Sun Java System Calendar Server 6 2005Q4 Administration Guide

Troubleshooting SSL

First, always backup your certificate database on a regular basis in case unrecoverable problems occur. If you have problems with SSL, here are some things to consider:

Checking for the cshttpd Process

SSL requires the Calendar Server cshttpd process to be running. To determine if cshttpd is running, use this command:

# ps -ef | grep cshttpd

Verifying Certificates

To list the certificates in the certificate database and checking their validity dates, use this command:

# ./certutil -L -d /var/opt/SUNWics5/alias

Reviewing Calendar Server Log Files

Check the Calendar Server log files for any SSL errors. For more information see Using Calendar Server Log Files.

Connecting to the SSL Port

Connect to the SSL port using a browser and the following URL:



server-name is the name of the server where Calendar Server is running.

ssl-port-number is the SSL port number as specified by the service.http.ssl.port parameter in the ics.conf file. The default is 443.

Making cshttpd Stop Listening on the Regular HTTP Port

HTTP and HTTPS listen on different ports (443 for SSL, and 80 for HTTP), so you will never have both listening to the same port. Currently, there is no way to tell cshttpd to stop listening to the regular HTTP port. However, an administrator can change the service.http.port to an undisclosed number.

Caution – Caution –

Do not set service.http.enable ="no" in an attempt to prevent cshttpd from listening to HTTP. Doing so would cause HTTPS to fail also. Both service.http.enable and service.http.ssl.port.enable must be set to "yes" for SSL to be configured properly.