-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Peter,
On 12/22/16 2:43 AM, Peter Wallis wrote: > Hi Christopher, so it seems I have done something exceptional :-) > Thanks for taking a look... > > <Connector port="443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxThreads="150" SSLEnabled="true" scheme="https" secure="true" > keystoreFile="/home/peter/.keystore" alias="tomcat" > keystorePass="changeit" clientAuth="false" sslProtocol="TLS" /> This looks fine except for one thing: you are using port 443 on a *NIX system which requires you to either run as root (bad) or make other arrangements. Have you made such arrangements? > Keystore type: JKS Keystore provider: SUN > > Your keystore contains 2 entries > > Alias name: gandi Creation date: 21-Dec-2016 Entry type: > trustedCertEntry Okay, that's your CA. > Alias name: tomcat Creation date: 21-Dec-2016 Entry type: > trustedCertEntry Okay, that's presumably your server's cert. > Owner: CN=alexa.proseco.co.uk, OU=Gandi Standard SSL, OU=Domain > Control Validated If that's your site name (alexa.proseco.co.uk) this looks good. What happens if you do this from the outside (e.g. not on the pi itself) : $ openssl s_client -connect alexa.proseco.co.uk:443 - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYW/NwAAoJEBzwKT+lPKRYbf0P/3LawCFJivA7997fbYvFCw5h A9p1aWXNYMzRiaGcltoYk+fZVtTQ0Ve5mBtSDV8nN+mulEt2mPD6nxbvhjw1H24z pononiduIpv30QduqlXQeczUtdptjNMzsDP+zg1HdnEF45xSmQl/egn3/QCBqMIH hYNmxgxJpipDlruv5sNhM/0BRF2jvmG3mqByX/ayguCP7eC16nXMzYriVMauUj+L QVZHlitdeLu8ZcHMxKz0B60gho64Hivlf/HlEiEINtyq5jYgN16dLNRzuMlZ34cd UAdOtT28eA4hIfK4KQZrpO/iSNn4gaKV7wBH8FswvgqJdLBT/ucKuzWOmfMY0cBx vLtBK6y1XFasfkGOkWoS8I2ViomygUgWDTIsFSmikaMgqJg2joxatLx50rT6oXyo KM4y074J8CSwxP+/UiwugRGCfiDfRHDZErEWXTpQmcsHrrSwJWlqCk6l/gUscB/X XM3XLKFK+8JUXnsYHYe9lylrrfHKUm8SgNVkQsBF7b7RHtKh1kWJjD2/xMFb3C0P FuZnNdFc22MEaDnisp5ofqDAYNTDvJLkVn+2ererNmeWdrRq8Cf7/X4QrLeTlMh/ 7GcRGq0C9/2ZRc+1pyFhjfef6MwZ1wceqiquBZYokdyoPHdQ82VAyPg1ffVRfskl 1TsRsxA+hHeIkgCE161B =yhHl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org