2012/2/17 Marvin S. Addison <[email protected]>: >> I'm not sure what you mean with "ssl trace" > > > See > https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide > for instructions to perform SSL trace. The debug information in a trace > almost always clarifies the exact cause of a failed SSL handshake. <SNIP> > Suggests a certificate trust problem, which could be due to a change in the > way Tomcat sets up the trust store or a change internally to the JRE. Can > you confirm whether the JRE/JDK version changed as a consequence of > upgrading other components? Also, need the exact JRE version and Tomcat > version you're running at present. Might help to post your redacted > server.xml as well.
I finally had the time to track this down. Turns out the problem was a permission issue: the /etc/ssl/certs/java directory (not the actual file itself) somehow stopped being readable for tomcat. Unfortunately I can't track it down to whether it is an ownership or permission change or when and how it happened. May still have been an update - my backups show me no file permission changes since at least half november... -- Frank Van Damme No part of this copyright message may be reproduced, read or seen, dead or alive or by any means, including but not limited to telepathy without the benevolence of the author. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
