Don, It's very strange that one works and the other does not especially since they're from the same CA and presenting the same information. (Just different common names) I can't connect to your external site [webadvisor] via Firefox 3.5 or Chrome 4.0 due to the fact that your CA's OCSP responder is down.[ Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202) ]. I have to disable OCSP in Firefox 3.5 to continue, but I do get a valid connection.
Has the error message changed at all since we've been working? Or are you still getting a response that relates to "Unknown Issuer"? On Wed, Aug 26, 2009 at 9:01 AM, Don Prezioso <dp...@ashland.edu> wrote: > Sal, > > Thanks again. > > When I connect using port 8443 or 443, or using the FQDN or the IP address, > I get the same response from the s_client request. > > The reason I am using port 8443 is so I don't have to have root running the > tomcat instance. My understanding was that you had to be root to allocate > ports under 1024. Just to have that extra little bit of security we have a > user 'tomcat' that runs the tomcat instances. I didn't want to have to > specify the port number in URLs, and we had some problems with people who > weren't able to connect out through their company's firewall on port 8443, > so we wanted to make it appear that they were connecting on port 443, but > really be using 8443. > > So, when I connect in a browser, I use https://webui.ashland.edu > > Don > >