Greetings,
We're developing an application on top of Tomcat. Our incoming
connections are always HTTPS. We've been using the self signed cert
that came with tcServer for testing, but now I'm trying to get our setup
working with an officially signed certificate we just got from GoDaddy.
I've followed the GoDaddy instructions for adding a total of 4 certs
(root + 2 intermediates + ours) to a fresh keystore file. I used the
same keystorePass and keyAlias values as already specified for the
default keystore file. I then replaced the working keystore file (with
self signed cert) with this new keystore file and restarted Tomcat.
Once I do this, my HTTPS port stops working. Firefox says this:
The connection to alpha.filethis.com was interrupted while the page
was loading.
I'm stuck at this point. I can find no supporting information for this
failure in Tomcat's logs. The logs are unchanged after attempting to
access our app via HTTPS. I tried upping the log levels in
logging.properties, but even after getting huge log files to be spit
out, nothing is added to the logs in response to these erring HTTPS
requests.
My guess is that this problem has to do with my setup not matching the
domain name in the certificate, even though I'm coming in via that
domain on the URL. All the docs I've seen so far online, however, don't
mention having to do anything special in this regard.
I'm running tcServer, which it appears is Tomcat 6.0.26. My server.xml
file is included at the bottom of this post.
Can anyone tell me what might be going wrong, or how to enable some sort
of diagnostics that might tell me something about why this isn't working?
Any help would be greatly appreciated.
Take care
Steve
server.xml
==========
<?xml version='1.0' encoding='utf-8'?>
<Server port="${shutdown.port}" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener
className="com.springsource.tcserver.serviceability.rmi.JmxSocketListener"
port="${jmx.port}"
bind="127.0.0.1"
useSSL="false"
passwordFile="${catalina.base}/conf/jmxremote.password"
accessFile="${catalina.base}/conf/jmxremote.access"
authenticate="true"/>
<Listener
className="com.springsource.tcserver.serviceability.deploy.TcContainerDeployer"
/>
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Executor name="tomcatThreadPool" namePrefix="tomcat-http--"
maxThreads="300" minSpareThreads="50"/>
<Connector executor="tomcatThreadPool"
port="${http.port}"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
redirectPort="${https.port}"
acceptCount="100"
maxKeepAliveRequests="15"/>
<Connector executor="tomcatThreadPool"
port="${https.port}"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
redirectPort="${https.port}"
acceptCount="100"
maxKeepAliveRequests="15"
keystoreFile="${catalina.base}/conf/tcserver.keystore"
keystorePass="changeme"
keyAlias="tcserver"
SSLEnabled="true"
scheme="https"
sslProtocol="TLS"
clientAuth="false"
secure="true"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true" deployOnStartup="true"
deployXML="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
</Server>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
