I'm trying to enable TLS (or SSL) in a Tomcat 5.5.29 server, on a Windows XP machine. Whatever I do, I always end up with a server that just delivers plain HTML on port 443, and it doesn't even try to use TLS. That is, I can connect to http://localhost:443/ and get the same as http://localhost/ and https://localhost/ just displays an "invalid response" error which makes perfect sense because the webserver isn't attempting TLS negotiation at all. So far, I've followed various recipes for creating a selfsigned key that Tomcat might want to use, but I am suspecting now that the key is not the problem at all, because there is no error whatsoever in the log files. All my attempts have by now been accompagnied by completely removing Tomcat, removing all left-over directories and installing it again before attempting anything else. The only change to the configuration is in conf/server.xml, I changed the connectors:
<!-- Define a non-SSL HTTP/1.1 Connector on port 80 --> <Connector port="80" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="2" maxSpareThreads="75" enableLookups="false" redirectPort="443" acceptCount="10" connectionTimeout="20000" disableUploadTimeout="true" /> <!-- Define a SSL HTTP/1.1 Connector on port 443 --> <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="2" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="10" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/server.ks" keystorePass="tomcat" /> All the rest is default, and yes, I removed the comment <!-- --> markers around this directive. In the catalina.2010-05-04.log file, I see the following output if I start the tomcat service: May 4, 2010 3:13:52 PM org.apache.catalina.core.AprLifecycleListener init INFO: Cannot find message associated with key aprListener.tcnValid May 4, 2010 3:13:52 PM org.apache.catalina.core.AprLifecycleListener init INFO: Cannot find message associated with key aprListener.flags May 4, 2010 3:13:52 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 May 4, 2010 3:13:52 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-443 May 4, 2010 3:13:52 PM org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 May 4, 2010 3:13:52 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 672 ms May 4, 2010 3:13:52 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina May 4, 2010 3:13:52 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.29 May 4, 2010 3:13:52 PM org.apache.catalina.core.StandardHost start INFO: XML validation disabled May 4, 2010 3:13:53 PM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 May 4, 2010 3:13:53 PM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-443 May 4, 2010 3:13:53 PM org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8009 May 4, 2010 3:13:53 PM org.apache.catalina.storeconfig.StoreLoader load INFO: Find registry server-registry.xml at classpath resource May 4, 2010 3:13:53 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 453 ms Changing the keystoreFile to "bogus" does not seem to provoke any error either. No other webserver or anything is listening on port 80 or 443. What am I missing? -- Mike This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message. Thank you for your co-operation. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org