Problem With Apache Tomcat, IE & Spanish DNIe Certificate

Hi, I have Tomcat 5.0.28 running on more than one client with a  SSL connector that allows identification with spanish certificates FNMT, DNIe and Camerfirma (among others).

Today one client called me and tells me that when logging with DNIe from IE gets no response, whereas if you they try to access with other certificate or Firefox can access sucessfully. I have checked i it and I have found that other clients still log in with IE and DNIe. (other clients, other tomcat (same version), other servers)

They haven´t touch anything in the firewall that provides access to Tomcat and they have tried to restart Tomcat to see if it works and nothing.

When I look at the tomcat´s console the only thing I get is:

 02-Aug-2010 11:50:21 Runit
SEVERE: Remote Host / XXX.XXX.XXX.XXX SocketException: Connection reset

Where XXX.XXX.XXX.XXX is the IP of my computer and time y when I tried

 Any idea where might be the problem?

Thanks a lot in advance

asked by fealfu



The first thing to note is that you are currently running an unsupported version of Tomcat, which in Apache terms means that it's extremely unlikely to get any more upgrades or patches. It's in beta now, but a stable release of Tomcat 7.0 is likely to happen towards the end of this year, which will put you a full 3 versions behind the current release.

A detailed answer to the question requires more information, such as the exact versions of the server operating system, the JVM type and version, how you've configured the SSL connector and whether you're using APR or not.

This type of problem most often appears when a client has unexpectedly terminated the request, or disconnected before the request has completed, implying that the source is at the client end of the connection - it's often an unintended consequence of a user deciding to view a different page before a previous request has finished.

In your case, you state that some clients are not having the same problem; in order to track down the source you should monitor the access, error and application logs and match individual requests to the log entries.  Look for commonalities between source IP address, User-agent and try to get exact details of the environment of the client which has identified the problem.  If there is definitely only one client experiencing the problem, then you'll need to determine what's different about their configuration.  It's possible that there's nothing wrong with your application, but that a server or network misconfiguration is the cause of the fault.

Even recent releases of the Sun JDK/JRE don't have all of the Certificate Authorities in use currently, which is another possibility for the cause - though I wouldn't expect to see a connection reset event as a symptom - but still, check the client isn't using a certificate from a new CA.

I can't guarantee it would make any difference, but I'd strongly recommend putting a testing and deployment plan together to bring your environment up to reasonably current versions, particularly as there are vulnerabilities in SSL which are likely to unpatched in the setup you describe.  Tomcat 5.5 should be the minimum version you're running on, if upgrading the JVM to a recent version is a problem.


answered by pidster on June 16, 2011 11:40 AM

Stuart Williams is a Senior Consultant for the SpringSource Division of VMware, Inc. (NYSE: VMW). Stuart has been a Tomcat user for 6 years and is a regular contributor to the Apache Tomcat Users mailing list, and is also a committer on the Apache Amber OAuth project.



This is the site that has helped me to make a very good idea about the Tomcat server and its details. I am a computer science student and this site has helped me to get a very good idea about the same. Thank you so much dish network packages

I have also confronted few

I have also confronted few issues with Apache Tomcat. When I have been using IE, it shows an unexpected error. house cleaners san jose I couldn’t fix that issue. When I referred some information, I could understand that it was some issue with Apache Tomcat.


buy twitter followers This is very interesting content! I have thoroughly enjoyed reading your points and have come to the conclusion that you are right about many of them. You are great. buy twitter favorites

This post is very much

This post is very much informative to know more about the problem with Apache Tomcat, IE and Spanish DNIe certificate. I hope that this kind of discussion will help to solve the errors easily. Thank you so much for sharing this post here. Keep sharing!

dish network packages


twitter retweet I also wrote an article on a similar subject will find it at write what you think. buy twitter followers

Post new comment

This question is for testing whether you are a human visitor and to prevent automated spam submissions.