• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

configure ssl problem

 
Ranch Hand
Posts: 204
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
I am trying to install ssl on tomcat. I follow all the steps in the apache website. But when I hit https://localhost:8443 the error 12229 came out in the browser mozilla. Searched the web and found that its a bug in mozilla. So I try in IE from another client pc. https://xxx.xxx.xxx.xxx:8443 and the page not found came up. The xxx is the url of the server.

What should I do next to configure this ssl? The server is a Linux and tomcat version4.1.30
Thanks
 
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
have you tried just 'https://localhost' ?

There is no Apache web server in front ? This is tomcat stand-alone?
 
michael yue
Ranch Hand
Posts: 204
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

Yes I use tomcat only.
I rebooted the server and tried again on the server itself by typing localhost as you asked. I got the following pop up. The first pop up is

Website Certified by an unknown authority
Unable to verify identity of myserver as trusted site
Possible reasons for this eroor
-Your browser does not recognize the Certificate Authority that issued the site's cert
-The site's cert is incomplete due to server misconfiguration
-You are connected to site pretending to be myserver.

I click on grant for this session only and the below pop up came out.

Security Error: Domain name mismatch
You have attempted to establish a connection with "localhost". However the security cert presented belongs to "myserver"
It is possible that someone may be trying to intercept your communication with this website.

After i click OK finally the error code came out

localhost received an incorrect or unexpected message error code 12227

I perform this on mozilla browser 1.2.2
So is this a problem with the browser, the cert or I did something wrong with my configuration.
But when i acces the server from another pc using IE and typing https://localhostURL:443/ it came out page cannot display. Shouldn't it also pop up some security alert same as above? .

Thanks.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think the browser should have accepted the certificate in spite of the name mismatch. I'm assuming you used keytool to create a self-signed certificate.
When you tried from another PC, it appears you used the 443 port instead of 8443.
I am also trying to get SSL working from a Linux installation of Tomcat and have run into various difficulties which would probably be very simple to an experienced Linux person. Sigh! what a learning curve....
 
michael yue
Ranch Hand
Posts: 204
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I see that I am not the only one having problem installing tomcat on linux. Yes I use keytool to generate self singn cert. I tried using port 8443 to access the tomcat linux but unsuccessful so i change the port to 443 but still the same. The thing is, telnet to the ports is success but the browser cannot display. This is weird. I think I will try using another java version to try this ssl configuration. Maybe should get a linux expert advise here.
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
the problem is in the cert. Those two dialog pop-ups are what can be expected. The first one is because it's the first time you're receiving the certificate (so this proves you've configured tomcat ssl properly). The second error is because the name on the cert doesn't match what you typed into the browser. Well... I'm not a huge expert on SSL, but that's what I believe to be true.

SSL certs must be served from the exact domain for which they are created. So ... what if you typed in "http://myserver.com"; or better yet, try making a cert for "localhost" (if that's allowed). Esentially, what you type into the address bar, *must* match the URL for which the cert is generated.
 
michael yue
Ranch Hand
Posts: 204
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I tried the solution by Mike but still the same result. The only improvement is that I didnt get the second pop up which is the domain name mismatch alert. The end of the error code is :
localhost received an incorrect or unexpected message error code 12229


Also I tried it with a lower version j2sdk1.4.2 Previously I used jdk1.5 and I end up cannot display any of the pages with these errors.

root cause

java.lang.UnsupportedClassVersionError: org/apache/jsp/index_jsp
(Unsupported major.minor version 49.0)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:539)
at java.lang.ClassLoader.defineClass(ClassLoader.java:448)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:215)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:131)
at
org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:497)
at


There are more to that. I just paste a part only.
Should I delete the whole tomcat and reinstall another one. Even the default index.jsp page for the tomcat and up with the error. I am in a dilemma. Whether to stick to jdk1.5 and try to debug or start fresh with another tomcat installation.
 
michael yue
Ranch Hand
Posts: 204
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi

Finally I solved this ssl problem. The trick is use j2sdk1.4.2_05 with tomcat 4.1.3. Don't use jdk1.5. Will have a big headache if not.
 
Ranch Hand
Posts: 48
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
there is no problem with jdk1. 5. I can ur problem on using jdk1.5 was u had NOT changed JAVA_HOME. The problem comes when java_home s inot pointing to the correct location.
 
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by rahul khanna:
...I can ur problem on using jdk1.5 was u had NOT changed JAVA_HOME. The problem comes when java_home s inot pointing to the correct location.


Hi Rahul,

With due regards to you please can I advise you to have some sort of forum etiquette. Your post is a bunch of messed up words and shortcuts which only could be irritating.

I was smoothly cruising down the post chain when I bumped into your's and found it insulting.

Please be considerate.

Swapan
 
Where all the women are strong, all the men are good looking and all the tiny ads are above average:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic