Hi Robert,
I can tell you keystores for 1.2 and 1.3 are not
compatible
(at least in my experience).
I ignored the note about compiling tomcat and
was
able to get SSL working in tomcat
standalone
configuration. See the Dasho-Pro reference?
That's
a tag from deep in the Cipher suite. I'm
almost
certain you need to backtrack and generate a
fresh
keystore. import your RSA cert into
that and make sure
it is for "tomcat" with a password of "changeit".
Verify that the
keystore was generated with the same
JDK that is used by tomcat. You mention
using
different JDK's. I think this is where the problem
is.
Good Luck,
Dave
----- Original Message -----
Sent: Friday, December 15, 2000 11:28
AM
Subject: Tomcat 3.2 SSL error:Error
reading request
Hi,
I'm currently stuck with my SSL enabling of
tomcat 3.2 with a weird error message.
As soon as I try to access SSL secured content,
the following error occurs:
2000-12-15 05:23:51 - ContextManager: Error
reading request R( /) 400 2000-12-15 05:23:51 - Ctx( ): 400 R( /)
null 2000-12-15 05:23:51 - Ctx( ): Handler null null 2000-12-15
05:23:51 - Ctx( ): IOException in: R( /) Socket closed
2000-12-15 05:10:57 - Ctx( ): IOException
in: R( /) Socket closed
After a while, the following exception is
thrown:
at
java.io.IOException.<init>(IOException.java:49)
at
javax.net.ssl.SSLException.<init>([DashoPro-V1.2-120198])
at
java.io.BufferedInputStream.fill(BufferedInputStream.java:192)
at
javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138)
at
org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(HttpR equestAdapter.java:129)
at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnection( HttpConnectionHandler.java:195)
at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:41 6)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:4 98)
at java.lang.Thread.run(Thread.java:498)
I've compiled tomcat 3.2 with SSL support
(SSLSocketFactory was compiled successfully)
as described in the Tomcal-SSL-Howto
document.
ALso, I've changed my jdk-1.3 (IBM) jre
java.security file as described.
I had a problem adding my CERT to the keystore,
where keytool always complained that the
public keys are different between the stored and
given key.
I worked that around by deleting the keystore and
let keytool create it during the CERT import.
That worked.
I will now try it again with the SUN JDK 1.3,
maybe the IBM jdk doesn't work.
Has anyone an idea what the problem is? Is this
caused by a keystore problem reading my CERT
or is there any hint you can give
me?
Thanks in advance!
Robert
|