I've installed Firefox 2.0 and I get the error: "Firefox can't connect securely to upm.knoa.com because the site uses a security protocol which isn't enabled"
So... I changed sslProtocol="TLS" to sslProtocol="SSL" and restarted the service. I get the same error. Meanwhile, with Internet Explorer, I turned off friendly error messages, and loaded the page. Instead of a "page not found" I get a blank page. Interesting. Next I tried the validator, a tool from here: http://validator.w3.org/ Great tool. It reports the following error: 500 SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher Any ideas? I'm going to try re-importing the original certificate in PKCS12 format... Michael Casale Systems Administrator / IT Manager Knoa Software [EMAIL PROTECTED] Ph. (212) 807-9608 ext. 6000 Fax (212) 675-6121 -----Original Message----- From: Mark Eggers [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 6:35 PM To: Tomcat Users List Subject: Re: SSL not working on Tomcat Did you try this with Firefox? IE has some problems with no-cache in the header or as a pragma. Later versions of Tomcat 5.5 set this. There is a mailing list thread concerning this: http://marc.theaimsgroup.com/?t=111806756600008&r=1&w=2 along with some solutions. Hope this helps. /mde/ just my two cents . . . . --- Michael Casale <[EMAIL PROTECTED]> wrote: > Howdy all, > > I'm struggling through setting up Tomcat with SSL on > a Windows 2003 > server, and even when I get the server running, with > no errors in the > logs when restarting the tomcat service, all I get > is a "Page Not Found" > error when I point to the ssl port on the server. > Pointing to the > default connector on port 8080 works fine. > > Here's a little background: > > 1. Using keytool, I created a certificate request, > sent it off to > Geotrust, and purchased a cert to import. It was > emailed to me. > 2. Following the recommendations of geotrust > (http://www.geocerts.com/support/install/install_tomcat.php > ) , I > downloaded their root cert, imported it, converted > their cert to DER > format (on a separate Linux box), and imported it > into the keystore. > 3. I restarted the Tomcat service with no errors, > see the connector > started on port 8443: > > Nov 7, 2006 4:55:35 PM > org.apache.coyote.http11.Http11BaseProtocol init > > INFO: Initializing Coyote HTTP/1.1 on http-8080 > > Nov 7, 2006 4:55:35 PM > org.apache.coyote.http11.Http11BaseProtocol init > > INFO: Initializing Coyote HTTP/1.1 on http-8443 > > Nov 7, 2006 4:55:35 PM > org.apache.catalina.startup.Catalina load > > INFO: Initialization processed in 812 ms > > Nov 7, 2006 4:55:35 PM > org.apache.catalina.core.StandardService start > > INFO: Starting service Catalina > > Nov 7, 2006 4:55:35 PM > org.apache.catalina.core.StandardEngine start > > INFO: Starting Servlet Engine: Apache Tomcat/5.5.12 > > Nov 7, 2006 4:55:35 PM > org.apache.catalina.core.StandardHost start > > INFO: XML validation disabled > > Nov 7, 2006 4:55:36 PM > org.apache.coyote.http11.Http11BaseProtocol start > > INFO: Starting Coyote HTTP/1.1 on http-8080 > > Nov 7, 2006 4:55:36 PM > org.apache.coyote.http11.Http11BaseProtocol start > > INFO: Starting Coyote HTTP/1.1 on http-8443 > > Nov 7, 2006 4:55:37 PM > org.apache.jk.common.ChannelSocket init > > INFO: JK: ajp13 listening on /0.0.0.0:8009 > > Nov 7, 2006 4:55:37 PM org.apache.jk.server.JkMain > start > > INFO: Jk running ID=0 time=0/31 config=null > > Nov 7, 2006 4:55:37 PM > org.apache.catalina.storeconfig.StoreLoader load > > INFO: Find registry server-registry.xml at classpath > resource > > Nov 7, 2006 4:55:37 PM > org.apache.catalina.startup.Catalina start > > INFO: Server startup in 1203 ms > > Now, opening any page on the server at > http://servername:8080 > <http://servername:8080/> works fine, but > https://servername:8443 > <https://servername:8443/> doesn't work. All ports > are opened through > the firewall, etc. Same for https://localhost:8443 > <https://localhost:8443/> . > > Here is the server.xml file entry for the connector: > > <Connector > className="org.apache.coyote.tomcat5.CoyoteConnector" > > port="8443" minProcessors="5" maxProcessors="20" > > enableLookups="true" disableUploadTimeout="true" > > acceptCount="100" debug="0" scheme="https" > secure="true" > > sslProtocol="TLS" > > keystoreFile="c:\files\tomcat" > > keystorePass="THEPASS"/> > > > > According to the Tomcat SSL documentation, I need to > have the root cert > and the purchased cert in the keystore file, and I > need to use the > keyAlias to tell Tomcat which one to use. But > whenever I add in the > keyAlias entry it gives me the "Alias name tomcat > does not identify a > key entry" error in the logs. > > If I could find out how to enable better logging I > may be able to > troubleshoot this further. ________________________________________________________________________ ____________ Want to start your own business? Learn how on Yahoo! Small Business. http://smallbusiness.yahoo.com/r-index --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]