https://issues.apache.org/bugzilla/show_bug.cgi?id=50872
--- Comment #2 from Clive Nicholson <clive.nichol...@brent.gov.uk> 2011-03-08
05:28:04 EST ---
(In reply to comment #1)
> Without the connector configuration and a reproducible test case, this is
> likely to get resolved as "WORKSFORME"
The connector from the Tomcat 'server.xml' file is shown below:
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/conf/keystores/disbox" keystorePass="*********"
truststoreFile="C:\Program
Files\Java\jre1.5.0_13\lib\security\cacerts" truststorePass="changeit" />
However, the servlet running under Tomcat initiates a SSL connection to an
external web service and it is not using the keystore configured in the http
connector (which I assume is for inbound SSL connections). The application has
its own configuration file where the location of its keystore, its password and
other parameters are defined. During the SSL handshake the external server
requests our server's certificate which it should obtain from this application
keystore. As stated previously, this works okay initally but seems to stop
working after some unknown time has elapsed. Could it be that somehow it is
searching the wrong keystore for the server's certificate (i.e. the keystore
configured in the connector as opposed to the application's keystore)?
I will enable the SSL debug option '-Djavax.net.debug="all"' in the Tomcat
start-up to see if I can get anymore information.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
