You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by William Lee <wl...@sendmail.com> on 2001/08/27 18:25:54 UTC

Standalone Tomcat SSL Handshake problem

I've searched in the mail archive but found no solution to the Tomcat
standalone SSL handshake problem that many people seem to experience.

I got the jsse and the certs installed according to the instruction.  I
used the keytool util to import a openssl-generated, self-signed,
certificate.  I can start the server fine with the following lines in
server.xml:

<Connector className="org.apache.tomcat.service.PoolTcpConnector">
    <Parameter name="handler" 
	value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
    <Parameter name="port" 
	value="8443"/>
    <Parameter name="socketFactory" 
	value="org.apache.tomcat.net.SSLSocketFactory" />
      <Parameter name="keystore" 
	value="/tmp/keystore" />
    <Parameter name="keypass" 
      value="changeit" />
    <Parameter name="clientAuth" 
      value="false" />
</Connector>

The keystore file is /tmp/keystore.

When I start the server, I got:

2001-08-24 17:57:33 - ContextManager: Adding context Ctx( /admin )
Starting tomcat. Check logs/tomcat.log for error messages
2001-08-24 17:57:33 - ContextManager: Adding context Ctx(  )
2001-08-24 17:57:33 - ContextManager: Adding context Ctx( /test )
2001-08-24 17:57:34 - PoolTcpConnector: Starting HttpConnectionHandler
on 8080
2001-08-24 17:57:45 - PoolTcpConnector: Starting HttpConnectionHandler
on 8443
2001-08-24 17:57:45 - PoolTcpConnector: Starting Ajp12ConnectionHandler
on 8007

When I try connect to port 8443 using https from a browser:

2001-08-24 17:57:48 - Ctx(  ): 400 R( /) null
2001-08-24 17:57:48 - Ctx(  ): IOException in: R( /) Socket
closed                        


I tried using openssl to connect to the server:
> openssl s_client -host sun8.dev-lab -port 8443
CONNECTED(00000003)
19354:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake
failure:s23_clnt.c:453:                                                                     
Can somebody tell me how I can get it going?  I read from the archive
that this is common problem but I found no way to resolve this.  People
must have gotten it to work, right?...:)  BTW, I'm using JDK 1.3.1 on
Solaris 5.8, Jsse 1.0.2, and Tomcat 3.2.3.   


-- 
William Lee (Will)        | Sendmail Inc.
Email:  wlee@sendmail.com | http://www.sendmail.com
Tel:    (510) 594-5505    |