Questions

Tomcat, APR native installation and SSL

+
0 Votes
Locked

Tomcat, APR native installation and SSL

jpb21k
I am using Tomcat 6.0 on Windows 2008 Server R2. Everything is running fine, except when third party SSL certificates are used. They flat out won't work.The https protocol does not connect.

I am not using JSSE. I have followed the instructions on the Apache tomcat website for APR native installations using APR native + OPENSSL.

Using a self-signed certificate, everything works fine.
  • +
    0 Votes
    cmatthews

    Does your ..\tomcat\conf\server.xml have:

    "Define an SSL HTTP/1.1 Connector on port 8083 for X.509 client authentication"

    Maybe you're missing something in W2008's firewall permissions..

    Also, there are 100+ Detailed Apache How-To articles here:
    http://www.howtoforge.com/howtos/apache

    Happy trails.. That kind of reading puts me to sleep! :-)

    +
    0 Votes
    jpb21k

    The problem was two fold:

    1. The incorrect type of was being issued by the cert provider. I ensured that an Apache SSL certifcate was being provided.

    2. I updated the server.xml with the new cert,restarted Tomcat 6 and all was good in the world.

    Thank you for the quick reply. It did make me review my firewall settings and cleanup some of the legacy stuff that was there.

  • +
    0 Votes
    cmatthews

    Does your ..\tomcat\conf\server.xml have:

    "Define an SSL HTTP/1.1 Connector on port 8083 for X.509 client authentication"

    Maybe you're missing something in W2008's firewall permissions..

    Also, there are 100+ Detailed Apache How-To articles here:
    http://www.howtoforge.com/howtos/apache

    Happy trails.. That kind of reading puts me to sleep! :-)

    +
    0 Votes
    jpb21k

    The problem was two fold:

    1. The incorrect type of was being issued by the cert provider. I ensured that an Apache SSL certifcate was being provided.

    2. I updated the server.xml with the new cert,restarted Tomcat 6 and all was good in the world.

    Thank you for the quick reply. It did make me review my firewall settings and cleanup some of the legacy stuff that was there.