This is the command I issued: keytool -genkey -alias tomcat -keyalg RSA -keystore "C:\Documents and Settings\tomcat_user\.keystore"
I noticed that java 1.6.0.14 doesn't have this "-genkey" argument, it has "-genkeypair". Is that a problem? Server.xml: <Connector port="8443" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="${user.home}/.keystore" keystorePass="mycustompassword" clientAuth="false" sslProtocol="TLS" /> Is the ${user.home} syntax literal or does it use the path shown in the java command? We have wireshark, I'll get my sysadmin to run it. I did uncheck the show friendly HTTP errors. I'll let you know when the page dies, it takes a long time to get anything back. I appreciate all the feedback. -----Original Message----- From: André Warnier [mailto:a...@ice-sa.com] Sent: Wednesday, February 24, 2010 2:22 PM To: Tomcat Users List Subject: Re: Question about SSL Leo Donahue - PLANDEVX wrote: > https://localhost:8443 > > Using IE6, I get a message saying you are about to view a page over a secure > connection, but the page never loads. No errors in the logs. The ROOT > webapp is still there, no lock icon in the browser. > > IE6 status bar just says: "Opening page https://localhost:8443/..." > > And eventually, IE6 responds with "The page cannot be displayed". > Maybe you should read this : http://www.bbc.co.uk/blogs/thereporters/maggieshiels/2010/02/last_rites_for_microsofts_most.html (and I totally agree with the author, that its demise will be feted by developers worldwide) More seriously : IE6 has (had ?) this feature called "friendly error messages" which basically hides what the server is really saying, and displays an internal and useless error page instead, always the same. You can turn it off, somewhere in the preferences. Better : there exists an IE add-on, called Fiddler2, which does about the same as similar add-ons for Firefox like HttpFox e.g. It allows you to /really/ see what the browser is sending, and what it receives from the server. Better yet : use Firefox with the HttpFox add-on. And the ultimate, but not for the faint-hearted : you can use a program like Wireshark to grab and memorise and see absolutely every TCP/IP packet circulating on the wire, even the ones you never wanted to know about. All of that does not solve your problem, but at least it should give you an idea of what is really going on. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org