Strange problems with SSL support in Tomcat 6

Wed, 26 Aug 2009 14:39:16 -0700 

Hi,
I have a Debian machine where previously, Tomcat 5.5 was installed (using the Tomcat 5.5 Debian package). "uname -a" returns: 


Linux server02 2.6.26-2-amd64 #1 SMP Sun Jul 26 20:35:48 UTC 2009 x86_64 
GNU/Linux



Now, for some reason I installed Tomcat 6 by using the binary 
distribution of Tomcat 6.0.20 downloadable from the website (because 
there's no Debian package for Tomcat 6 yet). I copied over the 
configuration files: logging.properties, server.xml, tomcat-users.xml 
and everything works fine except SSL.



The server listens on port 80 for HTTP requests and on port 443 for 
HTTPS requests. With the exact same configuration and certificate file, 
SSL works with Tomcat 5.5 but not with Tomcat 6. Everything else works 
without any flaws.



When I try to access the server using "https://myserver.com/"; in 
firefox, the error code "ssl_error_rx_record_too_long" appears. However, 
no errors are logged at all, although I set everything to ALL in the 
logging.properties file.



I even converted the PKCS12 certificate I use to JKS format but although 
keytool shows the certificate just fine, using the JKS keystore has the 
same effect.


I use the following connector settings in /opt/tomcat6/conf/server.xml:

    <Connector
      port="443"

      scheme="https"
      secure="true"
      clientAuth="false"

      sslProtocol="TLS"

      keystoreFile="/opt/tomcat6/conf/cert.p12"
      keystorePass="*************"
      keystoreType="pkcs12"

      maxHttpHeaderSize="8192"
      maxThreads="150"
      minSpareThreads="25"
      maxSpareThreads="75"
      enableLookups="false"
      connectionTimeout="20000"
      disableUploadTimeout="true"
      acceptCount="100"
      />


Tomcat is run as root (for now at least), so permission problems should 
not occur. Of course /opt/tomcat6/conf/cert.p12 exists and is a valid 
certificate.



I would be extremely grateful if someone has an idea on how I could 
attempt to debug this strange problem.


Thanks in advance!

Best regards
Markus

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to