Hi I am trying to install ssl on tomcat. I follow all the steps in the apache website. But when I hit https://localhost:8443 the error 12229 came out in the browser mozilla. Searched the web and found that its a bug in mozilla. So I try in IE from another client pc. https://xxx.xxx.xxx.xxx:8443 and the page not found came up. The xxx is the url of the server.
What should I do next to configure this ssl? The server is a Linux and tomcat version4.1.30 Thanks
There is no Apache web server in front ? This is tomcat stand-alone?
Joined: Nov 20, 2003
Yes I use tomcat only. I rebooted the server and tried again on the server itself by typing localhost as you asked. I got the following pop up. The first pop up is
Website Certified by an unknown authority Unable to verify identity of myserver as trusted site Possible reasons for this eroor -Your browser does not recognize the Certificate Authority that issued the site's cert -The site's cert is incomplete due to server misconfiguration -You are connected to site pretending to be myserver.
I click on grant for this session only and the below pop up came out.
Security Error: Domain name mismatch You have attempted to establish a connection with "localhost". However the security cert presented belongs to "myserver" It is possible that someone may be trying to intercept your communication with this website.
After i click OK finally the error code came out
localhost received an incorrect or unexpected message error code 12227
I perform this on mozilla browser 1.2.2 So is this a problem with the browser, the cert or I did something wrong with my configuration. But when i acces the server from another pc using IE and typing https://localhostURL:443/ it came out page cannot display. Shouldn't it also pop up some security alert same as above? .
I think the browser should have accepted the certificate in spite of the name mismatch. I'm assuming you used keytool to create a self-signed certificate. When you tried from another PC, it appears you used the 443 port instead of 8443. I am also trying to get SSL working from a Linux installation of Tomcat and have run into various difficulties which would probably be very simple to an experienced Linux person. Sigh! what a learning curve....
I see that I am not the only one having problem installing tomcat on linux. Yes I use keytool to generate self singn cert. I tried using port 8443 to access the tomcat linux but unsuccessful so i change the port to 443 but still the same. The thing is, telnet to the ports is success but the browser cannot display. This is weird. I think I will try using another java version to try this ssl configuration. Maybe should get a linux expert advise here.
the problem is in the cert. Those two dialog pop-ups are what can be expected. The first one is because it's the first time you're receiving the certificate (so this proves you've configured tomcat ssl properly). The second error is because the name on the cert doesn't match what you typed into the browser. Well... I'm not a huge expert on SSL, but that's what I believe to be true.
SSL certs must be served from the exact domain for which they are created. So ... what if you typed in "http://myserver.com"; or better yet, try making a cert for "localhost" (if that's allowed). Esentially, what you type into the address bar, *must* match the URL for which the cert is generated.
Joined: Nov 20, 2003
I tried the solution by Mike but still the same result. The only improvement is that I didnt get the second pop up which is the domain name mismatch alert. The end of the error code is : localhost received an incorrect or unexpected message error code 12229
Also I tried it with a lower version j2sdk1.4.2 Previously I used jdk1.5 and I end up cannot display any of the pages with these errors.
java.lang.UnsupportedClassVersionError: org/apache/jsp/index_jsp (Unsupported major.minor version 49.0) at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:539) at java.lang.ClassLoader.defineClass(ClassLoader.java:448) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:215) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:131) at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:497) at
There are more to that. I just paste a part only. Should I delete the whole tomcat and reinstall another one. Even the default index.jsp page for the tomcat and up with the error. I am in a dilemma. Whether to stick to jdk1.5 and try to debug or start fresh with another tomcat installation.
Joined: Nov 20, 2003
Finally I solved this ssl problem. The trick is use j2sdk1.4.2_05 with tomcat 4.1.3. Don't use jdk1.5. Will have a big headache if not.