You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by William Lee <wl...@sendmail.com> on 2001/08/27 18:25:54 UTC
Standalone Tomcat SSL Handshake problem
I've searched in the mail archive but found no solution to the Tomcat
standalone SSL handshake problem that many people seem to experience.
I got the jsse and the certs installed according to the instruction. I
used the keytool util to import a openssl-generated, self-signed,
certificate. I can start the server fine with the following lines in
server.xml:
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port"
value="8443"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="keystore"
value="/tmp/keystore" />
<Parameter name="keypass"
value="changeit" />
<Parameter name="clientAuth"
value="false" />
</Connector>
The keystore file is /tmp/keystore.
When I start the server, I got:
2001-08-24 17:57:33 - ContextManager: Adding context Ctx( /admin )
Starting tomcat. Check logs/tomcat.log for error messages
2001-08-24 17:57:33 - ContextManager: Adding context Ctx( )
2001-08-24 17:57:33 - ContextManager: Adding context Ctx( /test )
2001-08-24 17:57:34 - PoolTcpConnector: Starting HttpConnectionHandler
on 8080
2001-08-24 17:57:45 - PoolTcpConnector: Starting HttpConnectionHandler
on 8443
2001-08-24 17:57:45 - PoolTcpConnector: Starting Ajp12ConnectionHandler
on 8007
When I try connect to port 8443 using https from a browser:
2001-08-24 17:57:48 - Ctx( ): 400 R( /) null
2001-08-24 17:57:48 - Ctx( ): IOException in: R( /) Socket
closed
I tried using openssl to connect to the server:
> openssl s_client -host sun8.dev-lab -port 8443
CONNECTED(00000003)
19354:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake
failure:s23_clnt.c:453:
Can somebody tell me how I can get it going? I read from the archive
that this is common problem but I found no way to resolve this. People
must have gotten it to work, right?...:) BTW, I'm using JDK 1.3.1 on
Solaris 5.8, Jsse 1.0.2, and Tomcat 3.2.3.
--
William Lee (Will) | Sendmail Inc.
Email: wlee@sendmail.com | http://www.sendmail.com
Tel: (510) 594-5505 |