You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Michael Casale <mc...@knoa.com> on 2006/11/08 23:22:59 UTC

RE: SSL not working on Tomcat - The Solution

Hi All -

The simple solution to this whole problem is that I was using the wrong
Keystore file - not the one I originally used to generate my certificate
request.

I originally tried to use the original keystore file to import in my
newly purchased certification, but I kept getting the error "Wrong
Keystore Format" (or something to that effect - I forgot and am in a
hurry here).

The reason why is I was following poor instructions on my company's wiki
which omitted the storetype tag in the keystore -import line. You need
the -storetype PKCS12 when importing into a PKCS12 keystore. Duh on me. 

This is how we learn. I figured I'd just point this out for anyone else
using the keytool command and working with PKCS12 format keys and
keystores.

Thanks to all those who offered help!

Michael Casale

Systems Administrator / IT Manager

Knoa Software

mcasale@knoa.com

Ph.  (212) 807-9608 ext. 6000

Fax  (212) 675-6121

-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net] 
Sent: Wednesday, November 08, 2006 5:02 PM
To: Tomcat Users List
Subject: Re: SSL not working on Tomcat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael,

Michael Casale wrote:
> I've installed Firefox 2.0 and I get the error:
> 
> "Firefox can't connect securely to upm.knoa.com because the site uses
a
> security protocol which isn't enabled"
> 
> So... I changed sslProtocol="TLS" to sslProtocol="SSL" and restarted
the
> service. I get the same error.

Wow. Sounds like something is seriously screwed up. Have you tried a
different client machine? Perhaps one of your SSL libraries is hosed.

Have you tried re-installing Tomcat? Perhaps one of TC's SSL libraries
is hosed.

If all else fails, I would run something like memtest86 on your server
to see if the memory is okay. It's tough to do all this crypto stuff and
not have an exception when the littlest thing goes wrong, so something
is definitely amiss. It's not like Sun invented a new SSL protocol and
didn't tell anyone about it ;)

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFUlPC9CaO5/Lv0PARAiljAJ9auqO2pfKdS9+zimV5hFhJR2zn2wCfZkY5
KP4Xe5Do8g1iS9+EYc0LqvA=
=QizN
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org