This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Tomcat and the fly likes configure ssl problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "configure ssl problem" Watch "configure ssl problem" New topic
Author

configure ssl problem

michael yue
Ranch Hand

Joined: Nov 20, 2003
Posts: 204
Hi
I am trying to install ssl on tomcat. I follow all the steps in the apache website. But when I hit https://localhost:8443 the error 12229 came out in the browser mozilla. Searched the web and found that its a bug in mozilla. So I try in IE from another client pc. https://xxx.xxx.xxx.xxx:8443 and the page not found came up. The xxx is the url of the server.

What should I do next to configure this ssl? The server is a Linux and tomcat version4.1.30
Thanks
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

have you tried just 'https://localhost' ?

There is no Apache web server in front ? This is tomcat stand-alone?
michael yue
Ranch Hand

Joined: Nov 20, 2003
Posts: 204
Hi

Yes I use tomcat only.
I rebooted the server and tried again on the server itself by typing localhost as you asked. I got the following pop up. The first pop up is

Website Certified by an unknown authority
Unable to verify identity of myserver as trusted site
Possible reasons for this eroor
-Your browser does not recognize the Certificate Authority that issued the site's cert
-The site's cert is incomplete due to server misconfiguration
-You are connected to site pretending to be myserver.

I click on grant for this session only and the below pop up came out.

Security Error: Domain name mismatch
You have attempted to establish a connection with "localhost". However the security cert presented belongs to "myserver"
It is possible that someone may be trying to intercept your communication with this website.

After i click OK finally the error code came out

localhost received an incorrect or unexpected message error code 12227

I perform this on mozilla browser 1.2.2
So is this a problem with the browser, the cert or I did something wrong with my configuration.
But when i acces the server from another pc using IE and typing https://localhostURL:443/ it came out page cannot display. Shouldn't it also pop up some security alert same as above? .

Thanks.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12759
    
    5
I think the browser should have accepted the certificate in spite of the name mismatch. I'm assuming you used keytool to create a self-signed certificate.
When you tried from another PC, it appears you used the 443 port instead of 8443.
I am also trying to get SSL working from a Linux installation of Tomcat and have run into various difficulties which would probably be very simple to an experienced Linux person. Sigh! what a learning curve....
michael yue
Ranch Hand

Joined: Nov 20, 2003
Posts: 204
I see that I am not the only one having problem installing tomcat on linux. Yes I use keytool to generate self singn cert. I tried using port 8443 to access the tomcat linux but unsuccessful so i change the port to 443 but still the same. The thing is, telnet to the ports is success but the browser cannot display. This is weird. I think I will try using another java version to try this ssl configuration. Maybe should get a linux expert advise here.
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

the problem is in the cert. Those two dialog pop-ups are what can be expected. The first one is because it's the first time you're receiving the certificate (so this proves you've configured tomcat ssl properly). The second error is because the name on the cert doesn't match what you typed into the browser. Well... I'm not a huge expert on SSL, but that's what I believe to be true.

SSL certs must be served from the exact domain for which they are created. So ... what if you typed in "http://myserver.com"; or better yet, try making a cert for "localhost" (if that's allowed). Esentially, what you type into the address bar, *must* match the URL for which the cert is generated.
michael yue
Ranch Hand

Joined: Nov 20, 2003
Posts: 204
I tried the solution by Mike but still the same result. The only improvement is that I didnt get the second pop up which is the domain name mismatch alert. The end of the error code is :
localhost received an incorrect or unexpected message error code 12229


Also I tried it with a lower version j2sdk1.4.2 Previously I used jdk1.5 and I end up cannot display any of the pages with these errors.

root cause

java.lang.UnsupportedClassVersionError: org/apache/jsp/index_jsp
(Unsupported major.minor version 49.0)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:539)
at java.lang.ClassLoader.defineClass(ClassLoader.java:448)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:215)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:131)
at
org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:497)
at


There are more to that. I just paste a part only.
Should I delete the whole tomcat and reinstall another one. Even the default index.jsp page for the tomcat and up with the error. I am in a dilemma. Whether to stick to jdk1.5 and try to debug or start fresh with another tomcat installation.
michael yue
Ranch Hand

Joined: Nov 20, 2003
Posts: 204
hi

Finally I solved this ssl problem. The trick is use j2sdk1.4.2_05 with tomcat 4.1.3. Don't use jdk1.5. Will have a big headache if not.
rahul khanna
Ranch Hand

Joined: Sep 14, 2005
Posts: 48
there is no problem with jdk1. 5. I can ur problem on using jdk1.5 was u had NOT changed JAVA_HOME. The problem comes when java_home s inot pointing to the correct location.
Swapan Mazumdar
Ranch Hand

Joined: Jul 23, 2003
Posts: 83
Originally posted by rahul khanna:
...I can ur problem on using jdk1.5 was u had NOT changed JAVA_HOME. The problem comes when java_home s inot pointing to the correct location.

Hi Rahul,

With due regards to you please can I advise you to have some sort of forum etiquette. Your post is a bunch of messed up words and shortcuts which only could be irritating.

I was smoothly cruising down the post chain when I bumped into your's and found it insulting.

Please be considerate.

Swapan
 
wood burning stoves
 
subject: configure ssl problem
 
Similar Threads
TOMCAT - SSL Configuration
clientAuth seems doesnot work in my case
Is here anyone have used the Yale's CAS SSO solution?pls help me,I am in puzzle!
enable https://localhost:8443 on JBuilder
Tomcat ssl configuration error