RE: How to check whether a SSL certificate has been correctly installed

2012-10-09 Thread Tom Anthony
Thank you so much, I wanted to double check.




--
View this message in context: 
http://tomcat.10.n6.nabble.com/How-to-check-whether-a-SSL-certificate-has-been-correctly-installed-tp4987669p4987690.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: How to check whether a SSL certificate has been correctly installed

2012-10-09 Thread Tom Anthony
Great information Christopher, thank you for your help.



--
View this message in context: 
http://tomcat.10.n6.nabble.com/How-to-check-whether-a-SSL-certificate-has-been-correctly-installed-tp4987669p4987692.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



How to check whether a SSL certificate has been correctly installed

2012-10-08 Thread Tom Anthony
Hi,

I just installed a third party certificate on Tomcat and was wondering
whether there was a way to check with confidence that the ceritiftcae has
been installed correctly on the server and that all communications between
client and server are encrypted.

Thanks for your help.



--
View this message in context: 
http://tomcat.10.n6.nabble.com/How-to-check-whether-a-SSL-certificate-has-been-correctly-installed-tp4987669.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: How to check whether a SSL certificate has been correctly installed

2012-10-08 Thread Adamus, Steven J.
Tom, 

Most if not all browsers let you view the certificate that was received
from the web server. You won't receive one unless you have an https
connection. If you can view it and verify it's the correct one, then
it's been installed correctly and the connection is encrypted. 

Steve

-Original Message-
From: users-return-237053-STEVEN.J.ADAMUS=saic@tomcat.apache.org
[mailto:users-return-237053-STEVEN.J.ADAMUS=saic@tomcat.apache.org]
On Behalf Of Tom Anthony
Sent: Monday, October 08, 2012 2:36 AM
To: users@tomcat.apache.org
Subject: How to check whether a SSL certificate has been correctly
installed

Hi,

I just installed a third party certificate on Tomcat and was wondering
whether there was a way to check with confidence that the ceritiftcae
has been installed correctly on the server and that all communications
between client and server are encrypted.

Thanks for your help.



--
View this message in context:
http://tomcat.10.n6.nabble.com/How-to-check-whether-a-SSL-certificate-ha
s-been-correctly-installed-tp4987669.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: How to check whether a SSL certificate has been correctly installed

2012-10-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom,

On 10/8/12 5:35 AM, Tom Anthony wrote:
 I just installed a third party certificate on Tomcat and was
 wondering whether there was a way to check with confidence that the
 ceritiftcae has been installed correctly on the server and that all
 communications between client and server are encrypted.

A couple of ways:

1. Connect via a web browser: use the https:// protocol. If the server
is speaking HTTP then you'll get an error message.

2. Use sslscan (http://www.titania.co.uk ; some Linux distros have it
in their package management systems). Just run sslscan [hostname]

3. https://www.ssllabs.com/ - use their test my website tool at the
bottom of their home page. It tells you about your certificates --
including making sure that you have a full cert chain and that the
certs are in the right order). It also tells you about other things
like if you are susceptible to BEAST and CRIME, and gives you a
grade based upon criteria I can't quite discern.

4. Use openssl's s_client:

   $ openssl s_client -connect hostname:port

It will give you some diagnostic information and actually let you
issue an HTTP request: it's pretty much 'telnet' except that it
tunnels it through SSL.

I'm sure there are other ways, too.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBzHoEACgkQ9CaO5/Lv0PADEACfcpk6Unx5E7loXtzLnB6UAtT7
Lm0AoKzuRAHpSGKuynGMaw/vGaqMEtq4
=JLtL
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org