Re: New to SSL - debugging tomcat

Thanks Chris, that seems to connect but sends no data back? The error is 3074385544:error:1409E0E5:SSL ... :ssl handshake failure:s3_pkt.c:637 Returns: CONNECTED(0003) --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0

Re: New to SSL - debugging tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 12/22/16 12:52 PM, Peter Wallis wrote: > Ahh! changed the server.xml entries to 8443 tried: openssl s_client > -connect 192.168.1.149:8443 and got: CONNECTED(0003) > 3074541192:error:140790E5SSL routhines:SSL23_WRITE:ssl handshake >

Re: New to SSL - debugging tomcat

Ahh! changed the server.xml entries to 8443 tried: openssl s_client -connect 192.168.1.149:8443 and got: CONNECTED(0003) 3074541192:error:140790E5SSL routhines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL

Re: New to SSL - debugging tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 12/22/16 11:03 AM, Peter Wallis wrote: > Hi Christopher, re 443 on *nix; yes, set AUTHBIND='yes' in > /etc/defaults/tomcat8 Okay. Are you sure you've got that configured properly? Try changing port 443 to 8443 in server.xml and bouncing

Re: New to SSL - debugging tomcat

Hi Christopher, re 443 on *nix; yes, set AUTHBIND='yes' in /etc/defaults/tomcat8 re openssl s_client -connect on a different machine; it times out Did have a thought -- one that might not be obvious to you experts -- I am serving that page via No-IP dynamic dns. Their support people are

Re: New to SSL - debugging tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 12/22/16 2:43 AM, Peter Wallis wrote: > Hi Christopher, so it seems I have done something exceptional :-) > Thanks for taking a look... > > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxThreads="150" SSLEnabled="true"

Re: New to SSL - debugging tomcat

Hi Christopher, so it seems I have done something exceptional :-) Thanks for taking a look... Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: gandi Creation date: 21-Dec-2016 Entry type: trustedCertEntry Owner: CN=Gandi Standard SSL CA 2, O=Gandi,

Re: New to SSL - debugging tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 12/21/16 4:22 AM, Peter Wallis wrote: > Hi all, I have tomcat 8.0.39 running on a raspberry pi (easy) and > thought I'd try setting it up to provide "skills" for the Amazon > Echo Alexa service. This requires a url which "presents"

Re: New to SSL - debugging tomcat

using -Djavax.net.debug=all ... what am I expecting to happen? The only action I get is the line (which happens normally) - - "HEAD / HTTP/1.1" 200 - in my connector's access log. On 21 December 2016 at 14:53, Peter Wallis wrote: > Hi Hassan, > yes, but ... that says

Re: New to SSL - debugging tomcat

Hi Hassan, yes, but ... that says nothing about the key format (pem vs der? SHA1/SHA2) and there is an awful lot of actually conflicting instructions out there. It took a while to realise that the private key is "in" the keystore, and that recreating the keystore means you have to start again

Re: New to SSL - debugging tomcat

On Wed, Dec 21, 2016 at 1:22 AM, Peter Wallis wrote: > Can someone point me to the official how-to debug ssl issues on tomcat? Did you follow the steps in this documentation? http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html -- Hassan Schroeder

New to SSL - debugging tomcat

Hi all, I have tomcat 8.0.39 running on a raspberry pi (easy) and thought I'd try setting it up to provide "skills" for the Amazon Echo Alexa service. This requires a url which "presents" either a signed certificate, or a self-signed certificate. Using fiirefox to check, I believe I got it