You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Gavin Alexander <ga...@g2bs.com> on 2006/05/11 17:51:44 UTC
SSL problem in Tomcat
Hi, I am having a problem getting Tomcat to work properly with SSL.
My server.xml file contains the lines shown below, which appear fine to me.
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified
during installation -->
<Connector port="8080"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
Tomcat works fine with html pages, JSPs and servlets until such time
as they require SSL, and then I get the following message:
Unable to connect
Firefox can't establish a connection to the server at localhost:8443.
* The site could be temporarily unavailable or too busy. Try
again in a few moments.
* If you are unable to load any pages, check your computer's
network connection.
* If your computer or network is protected by a firewall or
proxy, make sure that Firefox is permitted to access the Web.
or, in IE:
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site
might be experiencing technical difficulties, or you may need to
adjust your browser settings.
--------------------------------------------------------------------------------
Please try the following:
...
If I enter https://localhost:8443 into the address bar of my browser
(Firefox) I don't get the Tomcat splash page, as described in
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File.
If anyone can suggest any other configuration details, or tests that
I can use to figure out the problem, I would be grateful.
Thankyou,
Gavin Alexander
Re: SSL problem in Tomcat
Posted by Jfk <jf...@yahoo.com>.
I know its going to sound silly... but then, i found out the problem.
its the -storepass & -keypass. they have to be the same. i thought they are
for different purpose...
anyway, issue closed.
--
View this message in context: http://www.nabble.com/SSL+problem+in+Tomcat-t1601673.html#a4554704
Sent from the Tomcat - User forum at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL problem in Tomcat
Posted by Jfk <jf...@yahoo.com>.
Hi Gavin,
I encountered the same problem as you. But i am unable to resolve it like
you do. the following is my config.
--------------------------Server.xml--------------------------------
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
--------------------------Server.xml--------------------------------
I have the following files in my tomcat home directory (but i did not
specify any %TOMCAT_HOME% environment variables. not mentioned anywhere in
the doc...) ->
client.cer
client.keystore
server.cer
server.keystore
i tried adding the line -> keystoreFile="c:\Program
Files\Java\jdk1.5.0_06\ssl\server.keystore"
into the server.xml but it still doesnt work.
*Note: the c:\Program Files\Java\jdk1.5.0_06\ssl\ directory contains the
same 4 files listed above.
any advice? thanks.
jfk.
--
View this message in context: http://www.nabble.com/SSL+problem+in+Tomcat-t1601673.html#a4553342
Sent from the Tomcat - User forum at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL problem in Tomcat
Posted by Gavin Alexander <ga...@g2bs.com>.
Thanks for that Jack.
Ironically, I just got things working again not 20 seconds before I
got your email. For some reason the .keystore file had stopped
working (maybe expired?) and I ended up creating a new one and adding
a keystoreFile attribute with path to the new file in tomcat's server.xml.
As often happens, I am mystified as to how it broke, but happy it is fixed!
Cheers,
Gavin
At 09:27 12/05/2006, you wrote:
>I have a page that has some config info about SSL with Client
>Authentication turned on. You could have a look there and see if you
>find any of it useful.
>
>http://jack.godau.googlepages.com/jbosscertificatesandopenssl
>
>Cheers
>Jack...
>
>On 11/05/06, Gavin Alexander <ga...@g2bs.com> wrote:
>>Hi, I am having a problem getting Tomcat to work properly with SSL.
>>
>>My server.xml file contains the lines shown below, which appear fine to me.
>>
>><!-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified
>>during installation -->
>><Connector port="8080"
>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>> enableLookups="false" redirectPort="8443" acceptCount="100"
>> debug="0" connectionTimeout="20000"
>> disableUploadTimeout="true" />
>>
>><!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
>><Connector port="8443"
>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>> enableLookups="false" disableUploadTimeout="true"
>> acceptCount="100" debug="0" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLS" />
>>
>>
>>Tomcat works fine with html pages, JSPs and servlets until such time
>>as they require SSL, and then I get the following message:
>>
>>Unable to connect
>>Firefox can't establish a connection to the server at localhost:8443.
>> * The site could be temporarily unavailable or too busy. Try
>>again in a few moments.
>> * If you are unable to load any pages, check your computer's
>>network connection.
>> * If your computer or network is protected by a firewall or
>>proxy, make sure that Firefox is permitted to access the Web.
>>
>>or, in IE:
>>
>>The page cannot be displayed
>>The page you are looking for is currently unavailable. The Web site
>>might be experiencing technical difficulties, or you may need to
>>adjust your browser settings.
>>--------------------------------------------------------------------------------
>>Please try the following:
>>...
>>
>>
>>If I enter https://localhost:8443 into the address bar of my browser
>>(Firefox) I don't get the Tomcat splash page, as described in
>>http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File.
>>
>>If anyone can suggest any other configuration details, or tests that
>>I can use to figure out the problem, I would be grateful.
>>
>>Thankyou,
>>
>>Gavin Alexander
>>
>>
>>
>
>
>--
>Cheers
>Jack...
>
>The claim "natural" is not synonymous with safe.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL problem in Tomcat
Posted by Jack <ja...@gmail.com>.
I have a page that has some config info about SSL with Client
Authentication turned on. You could have a look there and see if you
find any of it useful.
http://jack.godau.googlepages.com/jbosscertificatesandopenssl
Cheers
Jack...
On 11/05/06, Gavin Alexander <ga...@g2bs.com> wrote:
> Hi, I am having a problem getting Tomcat to work properly with SSL.
>
> My server.xml file contains the lines shown below, which appear fine to me.
>
> <!-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified
> during installation -->
> <Connector port="8080"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" redirectPort="8443" acceptCount="100"
> debug="0" connectionTimeout="20000"
> disableUploadTimeout="true" />
>
> <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector port="8443"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" debug="0" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />
>
>
> Tomcat works fine with html pages, JSPs and servlets until such time
> as they require SSL, and then I get the following message:
>
> Unable to connect
> Firefox can't establish a connection to the server at localhost:8443.
> * The site could be temporarily unavailable or too busy. Try
> again in a few moments.
> * If you are unable to load any pages, check your computer's
> network connection.
> * If your computer or network is protected by a firewall or
> proxy, make sure that Firefox is permitted to access the Web.
>
> or, in IE:
>
> The page cannot be displayed
> The page you are looking for is currently unavailable. The Web site
> might be experiencing technical difficulties, or you may need to
> adjust your browser settings.
> --------------------------------------------------------------------------------
> Please try the following:
> ...
>
>
> If I enter https://localhost:8443 into the address bar of my browser
> (Firefox) I don't get the Tomcat splash page, as described in
> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File.
>
> If anyone can suggest any other configuration details, or tests that
> I can use to figure out the problem, I would be grateful.
>
> Thankyou,
>
> Gavin Alexander
>
>
>
>
--
Cheers
Jack...
The claim "natural" is not synonymous with safe.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org