This is the command I issued:
keytool -genkey -alias tomcat -keyalg RSA -keystore "C:\Documents and 
Settings\tomcat_user\.keystore"

I noticed that java 1.6.0.14 doesn't have this "-genkey" argument, it has 
"-genkeypair".  Is that a problem?

Server.xml:
    <Connector port="8443" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
                   keystoreFile="${user.home}/.keystore" 
keystorePass="mycustompassword"
               clientAuth="false" sslProtocol="TLS" /> 

Is the ${user.home} syntax literal or does it use the path shown in the java 
command?

We have wireshark, I'll get my sysadmin to run it.

I did uncheck the show friendly HTTP errors.  I'll let you know when the page 
dies, it takes a long time to get anything back.

I appreciate all the feedback.


-----Original Message-----
From: André Warnier [mailto:a...@ice-sa.com] 
Sent: Wednesday, February 24, 2010 2:22 PM
To: Tomcat Users List
Subject: Re: Question about SSL

Leo Donahue - PLANDEVX wrote:
> https://localhost:8443
> 
> Using IE6, I get a message saying you are about to view a page over a secure 
> connection, but the page never loads.  No errors in the logs.  The ROOT 
> webapp is still there, no lock icon in the browser.
> 
> IE6 status bar just says: "Opening page https://localhost:8443/..."; 
> 
> And eventually, IE6 responds with "The page cannot be displayed".
> 

Maybe you should read this :
http://www.bbc.co.uk/blogs/thereporters/maggieshiels/2010/02/last_rites_for_microsofts_most.html
(and I totally agree with the author, that its demise will be feted by 
developers worldwide)

More seriously : IE6 has (had ?) this feature called "friendly error messages" 
which basically hides what the server is really saying, and displays an 
internal and useless error page instead, always the same.
You can turn it off, somewhere in the preferences.

Better : there exists an IE add-on, called Fiddler2, which does about the same 
as similar add-ons for Firefox like HttpFox e.g.
It allows you to /really/ see what the browser is sending, and what it receives 
from the server.

Better yet : use Firefox with the HttpFox add-on.

And the ultimate, but not for the faint-hearted : you can use a program like 
Wireshark to grab and memorise and see absolutely every TCP/IP packet 
circulating on the wire, even the ones you never wanted to know about.

All of that does not solve your problem, but at least it should give you an 
idea of what is really going on.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to