Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Critical Problem with Tomcat 3.3.1 and SSL

0 views

Skip to first unread message

Dan

unread,

Apr 22, 2004, 4:16:06 PM4/22/04

Hello,

I am having a serious problem trying to set up SSL on Tomcat 3.3.1 on
Windows 2000. I am following the jakarta guidelines exactly as they
propose, but I am having absolutely no luck. What am I doing wrong?

Here is the procedure I follow:

First, I run the following command -

keytool -genkey -keyalg rsa -alias name -keystore name
- I then answer the questions. I tried setting the common name as
my name, and a second time as the the URL used to access the site in
question, ie: sitename.com

Then, I issue the following command -

keytool -certreq -keystore name -alias name -file name.csr

Next, I send the name.csr file to the CA, and recieve 3 certificates.
The 3 certificates I receive are RootCert.cer, IntCert.cer and
NewCert.cer. So, I then issue the following commands in this order:

keytool -import -trustcacerts -file RootCert.cer -alias rootcert
-keystore name
keytool -import -trustcacerts -file IntCert.cer -alias intcert
-keystore name
keytool -import -trustcacerts -file NewCert.cer -alias newcert
-keystore name

After each command I receive confirmation that the certification was
properly inserted. I then copy the 'name' file to TOMCAT_HOME/conf
and edit the server.xml file. I add the following lines to the
server.xml file:

Now, I restart tomcat and assume that everything should be in order.
When starting tomcat via the batch file, I see that an Http10Connector
is correctly sitting on port 8443. So, I try accessing the site
normally, and everything works fine. However, if I attempt an HTTPS
request to the site, I receive a page cannot be displayed error. This
is strange, because I figured that at this point it should work.
Well, I then attempted to access it manually by addressing
localhost:8443 .... this is where I noticed a problem. Once the
request is sent to Tomcat, Tomcat throws the following exception:

PoolTcpEndpoint: Handshake failed
javax.net.ssl.SSLException: Unrecognized SSL handshake.
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFactory.java:270)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:479)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:516)
at java.lang.Thread.run(Unknown Source)
ThreadPool: Caught exception executing
org.apache.tomcat.util.net.TcpWorkerThread@3a8602, terminating thread
java.lang.NullPointerException
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:498)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:516)
at java.lang.Thread.run(Unknown Source)

What is going on? Luckily, I have access to a CA, so this process
isn't costing me anything, however I have attempted this multiple
times with various certificates and various settings on the
certificate and I always get this same exception. What's more, I
tried creating a self signed certificate and I still get this
exception. Am I doing something wrong? I have scoured the net
countless times and it seems like all the instructions say the same
thing. When I search for this error, none of the recomendations fit
my situation. If no one knows how to fix this, could someone please
recomend where I can go so that I can find the answer to this problem?

Please help me out, this is driving me nuts. Thanks in advance,
Dan

0 new messages