SSL problem with Tomcat 5.5
Our web site has had an ssl certificate from Godaddy for the last two years. I'm trying to update the certificate because it just expired. After the expiration, before updating I was able to get to the main page, with a certificate error. After the update of the certificaste I'm not able to get to the https page at all. Environment is Windows 2003 server, Tomcat 5.5.9, Server.xml is set to redirect http (port 80) to port 443, and did work before. What I've done so far: Downloaded the server certificate, Godaddy certificates and recreated the keystore. No errors along the way. Verified that server.xml has the correct keystore file and password. Restarted Tomcat. Under webapps/root there is a redirector to send the browser to my other app's index.html. At this point I can open the http page, but if I try to open the https url I don't get anything. I'm open and would be very grateful for any suggestions. Thanks Bob Grabbe Michigan Proteome Consortium University of Michigan [EMAIL PROTECTED] _ If we knew what we were doing, it wouldn't be called research, would it ? --Albert Einstien
Re: SSL problem with Tomcat 5.5
Hi Bob There is a SSL checklist that starts with 1)installing and configuring JSSE (now comes with JDK.1.4 or 1.5) 2)a)create keystore b)import the certificate into just created keystore 3)uncomment the SSL Connector entry in $CATALINA_HOME/conf/server.xml and tweak keystoreFile to point to just created keystore http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html HTH/ Martin- - Original Message - From: Bob Grabbe [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Monday, November 26, 2007 1:04 PM Subject: SSL problem with Tomcat 5.5 Our web site has had an ssl certificate from Godaddy for the last two years. I'm trying to update the certificate because it just expired. After the expiration, before updating I was able to get to the main page, with a certificate error. After the update of the certificaste I'm not able to get to the https page at all. Environment is Windows 2003 server, Tomcat 5.5.9, Server.xml is set to redirect http (port 80) to port 443, and did work before. What I've done so far: Downloaded the server certificate, Godaddy certificates and recreated the keystore. No errors along the way. Verified that server.xml has the correct keystore file and password. Restarted Tomcat. Under webapps/root there is a redirector to send the browser to my other app's index.html. At this point I can open the http page, but if I try to open the https url I don't get anything. I'm open and would be very grateful for any suggestions. Thanks Bob Grabbe Michigan Proteome Consortium University of Michigan [EMAIL PROTECTED] _ If we knew what we were doing, it wouldn't be called research, would it ? --Albert Einstien - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL problem with Tomcat 5.5
Did all that, to no avail. As I said, it was working until the certificate expired, and the new certificate seems to have broken things, although I can't see anything wrong with it. What it looks like, actually, is that the server isn't processing the server.xml entries that redirect http to https. I can't see why, though. Bob Grabbe Umiversity of Michigan [EMAIL PROTECTED] _ Research is the process of going up alleys to see if they are blind. -- Marston Bates -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 2:02 PM To: Tomcat Users List Subject: Re: SSL problem with Tomcat 5.5 Hi Bob There is a SSL checklist that starts with 1)installing and configuring JSSE (now comes with JDK.1.4 or 1.5) 2)a)create keystore b)import the certificate into just created keystore 3)uncomment the SSL Connector entry in $CATALINA_HOME/conf/server.xml and tweak keystoreFile to point to just created keystore http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html HTH/ Martin- - Original Message - From: Bob Grabbe [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Monday, November 26, 2007 1:04 PM Subject: SSL problem with Tomcat 5.5 Our web site has had an ssl certificate from Godaddy for the last two years. I'm trying to update the certificate because it just expired. After the expiration, before updating I was able to get to the main page, with a certificate error. After the update of the certificaste I'm not able to get to the https page at all. Environment is Windows 2003 server, Tomcat 5.5.9, Server.xml is set to redirect http (port 80) to port 443, and did work before. What I've done so far: Downloaded the server certificate, Godaddy certificates and recreated the keystore. No errors along the way. Verified that server.xml has the correct keystore file and password. Restarted Tomcat. Under webapps/root there is a redirector to send the browser to my other app's index.html. At this point I can open the http page, but if I try to open the https url I don't get anything. I'm open and would be very grateful for any suggestions. Thanks Bob Grabbe Michigan Proteome Consortium University of Michigan [EMAIL PROTECTED] _ If we knew what we were doing, it wouldn't be called research, would it ? --Albert Einstien - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with Tomcat 5.5
On Nov 26, 2007 10:04 AM, Bob Grabbe [EMAIL PROTECTED] wrote: Our web site has had an ssl certificate from Godaddy for the last two years. I'm trying to update the certificate because it just expired. After the expiration, before updating I was able to get to the main page, with a certificate error. After the update of the certificaste I'm not able to get to the https page at all. Downloaded the server certificate, Godaddy certificates and recreated the keystore. ? That sounds a little off -- the keystore should have been created as a first step, followed by generating the certificate request to send off to GoDaddy. At this point I can open the http page, but if I try to open the https url I don't get anything. And the logs say ? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL problem with Tomcat 5.5
Not sure which logs would help, but I've attached a notepad file with excerpts. I didn't generate a new csr, I figured renewing the cert shouldn't need that. Do I need to go through that or should I be able to just renew it ? What I did after downloading the new certificates was 1. Stop tomcat 2. rename the old keystore file 3. run the keytool to import the new certificates. If there's a different sequence I should have used, I'll appreciate the input. Thanks Bob Grabbe Umiversity of Michigan [EMAIL PROTECTED] _ Research is the process of going up alleys to see if they are blind. -- Marston Bates -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 3:38 PM To: Tomcat Users List Subject: Re: SSL problem with Tomcat 5.5 On Nov 26, 2007 10:04 AM, Bob Grabbe [EMAIL PROTECTED] wrote: Our web site has had an ssl certificate from Godaddy for the last two years. I'm trying to update the certificate because it just expired. After the expiration, before updating I was able to get to the main page, with a certificate error. After the update of the certificaste I'm not able to get to the https page at all. Downloaded the server certificate, Godaddy certificates and recreated the keystore. ? That sounds a little off -- the keystore should have been created as a first step, followed by generating the certificate request to send off to GoDaddy. At this point I can open the http page, but if I try to open the https url I don't get anything. And the logs say ? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Catalina log INFO: Reloading context [] Nov 26, 2007 3:50:30 PM org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-80 Nov 26, 2007 3:50:30 PM org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-443 Nov 26, 2007 3:50:31 PM org.apache.catalina.core.StandardService stop INFO: Stopping service Catalina Nov 26, 2007 3:50:31 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-80 Nov 26, 2007 3:50:31 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-443 localhost log Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', '[Ljava.lang.String;@6db33c') Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextDestroyed() Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextDestroyed() Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', '[Ljava.lang.String;@159e6e8') Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', '[Ljava.lang.String;@1469658') Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', '[Ljava.lang.String;@1389b3f') Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextDestroyed() Nov 26, 2007 3:50:31 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextDestroyed() localhost access log\ 192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET / HTTP/1.1 200 121 192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/ HTTP/1.1 200 1876 192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/topFrame.htm HTTP/1.1 200 2420 192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/leftUserInfoPage.htm HTTP/1.1 200 10850 192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/images/NRPP.jpg HTTP/1.1 200 4814 192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/JS/md5.js HTTP/1.1 200 8827 192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/images/New_icons.gif HTTP/1.1 200 165 192.168.0.1 - - [26/Nov/2007:15:50:09 -0500] GET /prime/images/groups_bar.gif HTTP/1.1 200 2273 192.168.0.1 - - [26/Nov/2007:15:50:24 -0500] GET /prime/ HTTP/1.1 302 - 192.168.0.1 - - [26/Nov/2007:15:50:24 -0500] GET /prime/ HTTP/1.1 200 1876 192.168.0.1 - - [26/Nov/2007:15:50:24 -0500] GET /prime/leftUserInfoPage.htm HTTP/1.1 200 10850 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with Tomcat 5.5
On Nov 26, 2007 12:58 PM, Bob Grabbe [EMAIL PROTECTED] wrote: Not sure which logs would help, but I've attached a notepad file with excerpts. What would be best would be catalina.log at startup, showing whether the SSL connector started cleanly. And of course, any log entry relating specifically to an HTTPS request. I didn't generate a new csr, I figured renewing the cert shouldn't need that. Do I need to go through that or should I be able to just renew it ? Dunno about GoDaddy, but when I renew a Thawte cert for one of my sites, I have to generate a new cert request. So I just create a new keystore file, named something like keystore-example.com-2007, and use that for the new cert. HTH! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with Tomcat 5.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bob, Bob Grabbe wrote: Bob Grabbe Umiversity of Michigan Is that a typo or a joke? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHSzYC9CaO5/Lv0PARArXbAJ9V3d6jhE686lVHcdwGQFUOL3Lw6ACcDRcW 4ga2HL5DHhhgqY8eqbKAbuk= =4/EU -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL problem with Tomcat 5.5
OK, I've attached a new file with the startup. Unfortunately I'm not seeing anything in any logs that indicate any https requests. Just in case, what's the command to generate a new empty keystore file ? I've seen the notes on the tomcat docs for creating the csr, but I didn't do that this time. I might try it though, if I can get godaddy to go through the process with me again, Thanks Bob Grabbe University of Michigan [EMAIL PROTECTED] _ Research is the process of going up alleys to see if they are blind. -- Marston Bates -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 4:09 PM To: Tomcat Users List Subject: Re: SSL problem with Tomcat 5.5 What would be best would be catalina.log at startup, showing whether the SSL connector started cleanly. And of course, any log entry relating specifically to an HTTPS request. I didn't generate a new csr, I figured renewing the cert shouldn't need that. Do I need to go through that or should I be able to just renew it ? Dunno about GoDaddy, but when I renew a Thawte cert for one of my sites, I have to generate a new cert request. So I just create a new keystore file, named something like keystore-example.com-2007, and use that for the new cert. HTH! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] INFO: Initializing Coyote HTTP/1.1 on http-80 Nov 26, 2007 4:11:02 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-443 Nov 26, 2007 4:11:02 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1500 ms Nov 26, 2007 4:11:02 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Nov 26, 2007 4:11:02 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.9 Nov 26, 2007 4:11:02 PM org.apache.catalina.core.StandardHost start INFO: XML validation disabled Nov 26, 2007 4:11:03 PM org.apache.catalina.loader.WebappClassLoader validateJarFile INFO: validateJarFile(D:\jakarta-tomcat-5.5.9\jakarta-tomcat-5.5.9\webapps\prime\WEB-INF\lib\servlet-api.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class Nov 26, 2007 4:11:03 PM org.apache.catalina.loader.WebappClassLoader validateJarFile INFO: validateJarFile(D:\jakarta-tomcat-5.5.9\jakarta-tomcat-5.5.9\webapps\PRIMEInstallationSite\WEB-INF\lib\servlet-api.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class Nov 26, 2007 4:11:04 PM org.apache.struts.tiles.TilesPlugin initDefinitionsFactory INFO: Tiles definition factory loaded for module ''. Nov 26, 2007 4:11:04 PM org.apache.struts.validator.ValidatorPlugIn initResources INFO: Loading validation rules file from '/WEB-INF/validator-rules.xml' Nov 26, 2007 4:11:04 PM org.apache.struts.validator.ValidatorPlugIn initResources INFO: Loading validation rules file from '/WEB-INF/validation.xml' Nov 26, 2007 4:11:05 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-80 Nov 26, 2007 4:11:05 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-443 Nov 26, 2007 4:11:05 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Nov 26, 2007 4:11:05 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/16 config=null Nov 26, 2007 4:11:05 PM org.apache.catalina.storeconfig.StoreLoader load INFO: Find registry server-registry.xml at classpath resource Nov 26, 2007 4:11:05 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 3188 ms - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with Tomcat 5.5
On Nov 26, 2007 1:48 PM, Bob Grabbe [EMAIL PROTECTED] wrote: OK, I've attached a new file with the startup. Unfortunately I'm not seeing anything in any logs that indicate any https requests. mmm. Are you sure nothing else changed, firewall-wise? You might want to turn on the Request Dumper Valve to make sure requests are actually reaching TC. :-) Just in case, what's the command to generate a new empty keystore file ? I've seen the notes on the tomcat docs for creating the csr, but I didn't do that this time. It's all there in the SSL how-to. I'd just try it from scratch, maybe first with a self-signed cert and then go back to your cert vendor. -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with Tomcat 5.5
Good Evening Bob Implementing webapps is similar to setting up a scientific experiment..you need to complete ALL the steps outlined in order or nothing works The SSL checklist that starts with 1)installing and configuring JSSE (now comes with JDK.1.4 or 1.5) 2)a)create keystore Did you create the keystore as explained Yes or No? b)import the certificate into just created keystore Did you import the certificate into the keystore Yes or No? 3)uncomment the SSL Connector entry in $CATALINA_HOME/conf/server.xml and edit keystoreFile to point to just created keystore Did you edit the connector to make sure keyStoreFile points to the new keystore Yes or No? finally read this url and verify you understand everything you see in the embodied page http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html Did you read all of this Yes or No? Do you understand everything that is explained here? If there is something in this process that is undocumented or poorly documented PLEASE let us know. HTH/ Martin- - Original Message - From: Bob Grabbe [EMAIL PROTECTED] To: 'Tomcat Users List' users@tomcat.apache.org Sent: Monday, November 26, 2007 4:48 PM Subject: RE: SSL problem with Tomcat 5.5 OK, I've attached a new file with the startup. Unfortunately I'm not seeing anything in any logs that indicate any https requests. Just in case, what's the command to generate a new empty keystore file ? I've seen the notes on the tomcat docs for creating the csr, but I didn't do that this time. I might try it though, if I can get godaddy to go through the process with me again, Thanks Bob Grabbe University of Michigan [EMAIL PROTECTED] _ Research is the process of going up alleys to see if they are blind. -- Marston Bates -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 4:09 PM To: Tomcat Users List Subject: Re: SSL problem with Tomcat 5.5 What would be best would be catalina.log at startup, showing whether the SSL connector started cleanly. And of course, any log entry relating specifically to an HTTPS request. I didn't generate a new csr, I figured renewing the cert shouldn't need that. Do I need to go through that or should I be able to just renew it ? Dunno about GoDaddy, but when I renew a Thawte cert for one of my sites, I have to generate a new cert request. So I just create a new keystore file, named something like keystore-example.com-2007, and use that for the new cert. HTH! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with Tomcat 5.5
To ensure you have a valid keystore with the included private key and a refer to an alias 'tomcat' I recommend strongly to create a new keystore as described in the reference (see links in other answer mails). At least you can create a self-signed certificate if you don't need one signed by a trusted CA. To check if SSL is running you can test it from a Linux or Unix box with installed OpenSSL with the following command: echo -e GET /jsp-examples/index.jsp HTTP/1.0\r\n\r\n|openssl s_client -connect localhost:8443 -ssl3 -debug -quiet Replace URI-context and welcome file, replace hostname and port if neccessary, change SSL mode to ssl2 or tsl as needed Johann - Original Message - From: Bob Grabbe [EMAIL PROTECTED] To: 'Tomcat Users List' users@tomcat.apache.org Sent: Monday, November 26, 2007 10:48 PM Subject: RE: SSL problem with Tomcat 5.5 OK, I've attached a new file with the startup. Unfortunately I'm not seeing anything in any logs that indicate any https requests. Just in case, what's the command to generate a new empty keystore file ? I've seen the notes on the tomcat docs for creating the csr, but I didn't do that this time. I might try it though, if I can get godaddy to go through the process with me again, Thanks Bob Grabbe University of Michigan [EMAIL PROTECTED] _ Research is the process of going up alleys to see if they are blind. -- Marston Bates -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 4:09 PM To: Tomcat Users List Subject: Re: SSL problem with Tomcat 5.5 What would be best would be catalina.log at startup, showing whether the SSL connector started cleanly. And of course, any log entry relating specifically to an HTTPS request. I didn't generate a new csr, I figured renewing the cert shouldn't need that. Do I need to go through that or should I be able to just renew it ? Dunno about GoDaddy, but when I renew a Thawte cert for one of my sites, I have to generate a new cert request. So I just create a new keystore file, named something like keystore-example.com-2007, and use that for the new cert. HTH! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with Tomcat 5.5
In my case, apache is in the front as a load balancer (JK module). I read an instruction that says SSL is only needed between client and Apache, but SSL is not configured between apache and tomcat. I am using JBOSS 4.2.2. In my environment, the security between apache and tomcat is a concern. How to configure SSL all the way between client -- Apache -- Tomcat? Thanks! dave Schadler Johann [EMAIL PROTECTED] wrote: To ensure you have a valid keystore with the included private key and a refer to an alias 'tomcat' I recommend strongly to create a new keystore as described in the reference (see links in other answer mails). At least you can create a self-signed certificate if you don't need one signed by a trusted CA. To check if SSL is running you can test it from a Linux or Unix box with installed OpenSSL with the following command: echo -e GET /jsp-examples/index.jsp HTTP/1.0\r\n\r\n|openssl s_client -connect localhost:8443 -ssl3 -debug -quiet Replace URI-context and welcome file, replace hostname and port if neccessary, change SSL mode to ssl2 or tsl as needed Johann - Original Message - From: Bob Grabbe To: 'Tomcat Users List' Sent: Monday, November 26, 2007 10:48 PM Subject: RE: SSL problem with Tomcat 5.5 OK, I've attached a new file with the startup. Unfortunately I'm not seeing anything in any logs that indicate any https requests. Just in case, what's the command to generate a new empty keystore file ? I've seen the notes on the tomcat docs for creating the csr, but I didn't do that this time. I might try it though, if I can get godaddy to go through the process with me again, Thanks Bob Grabbe University of Michigan [EMAIL PROTECTED] _ Research is the process of going up alleys to see if they are blind. -- Marston Bates -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 4:09 PM To: Tomcat Users List Subject: Re: SSL problem with Tomcat 5.5 What would be best would be catalina.log at startup, showing whether the SSL connector started cleanly. And of course, any log entry relating specifically to an HTTPS request. I didn't generate a new csr, I figured renewing the cert shouldn't need that. Do I need to go through that or should I be able to just renew it ? Dunno about GoDaddy, but when I renew a Thawte cert for one of my sites, I have to generate a new cert request. So I just create a new keystore file, named something like keystore-example.com-2007, and use that for the new cert. HTH! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Get easy, one-click access to your favorites. Make Yahoo! your homepage.