Troubleshooting SSL
First, always backup your certificate database on a regular basis in case unrecoverable problems occur. If you have problems with SSL, here are some things to consider:
Checking for the cshttpd Process
SSL requires the Calendar Server cshttpd process to be running. To determine if cshttpd is running, use this command:
# ps -ef | grep cshttpd
Verifying Certificates
To list the certificates in the certificate database and checking their validity dates, use this command:
# ./certutil -L -d /var/opt/SUNWics5/alias
Reviewing Calendar Server Log Files
Check the Calendar Server log files for any SSL errors. For more information see Using Calendar Server Log Files.
Connecting to the SSL Port
Connect to the SSL port using a browser and the following URL:
https://server-name:ssl-port-number
where:
server-name is the name of the server where Calendar Server is running.
ssl-port-number is the SSL port number as specified by the service.http.ssl.port parameter in the ics.conf file. The default is 443.
Making cshttpd Stop Listening on the Regular HTTP Port
HTTP and HTTPS listen on different ports (443 for SSL, and 80 for HTTP), so you will never have both listening to the same port. Currently, there is no way to tell cshttpd to stop listening to the regular HTTP port. However, an administrator can change the service.http.port to an undisclosed number.
Caution – Do not set service.http.enable ="no" in an attempt to prevent cshttpd from listening to HTTP. Doing so would cause HTTPS to fail also. Both service.http.enable and service.http.ssl.port.enable must be set to "yes" for SSL to be configured properly.
- © 2010, Oracle Corporation and/or its affiliates