Hi, I have been having a problem with getting tomcat 3.2.1 to work with SSL in standalone. Previously we had used Apache for our SSL, but have had some difficulties with this lately. Due to the fact that SSL was the only thing we used Apache for, we decided to investigate running SSL on tomcat standalone.
If I generate a self signed certificate using the keytool in jdk 1.3, I can run ssl on tomcat standalone. The problem arises when I then generate a certificate signing request and send it to our certificate provider. They return a signed certificate which I then install, according to the instructions given both in the tomcat docs and in the keytool docs. This seems ok, but on closer examination of the SSL connection between tomcat and the browser, I see that it is the original self signed certificate which is being used to run the connection, the valid (and expensive!) real certificate is having no influence on the process. I can remove the paid for cert and ssl still works, I can then replace it and then remove the self signed cert and ssl breaks. >From browsing the tomcat docs and searching the archives of this list it appears that many people have had this problem, but none of the solutions offered have been satisfactory for me. We may at this stage revert to letting Apache do the SSL, but we feel as though we are very close to getting tomcat to work and this would provide us with a neater solution. Does anyone know of any standalone tomcat ssl installations that are using commercially signed certificates rather than the self signed certificates generated by the keytool? By the way I have taken a look at the page http://www.comu.de/docs/tomcat_ssl.jsp which is cited several times in the documentation. It provides an alternative to keytool for importing the keypair initially generated. This also did not work for me, even though I followed the instructions exactly. My operating system is windows 2000 pro, I have tried IE6 and Netscape 6 and 7 browsers. Tomcat version is 3.2.1, although I have tried 4.1.18, but not to the same extent. We would be happy to upgrade to 4.1.18 if it will solve our problem. With Netscape the errors are more useful, the certificate is loaded from the server, I can examine it and all appears well, but then an error code -12227 is displayed when I click the ok button. IE just gives a page cannot be displayed error. The tomcat console displays the following 2 lines for each attempt to connect: 2003-03-26 11:35:02 - Ctx( ): 400 R( /) null 2003-03-26 11:35:02 - Ctx( ): IOException in: R( /) Socket closed Any help on this would be greatly appreciated, not only by me as I think there are plenty of other users out there experiencing similar difficulty. Apologies for the long mail, but I wanted to get as much detail in as possible. Regards Anthony Nolan This E-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify us immediately and delete this E-mail from your system. Thank you. It is possible for data transmitted by email to be deliberately or accidentally corrupted or intercepted. For this reason, where the communication is by E-mail, the Big Picture Group does not accept any responsibility for any breach of confidence which may arise through the use of this medium. Opinions, conclusions and other information in this message that do not relate to the official business of Big Picture Group shall be understood as neither given nor endorsed by it. This footnote also confirms that this email message has been swept for the presence of known computer viruses. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
