Hi, As I have told you before, those instructions are not working as expected against authority signed (not self-signed) certifcates.
You might have to go through mail-archive of tomcat users list to find more ways to solve this. I am sure there is a solution for this. Tomcat gurus, please help !!! Regards, D --- Julie McCabe <[EMAIL PROTECTED]> wrote: > Hello, > > Thanks for the advice, I had installed the APR as tomcat was failing to > shutting down in Windows without it. > > Since my overall objective is to use an existing X509 certificate signed by > an academic CA (not Versign or Thwate) I decided to try the openssl. I > followed the steps outlined in the > http://www.mail-archive.com/users%40tomcat.apache.org/msg02500.html > > I have an existing p12 file which is split into a key and a certificate, I > only performed the > openssl rsa -in userkey.pem -out server.key > command to replace the passphrase from the private key. > > I edited the conf/server.xml file as directed and pointed the > SSLCertificateFile to the usercert.pem file and the SSLCertificateKeyFile to > the generated server.key file. > > I started tomcat - no errors in the logs and when I try to connect on > https://localhost:8443 > I receive the following alert: > > "Could not establish an encrypted connection because the certificate > presented > by localhost is invalid or corrupted. Error Code: -8101" > > The CA root certificate whom has signed my certificate is loaded into the > browser (along with my certificate). > > It seems like its a problem with my certificates? > > Thanks, > Julie. > > > On Wednesday 08 March 2006 13:31, Dhaval Patel wrote: > > Hi, > > > > Based upon your description, I think you are trying to use JSSE way to > > enable SSL. Tomcat 5.5 has two ways to enable SSL: 1) JSSE 2) OpenSSL. > > > > If you are trying with JSSE, please remove tcnative-1.dll from your > > TOMCAT_HOME\bin directory. It should work fine. > > > > If you want to know how to do with OpenSSL, please go to: > > http://www.mail-archive.com/users%40tomcat.apache.org/msg02500.html > > > > Steps described in above URL are 100% working when you don't have > > Versign/Thwate signed certificate. It is not case here I believe. :) > > > > Let us know how it goes. > > > > Regards, > > D > > > > --- Julie McCabe <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > > > Ive configure SSL support as per documentation - I created the keystore > > > and a self - signed certificate with the default password, uncommented > > > the 8443 connector for https in the conf/server.xml file. > > > > > > The problem is that I cannot connect to https://localhost:8443 via the > > > browser, in the log file there are no errors and it appears as the 8443 > > > port is open as: > > > INFO: Starting Coyote HTTP/1.1 on http-8443 > > > > > > Nothing is logged to the log file when access to 8443 is attempted, the > > > browser processes and eventually times out with the following alert: > > > > > > The connection to localhost:8443 has terminated unexpectedly. Some data > > > may have been transferred. > > > > > > Environment: Java 1.5.0_04, Tomcat 5.5.12, Windows XP > > > > > > Regards, > > > Julie. > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
