Change http://portal.acmeinc.com/CH/index.jsp To HTTPS://
I don't understand the stack trace, but when you download those 6 control characters, you a accessing a SSL port with http. Either change the port to a non-SSL or use https Hope this helps! On Wednesday, February 5, 2014 12:06 AM, Richard Mixon <rnmi...@custco.biz> wrote: After getting the various pieces to work piecemeal in a development environment I am trying to integrate in a production environment and running into the above problem. Here are the pieces, all on CENTOS 6.4 with Java 7: * Apache HTTPD running a single virtual host that runs a wordpress website. Uses a commercial SSL certificate * Tomcat 7, SSL sefl-signed on port 8443 with the following web applications: * CAS * CH, an line-of-business monitoring application. The WordPress site virtual host is httpd configuration uses mod_proxy to proxy CAS and CH requests to Tomcat. Before introducing CAS I can get to each application without issue: * CAS at http://portal.acmeinc.com/CAS/* * CH at http://portal.acmeinc.com/CH/* * Wordpress at http://portal.acmeinc.com/* I've setup my keystore and trustore correctly I believe. I can login successfully to CAS, e.g. to: http://portal.acmeinc.com/cas/services I've turned on SSL debugging per this guide: https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide When I try http://portal.acmeinc.com/CH/index.jsp I end up getting the above exception. Here is the output of the log. 2014-02-04 21:41:06,469 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 4 services.> Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false http-bio-8443-Acceptor-0, setSoTimeout(60000) called Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 http-bio-8443-exec-1, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? http-bio-8443-exec-1, SEND TLSv1 ALERT: fatal, description = unexpected_message http-bio-8443-exec-1, WRITE: TLSv1 Alert, length = 2 http-bio-8443-exec-1, called closeSocket() http-bio-8443-exec-1, IOException in getSession(): javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? http-bio-8443-exec-1, called close() http-bio-8443-exec-1, called closeInternal(true) 2014-02-04 21:43:06,438 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> Also, the browser I'm using attempts to download the file, which is only six control characters: NAK ETX SOH NUL STX STX Any iideas or hints on solving this are appreciated. Thank you - Richard -- Richard Mixon Custom Computer Creations, L.L.C. mobile: (480) 577-6834 office: (480) 614-3442 email: rnmi...@custco.biz <mailto:rnmi...@custco.biz> Microsoft Partner ID: 1263725 The messages and documents transmitted with this notice contain confidential information belonging to the sender. If you are not the intended recipient of this information, you are hereby notified that any disclosure, copying, distribution or use of the information is strictly prohibited. If you have received this transmission in error, please notify the sender immediately. -- You are currently subscribed to cas-user@lists.jasig.org as: mmaceach...@yahoo.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user