Problem With Apache Tomcat, IE & Spanish DNIe Certificate

Hi, I have Tomcat 5.0.28 running on more than one client with a  SSL connector that allows identification with spanish certificates FNMT, DNIe and Camerfirma (among others).

Today one client called me and tells me that when logging with DNIe from IE gets no response, whereas if you they try to access with other certificate or Firefox can access sucessfully. I have checked i it and I have found that other clients still log in with IE and DNIe. (other clients, other tomcat (same version), other servers)

They haven´t touch anything in the firewall that provides access to Tomcat and they have tried to restart Tomcat to see if it works and nothing.

When I look at the tomcat´s console the only thing I get is:

 02-Aug-2010 11:50:21 Runit
SEVERE: Remote Host / XXX.XXX.XXX.XXX SocketException: Connection reset

Where XXX.XXX.XXX.XXX is the IP of my computer and time y when I tried

 Any idea where might be the problem?

Thanks a lot in advance

asked by fealfu



The first thing to note is that you are currently running an unsupported version of Tomcat, which in Apache terms means that it's extremely unlikely to get any more upgrades or patches. It's in beta now, but a stable release of Tomcat 7.0 is likely to happen towards the end of this year, which will put you a full 3 versions behind the current release.

A detailed answer to the question requires more information, such as the exact versions of the server operating system, the JVM type and version, how you've configured the SSL connector and whether you're using APR or not.

This type of problem most often appears when a client has unexpectedly terminated the request, or disconnected before the request has completed, implying that the source is at the client end of the connection - it's often an unintended consequence of a user deciding to view a different page before a previous request has finished.

In your case, you state that some clients are not having the same problem; in order to track down the source you should monitor the access, error and application logs and match individual requests to the log entries.  Look for commonalities between source IP address, User-agent and try to get exact details of the environment of the client which has identified the problem.  If there is definitely only one client experiencing the problem, then you'll need to determine what's different about their configuration.  It's possible that there's nothing wrong with your application, but that a server or network misconfiguration is the cause of the fault.

Even recent releases of the Sun JDK/JRE don't have all of the Certificate Authorities in use currently, which is another possibility for the cause - though I wouldn't expect to see a connection reset event as a symptom - but still, check the client isn't using a certificate from a new CA.

I can't guarantee it would make any difference, but I'd strongly recommend putting a testing and deployment plan together to bring your environment up to reasonably current versions, particularly as there are vulnerabilities in SSL which are likely to unpatched in the setup you describe.  Tomcat 5.5 should be the minimum version you're running on, if upgrading the JVM to a recent version is a problem.


answered by pidster on June 16, 2011 11:40 AM

Stuart Williams is a Senior Consultant for the SpringSource Division of VMware, Inc. (NYSE: VMW). Stuart has been a Tomcat user for 6 years and is a regular contributor to the Apache Tomcat Users mailing list, and is also a committer on the Apache Amber OAuth project.


I invite you to the page

I invite you to the page where you can read with interesting information on similar topics. best racquetball racquet

So lot to occur over your

So lot to occur over your amazing blog. Your blog procures me a fantastic transaction of enjoyable.. Salubrious lot beside the scene. Phoenix Electrician

So it is interesting and very

So it is interesting and very good written and see what they think about other people. Glendale Blinds

Nice information, valuable

Nice information, valuable and excellent design, as share good stuff with good ideas and concepts, lots of great information and inspiration, both of which I need, thanks to offer such a helpful information here. Gilbert Blinds

I recommend only good and

I recommend only good and reliable information, so see it: Mesa Blinds

getlikes Took personal time

getlikes Took personal time to peruse all the remarks, yet I truly reveled in the article. It ended up being Very useful to me and I am certain to all the commentators here! It's generally pleasant when you can be educated, as well as entertained! get more followers on instagram

Thanks for the answer man, it

Thanks for the answer man, it will be surely of some help but now, I am going for a full-time job so I'll require some cv service online to help me out in writing my CV.

Re: Apache Tomcat

The things discussed here in this blog found to be very useful and informative. I have also marked this site as a bookmark for further reference. I would like to say big thanks to the blog for sharing such fantastic piece of writing with us.
Johnnie Walker Blue Label For Sale

Accouchement too can Cheap

Accouchement too can Cheap Sunglasess Outlet action gogle. Because their eyes are so abundant added aerial and decumbent to sun accident than a grownup's, sunglases kids are basically like sunscreen for their eyes. Kid's sunglasses charge to appear with lenses that accommodate 90-99% aegis from the UVA and UVB application of the sun. Sunglasses for kids appear in blithely Oakley Sunglasses Outlet coloured frames that are sometimes printed in motifs that address to children, like their favourite superhero or action character.Oakley sunglasses are all the acerbity these canicule - from Lindsay Lohan to Kristen Stewart - there are a abundant amount of stars who can be apparent antic these shades. This appearance is the conception of Ray-Ban and aback its Cheap Oakley Outlet barrage in the 1980s has been adorable celebrities by the dozens. Although it uses the aforementioned admixture of angled & angular lines, as you acquisition in wayfarers, this appearance has some dissimilarities, as well. This brace of sunglasses appear in a horn rim top and affection angled lens edges on the bottom. They are clashing the campaign which are full-rim sunglasses. Furthermore, campaign accept an angular at attending while Oakley are a bit rounded.

This post shares few problems

This post shares few problems with Apache Tomcat, IE and Spanish DNIe Certificate. I hope that this post is very enough to provide the exact explanation regarding these problems. Thank you so much for sharing this post here! hotel catalina


This is the site that has helped me to make a very good idea about the Tomcat server and its details. I am a computer science student and this site has helped me to get a very good idea about the same. Thank you so much dish network packages

I have also confronted few

I have also confronted few issues with Apache Tomcat. When I have been using IE, it shows an unexpected error. house cleaners san jose I couldn’t fix that issue. When I referred some information, I could understand that it was some issue with Apache Tomcat.


buy twitter followers This is very interesting content! I have thoroughly enjoyed reading your points and have come to the conclusion that you are right about many of them. You are great. buy twitter favorites

This post is very much

This post is very much informative to know more about the problem with Apache Tomcat, IE and Spanish DNIe certificate. I hope that this kind of discussion will help to solve the errors easily. Thank you so much for sharing this post here. Keep sharing!

dish network packages


twitter retweet I also wrote an article on a similar subject will find it at write what you think. buy twitter followers

Post new comment

This question is for testing whether you are a human visitor and to prevent automated spam submissions.