Dear all: The issue was solved, it was compounded by several factors, once full path to the certificates was used.
The SSL Certificate was created using the wrong FQDN, which meant that the hostname to IP address resolution done by the browser was failing. The telnet command was done using the wrong FQDN, while openssl using localhost. On top of that, since the FQDN to IP was not working, Devendra had created a host alias in the local host file, which further complicated troubleshooting. After removing all aliasing from the local host file, and doing an nslookup from another machine in the network using the short host name, I manage to obtain the FQDN and the IP address. Then when connecting from another machine with either, we had the certificate warning (as the SSL certificate CN does not match the real FQDN). This was also further complicated by the server.xml APR parameter SSLVerifyClient, which was set as optional and thus I was getting a pop-up window to chose a certificate upon connection from a browser. So after we changed the SSLVerifyClient to none and once we re-issue the SSL certificate with the correct FQDN, we should be fine. The certificate is still being generated, but I am sure this will definitively fix the issue. Thanks for your support. Bottom line, the error message was correct all the way along, we were simply configuring the SSL certificates parameters on the server.xml with a relative path and we should have used an absolute path. On Thu, Jul 14, 2016 at 8:22 PM, Ognjen Blagojevic < ognjen.d.blagoje...@gmail.com> wrote: > Devendra, > > On 14.7.2016 10:38, Devendra Sengar wrote: > >> But the tomcat server is started without any error but won't able to open >> the home page of tomcat giving the error like: >> This site can’t be reached >> The webpage at *https://<hostname>:8443/* might be temporarily down or it >> may have moved permanently to a new web address. >> >> If i telnet the server then its not able to connect but if i use openssl >> s_client -connect it shows the certificate information. >> Any suggestion? >> > > Symptoms you are describing are very strange. It is unlikely that > telnetting to HTTPS port (which basicaly just opens TCP connection) won't > work, while connecting with openssl (which opens TCP connection AND starts > HTTPS handshake) does work. > > Could you test one more time, and send us exact commands you used, and > exact output you got. Also, send us Tomcat log messages so we could verify > HTTPS APR connector port. > > -Ognjen > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
