Hi, Since you are using OpenSSL, I am assuming you also want to use APR (Apache Portable Runtime). It is great for tomcat. I am using it right now. I have posted message about how to do it. You can view it at: http://www.mail-archive.com/users%40tomcat.apache.org/msg02500.html
The only difference is I am using self-signed certificate. I know people has trouble with Verisign when following those steps. I dont know about your case but it is definate worth trying. You can follow the steps and try things with self-signed certificate and see if things work. Then you can follow the same steps with actual signed certificate. Trust me those steps works. Let me know about your status and we will solve things together. Regards, D --- Brian Gibson <[EMAIL PROTECTED]> wrote: > Server = Windows 2003 Server w/Service Pack 1 (IIS Admin is running just > to host the IIS FTP Server, the World Wide Web Service is not running) > > Tomcat version = 5.5.12 > OpenSSL version = 0.9.8 (I believe) > jre1.5.0_05 > > I ordered a Geotrust QuickSSL cert for the common name > calendar.wheatoncollege.edu and once issued I followed all of GeoTrust's > instructions for creating the keystore (I kept the password set to the > default of "changeit"). I uncommented the section of the server.xml file > that has the Connector tag for the SSL listener. I tried having it > listen on 8443, the default, and I tried switching it over to 443 and > with every change I made I stopped and started the Tomcat Windows > service. I can connect perfectly fine to port 8080 with http but > whenever I try > > https://calendar.wheatoncollege.edu:8443 (or 443, depending on what > port I am trying at the time) the client says it is connecting but after > about a minute or so it throws the error > > "The connection to calendar.wheatoncollege.edu has terminated > unexpectedly. Some data may have been transferred." > > (This error occurs when using Firefox on a PC). The same thing happens > with Internet Explorer, it takes a bit then throws an error. > > I used netstat and TCPView on the server and sure enough the client has > an established connection to that port, and the port is listening. (By > the way, I shut off the local Windows firewall and disabled McAfee > Enterprise VirusScan version 8.0i). > > I ended up speaking with the Geotrust techs and had them remote desktop > in to the server and they tried using the keystore file I generated and > they created their own for this server to test. They said they put > Tomcat into debug mode (which I do not know how they did this) but they > said everything configuration-wise looks great and they apologized for > not being able to get the cert to work... that one kind of freaked me > out. > > The server does have 2 NIC cards so I tried disabling the 2nd NIC and > restarting Tomcat but with no luck, same thing, connects and times out. > I also had an entry in the local c:\WINDOWS\system32\drivers\etc\hosts > file > for both NICS because of the backup software we use, I tried removing > those entries and doing an "ipconfig /flushdns" command, then restarted > Tomcat but with no luck. I then tried following the directions on the > Tomcat SSL HowTO page to create a self signed cert. I created .keystore > file and my <Connector> tag looks like this (I used the default password > of "changeit"). > > <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" > minSpareThreads="25" maxSpareThreads="75" enableLookups="false" > disableUploadTimeout="true" acceptCount="100" scheme="https" > secure="true" clientAuth="false" sslProtocol="TLS" > keystoreFile="F:\ssl_files\.keystore" /> > > I then restarted Tomcat, still no luck. One other thing, > calendar.wheatoncollege.edu is just a DNS CNAME alias so I tried > creating a self signed cert for the server's real name in DNS, > mmserver2.wheatonma.edu but still no dice. I am really at a loss. > > I never see any errors or info in the Windows Event Viewer but it is > fairly useless for troubleshooting anyway. > > Any help would be greatly appreciated. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
