----- Original Message ----- From: "Gabriel Huerta Araujo" <huert...@hildebrando.com> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Thursday, October 25, 2012 4:32:47 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) My web.xml's connector section originally was: <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxThreads="25" port="8443" keystoreFile="${user.home}/.keystore" keystorePass=<my_key_pass> protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" /> and I had to replace for this (because I wanted to know at least one message error, this way I could do something else): <Connector port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="${user.home}/.keystore" keystorePass<my_key_pass> clientAuth="false" sslProtocol="TLS"/> Below it is whar Tomcat reports: 25/10/2012 04:23:20 PM org.apache.catalina.core.AprLifecycleListener init INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program Files (x86)\Liquid Technologies\Liquid XML Studio 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. 25/10/2012 04:23:20 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-bio-8080"] 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-bio-8443"] 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init GRAVE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"] java.io.IOException: La configuración SSL no es válida debido a No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:822) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:470) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158) at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:633) at org.apache.catalina.startup.Catalina.load(Catalina.java:658) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450) Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:818) ... 20 more 25/10/2012 04:23:21 PM org.apache.catalina.core.StandardService initInternal GRAVE: No pude inicializar el conector [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:633) at org.apache.catalina.startup.Catalina.load(Catalina.java:658) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450) Caused by: org.apache.catalina.LifecycleException: Falló la inicialización del manejador de protocolo at org.apache.catalina.connector.Connector.initInternal(Connector.java:983) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... 12 more Caused by: java.io.IOException: La configuración SSL no es válida debido a No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:822) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:470) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158) at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981) ... 13 more Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:818) ... 20 more 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["ajp-bio-8009"] 25/10/2012 04:23:21 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 681 ms 25/10/2012 04:23:21 PM org.apache.catalina.core.StandardService startInternal INFO: Arrancando servicio Catalina 25/10/2012 04:23:21 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.32 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación web 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la aplicación web 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación web 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-bio-8080"] 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["ajp-bio-8009"] 25/10/2012 04:23:21 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 549 ms Additional information required: C:\Tomcat7.0\bin>catalina version Using CATALINA_BASE: "C:\Tomcat7.0" Using CATALINA_HOME: "C:\Tomcat7.0" Using CATALINA_TMPDIR: "C:\Tomcat7.0\temp" Using JRE_HOME: "C:\jdk1.6.35" Using CLASSPATH: "C:\Tomcat7.0\bin\bootstrap.jar;C:\Tomcat7.0\bin\tomcat-j uli.jar" Server version: Apache Tomcat/7.0.32 Server built: Oct 3 2012 08:51:20 Server number: 7.0.32.0 OS Name: Windows 7 OS Version: 6.1 Architecture: x86 JVM Version: 1.6.0_35-b10 JVM Vendor: Sun Microsystems Inc. Regards. ----- Original Message ----- From: "Christopher Schultz" <ch...@christopherschultz.net> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Thursday, October 25, 2012 2:49:50 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gabriel, On 10/25/12 2:08 PM, Gabriel Huerta Araujo wrote: > An spanish message like this: > > Internet Explorer can not display the web page. > > Puede diagnosticar lo siguiente: Diagnosticar problemas de > conexion > > When I click "Diagnosticar problemas de conexion", it says "El > equipo o dispositivo remoto no acepta la conexion" which translated > means "The computer or remote device does not accept the > connection" > > For more information, it mentions: > > "If this is an HTTPS address (secure), click Tools, Internet > Options, Advanced Options, and check the SSL and TLS protocols are > enabled in the security section" > > I checked it and these are my internet options for SSL and TLS, as > enabled: > > SSL 3.0 TLS 1.0 Do you have access to an OpenSSL client? If this were happening to me, the first thing I would do is this: $ openssl c_client -connect host:8443 This will give you a ton of information about the certificate, ciphers, etc. It's possible that you have configured your connector such that it cannot use SSL3 or TLS1 secure connections. In that case, MSIE would not be able to connect at all. Please post all versions of everything (patch level included, like Tomcat 7.0.32) like Tomcat and JVM, plus your <Connector> configuration (unless it hasn't changed). You can get a win32 binary for OpenSSL here: http://www.openssl.org/related/binaries.html - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCJl94ACgkQ9CaO5/Lv0PDWKwCaAjTfrFpY6qGMHNlqf8x1rGP8 yj0An0e9nzGeW5nnk9n1parTMhs1vwg8 =a6ba -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
