Thanks for all the help. I was not able to discover the exact cause of the problem, but I tracked the issue down to a problem with misconfigured DNS and Proxy servers. I was able to consistently avoid it by not using the proxy for this server (since it is in the intranet) and using a fully qualified machine name.
It is puzzling though, that most browsers (other than Mozilla) were able to somehow recover and bypass the issue. b. -----Original Message----- From: Melloni Bruno (Nokia-BI/Dallas) Sent: Tuesday, January 13, 2004 10:44 AM To: 'Tomcat Users List'; '[EMAIL PROTECTED]' Subject: RE: SSL failure with some browsers - Access denied by access control list Mixed results: - I got no debug messages when it failed even after setting log4j.logger.org.apache.tomcat.net=DEBUG. - By experimenting (afterwards) and placing the files in common/lib and common/classes instead of server/lib and server/classes and adding log4j.logger.org.apache.catalina.session.ManagerBase=INFO, RollFile I managed to eliminate the annoying (unrelated) bug in Tomcat 5 that gives the warning message: log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase). log4j:WARN Please initialize the log4j system properly. b. -----Original Message----- From: ext Bill Barker [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list Copy the log4j-1.2.8.jar and commons-logging.jar to $CATALINA_HOME/server/lib, and create a log4j.properties (or .xml) file in $CATALINA_HOME/server/classes with the logging level. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, January 12, 2004 9:24 AM Subject: RE: SSL failure with some browsers - Access denied by access control list Bill, Where do I find the place to set the debug level for 'org.apache.tomcat.net'? I apologize for bugging you with this. I already searched the Tomcat docs, the whole Tomcat 5.0 deployed tree, and the contents of the whole conf directory (including server.xml) but could not find where Tomcat hides the log4j config file (or for that matter even the commons-logging jar file!!!). I know it must be somewhere since the server does actually log its messages, but I can't find it. I am familiar with log4j and my application uses it. My application has log4j-1.2.8 in its lib directory and its own application-specific log4j configuration file, and it all works wonderfully. Except of course, for the usual annoying but innocuous well-known Tomcat bug (that no one knows how to fix) about the "log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase)" message. Bruno -----Original Message----- From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Bill Barker Sent: Friday, January 09, 2004 9:33 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list At a guess, those Mozilla versions don't support TLS, which is Tomcat's default SSL protocol. Whatever it is, try turning up your commons-logging debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty of messages in your Tomcat logs to help you figure out why Tomcat doesn't like Mozilla. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Problem: - Making any https call fails with the message "Forbidden. You were denied access because: Access denied by access control list.". - The failure happens even accessing https://<host>:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing (at least 1.4 and 1.5). - IE version succeeding (at least 6.0) - Netscape version succeeding (at least 4.5, 4.7, and I believe one of the 7.x versions). server.xml: (feel free to comment if you see something wrong even if unrelated) <Server port="8105" shutdown="SHUTDOWN" debug="0"> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" debug="0"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" debug="0"/> <GlobalNamingResources> <Environment name="simpleValue" type="java.lang.Integer" value="30"/> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved"> </Resource> <ResourceParams name="UserDatabase"> <parameter> <name>factory</name> <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> </parameter> <parameter> <name>pathname</name> <value>conf/tomcat-users.xml</value> </parameter> </ResourceParams> </GlobalNamingResources> <Service name="Catalina"> <Connector port="8089" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" disableUploadTimeout="true" /> <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> <Connector port="8109" enableLookups="false" redirectPort="8443" debug="0" protocol="AJP/1.3" /> <Engine name="Catalina" defaultHost="localhost" debug="0"> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/> <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/> </Host> </Engine> </Service> </Server> Bruno Melloni eBusiness Application Center, Americas Nokia, Inc 6000 Connection Drive, Mailstop 4w223 Irving, TX 75039 USA *Office: +1 (972)894-6120 *Cellular: +1 (469) 939-1067 * SMS: [EMAIL PROTECTED] * e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]