using -Djavax.net.debug=all ... what am I expecting to happen? The only action I get is the line (which happens normally)
<ip address> - - <date and time> "HEAD / HTTP/1.1" 200 - in my connector's access log. On 21 December 2016 at 14:53, Peter Wallis <pwal...@acm.org> wrote: > Hi Hassan, > yes, but ... that says nothing about the key format (pem vs der? > SHA1/SHA2) and there is an awful lot of actually conflicting instructions > out there. It took a while to realise that the private key is "in" the > keystore, and that recreating the keystore means you have to start again > with a new csr. I have also seen that keytool will import pem files quite > happily, so I guess these instructions are correct and not out of date as I > originally thought. > > Given I seem to have a working keystore, and I have checked and rechecked > my ssl tomcat configuration, and my setup works with http connections, I'd > much prefer to debug what I have rather than start again. Particularly as > reconstructing the keystore will cost me, if not money, at least respect > from my certificate provider support people. > > Debugging is apparently done using > > -Djavax.net.debug=all > -Djavax.net.debug=ssl:handshake:data > > on the startup script (thanks Martin) > > - trying now... > > P > > > On 21 December 2016 at 14:31, Hassan Schroeder <hassan.schroe...@gmail.com > > wrote: > >> On Wed, Dec 21, 2016 at 1:22 AM, Peter Wallis <pwal...@acm.org> wrote: >> >> > Can someone point me to the official how-to debug ssl issues on tomcat? >> >> Did you follow the steps in this documentation? >> >> http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html >> >> -- >> Hassan Schroeder ------------------------ hassan.schroe...@gmail.com >> twitter: @hassan >> Consulting Availability : Silicon Valley or remote >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >