Re: SSL problem with Tomcat 5.5

Mon, 26 Nov 2007 16:30:01 -0800

To ensure you have a valid keystore with the included private key and a refer to an alias 'tomcat' I recommend strongly to create a new keystore as described in the reference (see links in other answer mails). At least you can create a self-signed certificate if you don't need one signed by a trusted CA.
To check if SSL is running you can test it from a Linux or Unix box with installed OpenSSL with the following command: 


echo -e "GET /jsp-examples/index.jsp HTTP/1.0\r\n\r\n"|openssl 
s_client -connect localhost:8443 -ssl3 -debug -quiet



Replace URI-context and welcome file, replace hostname and port if 
neccessary, change SSL mode to ssl2 or tsl as needed


Johann



----- Original Message ----- 
From: "Bob Grabbe" <[EMAIL PROTECTED]>

To: "'Tomcat Users List'" <users@tomcat.apache.org>
Sent: Monday, November 26, 2007 10:48 PM
Subject: RE: SSL problem with Tomcat 5.5



OK, I've attached a new file with the startup. Unfortunately I'm not 
seeing

anything in any logs that indicate any https requests.
Just in case, what's the command to generate a new empty keystore file ?

I've seen the notes on the tomcat docs for creating the csr, but I didn't 
do

that this time. I might try it though, if I can get godaddy to go through
the process with me again,

Thanks

Bob Grabbe
University of Michigan
[EMAIL PROTECTED]
_________________________________________________________________________
"Research is the process of going up alleys to see if they are blind." --
Marston Bates


-----Original Message-----
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Monday, November 26, 2007 4:09 PM
To: Tomcat Users List
Subject: Re: SSL problem with Tomcat 5.5
What would be best would be catalina.log at startup, showing
whether the SSL connector started cleanly.

And of course, any log entry relating specifically to an HTTPS
request.

> I didn't generate a new csr, I figured renewing the cert shouldn't
need
> that. Do I need to go through that or should I be able to just renew
it ?

Dunno about GoDaddy, but when I "renew" a Thawte cert for one of
my sites, I have to generate a new cert request. So I just create a new
keystore file, named something like keystore-example.com-2007, and
use that for the new cert.

HTH!
--
Hassan Schroeder ------------------------ [EMAIL PROTECTED]

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







--------------------------------------------------------------------------------



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]

For additional commands, e-mail: [EMAIL PROTECTED] 



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to