On 23/07/2012 19:42, Sivasubramaniam, Latha wrote: > This issue got resolved, the private key was not present in the JKS file. > Once we got the pfx file from the customer and pointed to that in the > server.xml file, application started working. When we imported the > certificate (.cer file), keytool utility did not complain the private key is > not present. Also when browser makes a request there was no error messages/no > indication in the tomcat, there was no response from the tomcat server. Any > comments on this please.
Was Tomcat running? p > -Latha > > > -----Original Message----- > From: Sivasubramaniam, Latha > Sent: Wednesday, July 18, 2012 1:56 PM > To: 'Tomcat Users List' > Cc: Samala, Praveen; Pandurangan Krishnakumar > Subject: RE: Certificate chain does not seem to work and no errors in the > tomcat logs > > We tried with Firefox, that did not work either. > > -----Original Message----- > From: Sivasubramaniam, Latha > Sent: Wednesday, July 18, 2012 1:55 PM > To: 'Tomcat Users List' > Cc: Samala, Praveen; Pandurangan Krishnakumar > Subject: RE: Certificate chain does not seem to work and no errors in the > tomcat logs > > Connector string > > > <Connector port="9883" protocol="org.apache.coyote.http11.Http11NioProtocol" > maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="800" > enableLookups="false" disableUploadTimeout="true" acceptCount="200" > scheme="https" secure="true" clientAuth="false" URIEncoding="UTF-8" > keystoreFile="D:\Program Files (x86)\Aspect Software\Real-Time Reporting > Server\SunJVM\jre\lib\security\keystorertrself2048.jks" > keystorePass="changeit" keystoreType="JKS" /> > > Thanks, > Latha > > -----Original Message----- > From: Sivasubramaniam, Latha > Sent: Wednesday, July 18, 2012 9:26 AM > To: Tomcat Users List > Cc: Samala, Praveen; Pandurangan Krishnakumar > Subject: RE: Certificate chain does not seem to work and no errors in the > tomcat logs > > Thanks for your response Christopher. > > We have requested customer to install firefox. We are using SSL and I will > get the connector configuration once I get access to the system. > Log level is changed to FINE in the logging.properties but we don't seem to > get anything related to the certificate and the same when we start tomcat. I > will check the log contents and post if the relevant lines. > > Thanks, > Latha > > -----Original Message----- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, July 18, 2012 8:40 AM > To: Tomcat Users List > Subject: Re: Certificate chain does not seem to work and no errors in the > tomcat logs > > Latha, > > On 7/17/12 8:20 PM, Sivasubramaniam, Latha wrote: >> I am having issues with the SSL certificate chain the https requests >> from the IE8 browser does not get any response. Following are the >> details and any help is appreciated. This is in one of our customer >> implementation. > >> Tomcat version: 6.0.29 OS: Windows 2008 Browser: IE8 Ceritificate key >> size: 2048 and the server certificate is 4th level in the chain. > > What about other web browsers? Is it only MSIE8 that is giving you problems, > or can you not connect from any browser/client? > >> I have tried following different things. > >> * Imported chain and the server certificate to my keystore >> and set keystore properties in the server.xml > > Please post your <Connector> configuration. Also, are you using APR for SSL? > > When you imported the certificate chain, did you import all 4 certificates? > (You may not need the top-level CA one, as it was probably already trusted by > the JVM). > >> * Imported certificate chain to cacerts and imported >> server certificate to my own keystore and speficied keystore >> properties in the server.xml > >> * Imported certificate chain to my own trusted keystore in >> addition to the cacerts and server certificate to another keystore, >> specified both trustkeystore and keystore properties in the server.xml > >> None of the above is working. > >> I generated selfsigned certificate and that is working. > > That is good to know. > >> We have windows based components using the same certificate on the >> same server, certificates imported on to the windows certmgr and those >> components are working. But the same certificate is not working on the >> Java based components. > >> I do not see any errors in the tomcat logs. > > Do you get any output at all when you launch Tomcat? > >> How can I get additional logging to see what is happening? Is there >> any known issue with the certificate chain ( I did not find any in the >> bug list) > > You can change the log level from INFO to DEBUG or FINE. Look at > conf/logging.properties. > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
