Hi, it is TC 7.0.5, Java 1.6_22.
When I use a selfsigned certificate everything is fine - same server config, just the other certificate. So it must be something wrong with the certificate. But I have no clue what. How can I debug the SSL-Handshake process? The cert not working has: #7: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #8: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL client SSL server ] So it should be the right type of cert. Thank you > -----Original Message----- > From: Thad Humphries [mailto:thad.humphr...@gmail.com] > Sent: Freitag, 28. Januar 2011 16:47 > To: Tomcat Users List > Subject: Re: SSL not working > > I've been fooling around *a lot* lately with SSL, so I > thought I'd give this > a try. I'm not very experienced, but I'll offer my two cents. > > First of all, what version of Tomcat, Java, etc. are you > running? Such a > statement is *de rigueur* for practically any question to > this forum. My > system looks like > > ** Server: SuSE 11.3 (2.6.34.7-0.7-desktop #1 SMP PREEMPT 2010-12-13 > 11:13:53 +0100 i686 i686 i386 GNU/Linux) > ** Tomcat 6.0.30 > ** Java: JRE 1.5.0_22 (though my keystore was self-generated with JDK > 1.6.0_23) > > That said, the connector you describe is working for me, even when I > intentionally misname my keyAlias. However I have only one > entry in my > keystore. I'm guessing that it can screw up if you have more > than one and > you give the wrong alias. > > You're using a JSSE implementation, correct? Run > > $ keytool -list -keystore $CATALINA_HOME/conf/keystore.jks -v > > and see what you get. > > > (BTW, my self-generated openssl can be read with > > $ keytool -printcert -file /srv/apache2/conf/server.crt -v > > I say this only because I've also been fiddling, > successfully, with the APR > and mod_jk connector.) > > On Fri, Jan 28, 2011 at 8:06 AM, <spr...@gmx.eu> wrote: > > > Hi, > > > > I did it now so many times - it always worked - configuring > tomcat for SSL. > > > > Today: New server, new certificate. > > > > Create new keystore, imported root, intermediate and server > certificate, > > configured the connector, same as usual. > > > > But... http does not work. No error in tomcats log, > nothing. Browser says > > that it cannot load the page due to a connection problem, > maybe security > > issue. > > > > How can I debug this ssl problem? > > > > <Connector > > SSLEnabled="true" > > clientAuth="want" > > maxThreads="150" > > port="8443" > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > scheme="https" > > secure="true" > > sslProtocol="TLS" > > keystoreFile="conf/tomcat.jks" > > keystoreType="JKS" > > keyAlias="tomcat" > > keystorePass="changeit" > > /> > > > > Thank you > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > -- > "Hell hath no limits, nor is circumscrib'd In one self-place; > but where we > are is hell, And where hell is, there must we ever be" --Christopher > Marlowe, *Doctor Faustus* (v, 121-24) > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
