Hi All - The simple solution to this whole problem is that I was using the wrong Keystore file - not the one I originally used to generate my certificate request.
I originally tried to use the original keystore file to import in my newly purchased certification, but I kept getting the error "Wrong Keystore Format" (or something to that effect - I forgot and am in a hurry here). The reason why is I was following poor instructions on my company's wiki which omitted the storetype tag in the keystore -import line. You need the -storetype PKCS12 when importing into a PKCS12 keystore. Duh on me. This is how we learn. I figured I'd just point this out for anyone else using the keytool command and working with PKCS12 format keys and keystores. Thanks to all those who offered help! Michael Casale Systems Administrator / IT Manager Knoa Software [EMAIL PROTECTED] Ph. (212) 807-9608 ext. 6000 Fax (212) 675-6121 -----Original Message----- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 08, 2006 5:02 PM To: Tomcat Users List Subject: Re: SSL not working on Tomcat -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael, Michael Casale wrote: > I've installed Firefox 2.0 and I get the error: > > "Firefox can't connect securely to upm.knoa.com because the site uses a > security protocol which isn't enabled" > > So... I changed sslProtocol="TLS" to sslProtocol="SSL" and restarted the > service. I get the same error. Wow. Sounds like something is seriously screwed up. Have you tried a different client machine? Perhaps one of your SSL libraries is hosed. Have you tried re-installing Tomcat? Perhaps one of TC's SSL libraries is hosed. If all else fails, I would run something like memtest86 on your server to see if the memory is okay. It's tough to do all this crypto stuff and not have an exception when the littlest thing goes wrong, so something is definitely amiss. It's not like Sun invented a new SSL protocol and didn't tell anyone about it ;) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUlPC9CaO5/Lv0PARAiljAJ9auqO2pfKdS9+zimV5hFhJR2zn2wCfZkY5 KP4Xe5Do8g1iS9+EYc0LqvA= =QizN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]