Scalix Forums

Skip to content

SSL won't work

Discuss installation of Scalix software

Moderators: ScalixSupport, admin

Post Reply
htaylor3
Posts: 15
Joined: Mon Jan 23, 2006 11:30 am

SSL won't work

Postby htaylor3 » Tue Jan 24, 2006 12:01 am

Hi all. I can get into sac and webmail on port 8080 fine. However, when I try on 8443 I can't load the page?

Here is my server.xml file section on SSL

By default, DNS lookups are enabled when a web application calls
request.getRemoteHost(). This can have an adverse impact on
performance, so you can disable it by setting the
"enableLookups" attribute to "false". When DNS lookups are disabled,
request.getRemoteHost() will return the String version of the
IP address of the remote client.
-->

<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector acceptCount="100" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="8443"></Connector>
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->

<!-- Note : To use gzip compression you could set the following properties :

compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml"
-->

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

<Connector acceptCount="100" clientAuth="false" debug="1" disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8443" scheme="https" secure="true" sslProtocol="SSL"></Connector>


<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector debug="0" enableLookups="false" port="8009" protocol="AJP/1.3" redirectPort="8443"></Connector>
--&gt;

<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this. -->
<!--
<Connector port="8082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false"
acceptCount="100" debug="0" connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />

What do I have wrong?
Any help will be greatly appreciated!

Thanks,

Hank
Top
ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Tue Jan 24, 2006 6:28 am

Hi,

have you generated a SSL certificate according to the documenation?

Please post the output of openssl s_client -connect your.mailserver.com:443

Cheers,

Sascha.
Top
htaylor3
Posts: 15
Joined: Mon Jan 23, 2006 11:30 am

Postby htaylor3 » Tue Jan 24, 2006 10:32 am

I set it up acording to the docs. I'll post the output when I get home tonight. Thanks again for the great support. I need to get this running at the community level to test it and see if Scalix is a viable option for us at work.
Top
ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Tue Jan 24, 2006 10:55 am

Can you give more detail on what you are seeing ?

What errors do you get back from the browser when you try to connect via https://servername.domain.com:8443/webmail ?

Is tomcat listening on port 8443 ?

Cheers

Dave
Top
ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Tue Jan 24, 2006 7:55 pm

Hi. One other thing. In your server.xml I see you have:

Code: Select all

 <Connector acceptCount="100" clientAuth="false" debug="1" disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8443" scheme="https" secure="true" sslProtocol="SSL"></Connector>


Try changing the sslProtocol="SSL" to sslProtocol="TLS" then restart tomcat.

Thanks,
Rachel
Top
htaylor3
Posts: 15
Joined: Mon Jan 23, 2006 11:30 am

Postby htaylor3 » Tue Jan 24, 2006 9:21 pm

Changed it to "TSL" and regenerated the key using the default password of "changeit" and now I can connect!

Thanks again!

Now ....... I don't know xml? How do I comment out the section of server.xml to NOT allow connections on 8080? Do I use the "#" sign?

Thanks,

Hank
Top
ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Tue Jan 24, 2006 9:38 pm

Hi Hank,

Code: Select all

 <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
is a comment. So to comment out the bit for listening on 8080 it would look like

Code: Select all

<!-- DISABLED BETWEEN HERE
    <Connector port="8080"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               debug="0" connectionTimeout="20000"
               disableUploadTimeout="true" />
     AND HERE -->


Regards,
Don
Top
htaylor3
Posts: 15
Joined: Mon Jan 23, 2006 11:30 am

Postby htaylor3 » Wed Jan 25, 2006 10:43 am

Thanks for the xml lesson! That got it!

Hank
Top
e1kosau
Posts: 30
Joined: Fri Mar 03, 2006 3:52 am
Location: california SF

Postby e1kosau » Mon Mar 06, 2006 6:35 pm

i kinda tried out your solution to the SSL problem. however, with the release of v.10, the postinstall task manual tells me to have SSL in the

..sslPorotocol="TLS" /> portion.

I dont understand how the other guy made it work but I still cannot access my SAC and Web Access using https.

Is there any other options. I also want to regenerate the keytab for java

./keytool -genkey -alias tomcat -keyalg RSA and when i put in a password it tells me this:

Code: Select all

keytool error: java.lang.Exception: Key pair not generated, alias <tomcat> already exists


thanks for ur help
Top
Post Reply

Return to “Installation”



Who is online

Users browsing this forum: No registered users and 3 guests

Powered by phpBB® Forum Software © phpBB Limited