Server = Windows 2003 Server w/Service Pack 1 (IIS Admin is running just to host the IIS FTP Server, the World Wide Web Service is not running)
Tomcat version = 5.5.12 OpenSSL version = 0.9.8 (I believe) jre1.5.0_05 I ordered a Geotrust QuickSSL cert for the common name calendar.wheatoncollege.edu and once issued I followed all of GeoTrust's instructions for creating the keystore (I kept the password set to the default of "changeit"). I uncommented the section of the server.xml file that has the Connector tag for the SSL listener. I tried having it listen on 8443, the default, and I tried switching it over to 443 and with every change I made I stopped and started the Tomcat Windows service. I can connect perfectly fine to port 8080 with http but whenever I try https://calendar.wheatoncollege.edu:8443 (or 443, depending on what port I am trying at the time) the client says it is connecting but after about a minute or so it throws the error "The connection to calendar.wheatoncollege.edu has terminated unexpectedly. Some data may have been transferred." (This error occurs when using Firefox on a PC). The same thing happens with Internet Explorer, it takes a bit then throws an error. I used netstat and TCPView on the server and sure enough the client has an established connection to that port, and the port is listening. (By the way, I shut off the local Windows firewall and disabled McAfee Enterprise VirusScan version 8.0i). I ended up speaking with the Geotrust techs and had them remote desktop in to the server and they tried using the keystore file I generated and they created their own for this server to test. They said they put Tomcat into debug mode (which I do not know how they did this) but they said everything configuration-wise looks great and they apologized for not being able to get the cert to work... that one kind of freaked me out. The server does have 2 NIC cards so I tried disabling the 2nd NIC and restarting Tomcat but with no luck, same thing, connects and times out. I also had an entry in the local c:\WINDOWS\system32\drivers\etc\hosts file for both NICS because of the backup software we use, I tried removing those entries and doing an "ipconfig /flushdns" command, then restarted Tomcat but with no luck. I then tried following the directions on the Tomcat SSL HowTO page to create a self signed cert. I created .keystore file and my <Connector> tag looks like this (I used the default password of "changeit"). <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="F:\ssl_files\.keystore" /> I then restarted Tomcat, still no luck. One other thing, calendar.wheatoncollege.edu is just a DNS CNAME alias so I tried creating a self signed cert for the server's real name in DNS, mmserver2.wheatonma.edu but still no dice. I am really at a loss. I never see any errors or info in the Windows Event Viewer but it is fairly useless for troubleshooting anyway. Any help would be greatly appreciated. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
