Ok, after much beating of my head against my desk, I think I have figured it out. In the tomcat-ssl-howto, the keytool program is used at the beginning of the process, and at the end of the process. What appears to have been forgotten is that the second time keytool is used, it needs to be run against the cacerts keystore as opposed to the user's keystore. This adds the certificate created to the list of trusted CAs, which allows tomcat to present the certificate to the browser. Of course there will be the usual warnings about the domain name not matching and such, but it appears to work. If I am wrong with this, please let me know. Dion Vansevenant Internetwork Administrator MRO.com |--------+-------------------------> | | Dion_Vansevenan| | | [EMAIL PROTECTED] | | | | | | 20/12/2000 | | | 11:06 | | | Please respond | | | to tomcat-user | | | | |--------+-------------------------> >--------------------------------------------------------------------| | | | To: [EMAIL PROTECTED] | | cc: (bcc: Dion Vansevenant/PSDI) | | Subject: Tomcat 3.2.1 binary standalone + SSL - Reworded | >--------------------------------------------------------------------| Ok, let's ask this. Has the current binary for Tomcat 3.2.1 been compiled to use JSSE? I've seen posts in the archive that indicate previous binaries were not, but that may have been during beta. I am using the Tomcat 3.2.1 binary which I downloaded on Monday. We want a standalone configuration as all of our pages are jsp, no static pages at all, thus no real need for Apache. I can get the standard connection at port 8080 to work, but when I try to connect vis SSL with IE5 I get a blank certificates dialog box asking me to choose a certificate. I have followed the intsructions in the tomcat-ssl-howto and in server.xml. What have I missed? The tomcat-ssl-howto mentions something about a selfSign.pem, but doesn't say anything about creating it, or where to put it, or anything. I told keytool that I wanted my keystore to be /usr/local/tomcat/conf/keystore and it created that file in that directory. Everything else seems to be ok. When I hit the https address (https://ip.add.re.ss:8443/examples/jsp/index.htm) tomcat reports: 2000-12-20 10:50:21 - Ctx( ): 400 R( /) null 2000-12-20 10:50:21 - Ctx( ): IOException in: R( /) Socket closed I've set the logging in server.xml to DEBUG for all three log files, but nothing additional seems to be recorded in the logs. Any suggestions? Thanks in advance. Dion Vansevenant Internetwork Administrator MRO.com
