Hi, I had removed myself from tomcat-user list so I have to email you personally.
When you start tomcat, add an option to JAVA_OPT to enable jsse debugging. It is stated in j2sdk documentation under security then jsse. I used it months ago. But I removed it after my connections were tested OK. So I forgot which option to use. Here is the link your.j2sdk.docs/guide/security/jsse/JSSERefGuide.html#Debug Regards, PQ -----Original Message----- From: Michael Jeffrey Tucker [mailto:[EMAIL PROTECTED] Sent: November 11, 2003 9:19 PM To: Tomcat Users List Subject: Debugging JSSE Hi, I am still trying to figure out what is going wrong with my client-side authentication. I've started using the OpenSSL command line tool to debug, rather than a web browser. From the command line I am running: OpenSSL> s_client -connect localbox:8443 -cert client.pem -CAfile ca.pem -state Which open an SSL connection to my Tomcat connector port, with the provided clientside cert and the cert for my CA. I am getting the following output: Loading 'screen' into random state - done CONNECTED(000002CC) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 /C=US/ST=Ma/L=Camb/O=MyCompany/OU=MyGroup/CN=ENDECA-CA/[EMAIL PROTECTED] verify return:1 depth=0 /C=US/ST=Ma/O=MyCompany/OU=MyGroup/CN=localbox verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write certificate verify A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:error in SSLv3 read finished A SSL_connect:error in SSLv3 read finished A write:errno=10054 But I can't figure out how to find a log of what is happening on the other side. I am using Tomcat 4.0.1 on a RedHat 7.3 system, but I don't know where to look to find the JSSE output. I have looked at the tomcat log files, and the catalina_log shows "The incoming request has been awaited" and "The incoming request has been assigned", but there is nothing in my access log or anything at all related to SSL or JSSE. If you have any suggestions on how to debug this problem, please let me know. Thanks, Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
