Michael, I may have missed something, but did you install your certificate reply into your keystore? I can't see any account of that been done. I also agree that you need to install the CA root certificate in your keystore as well. You need to have the full trust chain in your keystore.
Another thought is to configure your server.xml slightly differently. You may want to try the following to get you going: <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"> <Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="c:\files\tomcat" keystorePass="THEPASS" /> </Connector> Hope that helps. Regards, Andrew -----Original Message----- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, 9 November 2006 9:02 AM To: Tomcat Users List Subject: Re: SSL not working on Tomcat -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael, Michael Casale wrote: > I've installed Firefox 2.0 and I get the error: > > "Firefox can't connect securely to upm.knoa.com because the site uses a > security protocol which isn't enabled" > > So... I changed sslProtocol="TLS" to sslProtocol="SSL" and restarted the > service. I get the same error. Wow. Sounds like something is seriously screwed up. Have you tried a different client machine? Perhaps one of your SSL libraries is hosed. Have you tried re-installing Tomcat? Perhaps one of TC's SSL libraries is hosed. If all else fails, I would run something like memtest86 on your server to see if the memory is okay. It's tough to do all this crypto stuff and not have an exception when the littlest thing goes wrong, so something is definitely amiss. It's not like Sun invented a new SSL protocol and didn't tell anyone about it ;) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUlPC9CaO5/Lv0PARAiljAJ9auqO2pfKdS9+zimV5hFhJR2zn2wCfZkY5 KP4Xe5Do8g1iS9+EYc0LqvA= =QizN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]