-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Latha,
On 7/17/12 8:20 PM, Sivasubramaniam, Latha wrote: > I am having issues with the SSL certificate chain the https > requests from the IE8 browser does not get any response. Following > are the details and any help is appreciated. This is in one of our > customer implementation. > > Tomcat version: 6.0.29 OS: Windows 2008 Browser: IE8 Ceritificate > key size: 2048 and the server certificate is 4th level in the > chain. What about other web browsers? Is it only MSIE8 that is giving you problems, or can you not connect from any browser/client? > I have tried following different things. > > * Imported chain and the server certificate to my keystore > and set keystore properties in the server.xml Please post your <Connector> configuration. Also, are you using APR for SSL? When you imported the certificate chain, did you import all 4 certificates? (You may not need the top-level CA one, as it was probably already trusted by the JVM). > * Imported certificate chain to cacerts and imported > server certificate to my own keystore and speficied keystore > properties in the server.xml > > * Imported certificate chain to my own trusted keystore in > addition to the cacerts and server certificate to another > keystore, specified both trustkeystore and keystore properties in > the server.xml > > None of the above is working. > > I generated selfsigned certificate and that is working. That is good to know. > We have windows based components using the same certificate on the > same server, certificates imported on to the windows certmgr and > those components are working. But the same certificate is not > working on the Java based components. > > I do not see any errors in the tomcat logs. Do you get any output at all when you launch Tomcat? > How can I get additional logging to see what is happening? Is > there any known issue with the certificate chain ( I did not find > any in the bug list) You can change the log level from INFO to DEBUG or FINE. Look at conf/logging.properties. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAG2LcACgkQ9CaO5/Lv0PCuNACaAq0VJe9jm9noc2CeLFrwqB/F q/8AnieQE0bUS4mnooudOy79pGJWCzzJ =wEtL -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org