Hey everyone -
I'm stuck on Tomcat 5.5.26 to support a specific application. This is a
Solaris 9 server with no Apache - tomcat is handling its own webserving.
We're hoping to upgrade the JDK. I can use JDK-1.5.0_21 successfully.
When I start tomcat with JDK-1.6.0_16, I get one specific issue...
Firefox, but not Safari or IE, will report on https connections:
Secure Connection Error
An error occurred during a connection to mysite.com:8443.
Peer reports it experienced an internal error.
(Error code: ssl_error_internal_error_alert)
Weirdly, there is no error in any error log when this happens.
I think this might be a configuration error on my part. Here's our SSL
conf stanza:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/path/to/my/keystore"
keystorePass="somePass" />
... I notice that in other people's configs, they have a specific
reference to a TrustStore. I have the CA certs imported into the
keystore, though, and I'm using this config on other servers, with other
versions of tomcat, other versions of the JDK, etc. (However, those are
all linux servers.) I'm especially suspicious about this possibility
because lately there have been other Firefox https bugs (like the Flash
uploader bug) that ultimately have to do with verifying the certificate
authority. Adding in a truststore doesn't seem to help, but maybe i r
doin it wrong.
Thanks for any references or wild speculation you can provide.
- Nada
(p.s. if you're curious about the Flash uploader bug, see e.g.:
http://bugs.adobe.com/jira/browse/FP-201
http://bugs.adobe.com/jira/browse/FP-226
https://bugs.adobe.com/jira/browse/SDK-13196
http://swfupload.org/forum/generaldiscussion/347 )
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org