My experience was using IIS with Tomcat was very slow and it is pain in the neck to use tackle with ISAPI connector and the rest.. It is better to have either Apache or directly use Tomcat servers
-----Original Message----- From: Robert J. Sanford, Jr. [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 6:11 PM To: [EMAIL PROTECTED] Subject: Installing IIS Certificates in Tomcat? I'm running Tomcat inside of jboss-3.2.1_tomcat-4.1.24 but I think the issue will be the same independent of that. The platform is Win2K SP3. The plan is to use Tomcat's HTTP server instead of IIS with the AJP ISAPI connector. Since all requests are being handled by servlets with no static content why even get IIS involved? Anyway... I attempted to take an existing certificate whose request was generated by IIS and import it into a keystore and use that as the basis for my SSL crypto. When I attempted to connect via IE the connection failed (a site not found error) and the exception tree at the bottom of this message was generated. I spent a lot of time reading the JBoss SSL docs, reading the Tomcat SSL docs, searching the Tomcat and JBoss archives, playing with my configuration, trying to figure out what ciphers were installed, making sure that the CA certificate (for testing we use an internal CA) was imported into the keystore, etc., etc., etc. None of it worked. Everything resulted in the exception chain below or something similar. Finally I just decided to go through the instructions for generating a new local key, a new certificate request, get the certificate from my internal certificate authority and import everything into a new keystore. It worked with a minor warning saying that the machine name on the certificate did not match the actual machine name. I'm not sure how to resolve that immediately but I don't see that as a major issue right now since this is only for testing purposes. My big questions are: 1) Is there any way that I can import an existing certificate that was generated based on a request originated in IIS into my keystore and have that be accepted by Tomcat? 2) Or, do I have to go to my IT manager and tell him that he needs to go to Verisign and get additional certificates for IP addresses that we already have certificates for? 3) Or, should I just use IIS and the existing certificates to front Tomcat? Many thanks for the assist! rjsjr 2003-08-07 14:22:55,919 DEBUG [org.apache.tomcat.util.net.PoolTcpEndpoint] Handshake failed javax.net.ssl.SSLHandshakeException: no cipher suites in common at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactor y.java:290) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:540) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:619) at java.lang.Thread.run(Thread.java:536) 2003-08-07 14:22:55,939 DEBUG [org.apache.tomcat.util.net.PoolTcpEndpoint] Handshake failed javax.net.ssl.SSLException: Unsupported SSL v2.0 ClientHello at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA6275) at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactor y.java:290) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:540) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:619) at java.lang.Thread.run(Thread.java:536) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
