I've been fooling around *a lot* lately with SSL, so I thought I'd give this a try. I'm not very experienced, but I'll offer my two cents.
First of all, what version of Tomcat, Java, etc. are you running? Such a statement is *de rigueur* for practically any question to this forum. My system looks like ** Server: SuSE 11.3 (2.6.34.7-0.7-desktop #1 SMP PREEMPT 2010-12-13 11:13:53 +0100 i686 i686 i386 GNU/Linux) ** Tomcat 6.0.30 ** Java: JRE 1.5.0_22 (though my keystore was self-generated with JDK 1.6.0_23) That said, the connector you describe is working for me, even when I intentionally misname my keyAlias. However I have only one entry in my keystore. I'm guessing that it can screw up if you have more than one and you give the wrong alias. You're using a JSSE implementation, correct? Run $ keytool -list -keystore $CATALINA_HOME/conf/keystore.jks -v and see what you get. (BTW, my self-generated openssl can be read with $ keytool -printcert -file /srv/apache2/conf/server.crt -v I say this only because I've also been fiddling, successfully, with the APR and mod_jk connector.) On Fri, Jan 28, 2011 at 8:06 AM, <spr...@gmx.eu> wrote: > Hi, > > I did it now so many times - it always worked - configuring tomcat for SSL. > > Today: New server, new certificate. > > Create new keystore, imported root, intermediate and server certificate, > configured the connector, same as usual. > > But... http does not work. No error in tomcats log, nothing. Browser says > that it cannot load the page due to a connection problem, maybe security > issue. > > How can I debug this ssl problem? > > <Connector > SSLEnabled="true" > clientAuth="want" > maxThreads="150" > port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > scheme="https" > secure="true" > sslProtocol="TLS" > keystoreFile="conf/tomcat.jks" > keystoreType="JKS" > keyAlias="tomcat" > keystorePass="changeit" > /> > > Thank you > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- "Hell hath no limits, nor is circumscrib'd In one self-place; but where we are is hell, And where hell is, there must we ever be" --Christopher Marlowe, *Doctor Faustus* (v, 121-24)
