If you are using SSL with Tomcat, you should probably read this. I got no responses to my earlier postings, but it's possible this could save you some time in the future. Or it could be that my experience is totally unique (but that is hard for me to believe).
I finally got SSL working with Tomcat by blowing away my keystore and starting over from scratch. I discovered some things along the way. Tomcat doesn't actually care if you have a key with an alias of 'tomcat'. I created a key (the only entry in the keystore) with an alias of 'woof' and Tomcat was quite happy with that. The SSL connector initialized fine. If you enter 'https://localhost:8443' (or whatever your SSL port is) in a browser and view the certificate, it will show the certificate with the alias of 'woof'. Now add another key with an alias of 'tomcat' and bring up the browser again and view the certificate. It will show the one with the alias of 'tomcat'. If you then delete all entries from the keystore and restart Tomcat, it will go into an infinite loop trying to initialize the SSL connector. Now add a key (any key) and it will come up, no problem. Tomcat appears to only care that you do have a keystore with at least one key in it. Doesn't really care what that key is, just a non-empty keystore to make it happy. I did save all of my existing keys before I blew away my keystore and started over. I imported them back into the new keystore and everything was fine. At first I thought that maybe a key was corrupted, but that does appear to be the case. I'm running Tomcat 5.0.27 & JDK 1.4.2_03. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
