You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jan Eldenmalm <ja...@eldenmalm.com> on 2007/02/13 04:11:16 UTC
Tomcat 5.5.20 SSL "no errors" not working
Hello,
I have configured tomcat (5.5.20 on a windows server 2003) to use SSL
on port 443 on a specific IP, using a java keystore file:
<Connector address="88.208.211.112" port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/ssl/obsid.key" keystorePass="******" />
Additionally I have verified that the redirect port settings are ok:
<Connector address="88.208.211.112" port="80"
maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" redirectPort="443" acceptCount="100"
connectionTimeout="10000" disableUploadTimeout="true" />
When starting tomcat i get no erros in any logs:
Feb 13, 2007 2:28:41 AM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-127.0.0.1-8009
Feb 13, 2007 2:28:41 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 875 ms
Feb 13, 2007 2:28:42 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Feb 13, 2007 2:28:42 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.20
Feb 13, 2007 2:28:42 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Feb 13, 2007 2:28:42 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Feb 13, 2007 2:28:43 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-88.208.211.111-80
Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-88.208.211.112-80
Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-88.208.211.112-443
Feb 13, 2007 2:28:43 AM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-127.0.0.1-8009
Feb 13, 2007 2:28:43 AM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
Feb 13, 2007 2:28:44 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2093 ms
as you can try your self..... https://www.obsid.net does not resond
properly...where as http://www.obsid.net does - the https responds
somewhat though....
In my search for a solution - I even tried setting the keystoreFile and
keystore PAss URL to an "absolute" url - and to a "wrong" url - neither
makes it work - nor create any error logs.
keystoreFile="conf/junkinexistentfolder/ssl/obsid.key"
keystorePass="somethingwrong" />
Never the less - if I remove the connector from server.xml - the log no
longer specifies that it started the connector .. it does not show this
anymore:
Feb 13, 2007 2:28:43 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-88.208.211.112-443
I have checked the firewall - and if I remove the accept rule for 443 -
I get no response what so ever - so I presume that the firewall settings
are OK. ( I also tried connecting to localhost - which gives the same
"bad" connection that returns nothing...but seems open.... and my
external portscanners say that the port is open - my conclusion....it's
open.
I have tested the keystore files on my development machine - and it
works like a dream..... instantly.... ( I created the keystore file on
this development machine - and imported the certs, intermediary certs
and root certs on this development machine )
I have checked he windows event log - and it contains nothing related to
tomcat, nor any port conflicts or other things even remotely connected
to a web server or network connections...
Any insights into where to start looking for the problem would be much
appreciated.
// Jan