Hi Hassan, yes, but ... that says nothing about the key format (pem vs der? SHA1/SHA2) and there is an awful lot of actually conflicting instructions out there. It took a while to realise that the private key is "in" the keystore, and that recreating the keystore means you have to start again with a new csr. I have also seen that keytool will import pem files quite happily, so I guess these instructions are correct and not out of date as I originally thought.
Given I seem to have a working keystore, and I have checked and rechecked my ssl tomcat configuration, and my setup works with http connections, I'd much prefer to debug what I have rather than start again. Particularly as reconstructing the keystore will cost me, if not money, at least respect from my certificate provider support people. Debugging is apparently done using -Djavax.net.debug=all -Djavax.net.debug=ssl:handshake:data on the startup script (thanks Martin) - trying now... P On 21 December 2016 at 14:31, Hassan Schroeder <hassan.schroe...@gmail.com> wrote: > On Wed, Dec 21, 2016 at 1:22 AM, Peter Wallis <pwal...@acm.org> wrote: > > > Can someone point me to the official how-to debug ssl issues on tomcat? > > Did you follow the steps in this documentation? > > http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html > > -- > Hassan Schroeder ------------------------ hassan.schroe...@gmail.com > twitter: @hassan > Consulting Availability : Silicon Valley or remote > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
