Sun Java System Calendar Server 6.3 Administration Guide

7.2 Troubleshooting SSL for Calendar Server 6.3 Software

First, always backup your certificate database on a regular basis in case unrecoverable problems occur. This section contains things to consider after you back up your database.

7.2.1 Checking for the cshttpd Process

SSL requires the Calendar Server cshttpd process to be running. To determine if cshttpd is running, use this command:

# ps -ef | grep cshttpd

7.2.2 Verifying Certificates

To list the certificates in the certificate database and checking their validity dates, use this command:

# ./certutil -L -d /etc/opt/SUNWics5/config

7.2.3 Reviewing Calendar Server Log Files

Check the Calendar Server log files for any SSL errors.

7.2.4 Connecting to the SSL Port

Connect to the SSL port using a browser and the following URL:



server-name is the name of the server where Calendar Server is running.

ssl-port-number is the SSL port number as specified by the service.http.ssl.port parameter in the ics.conf file. The default is 443.

7.2.5 Making cshttpd Stop Listening on the Regular HTTP Port

HTTP and HTTPS listen on different ports (443 for SSL, and 80 for HTTP), so you will never have both listening to the same port. Currently, there is no way to tell cshttpd to stop listening to the regular HTTP port. However, an administrator can change the service.http.port to an undisclosed number.

Caution – Caution –

Do not set service.http.enable ="no" in an attempt to prevent cshttpd from listening to HTTP. Doing so would cause HTTPS to fail also. Both service.http.enable and service.http.ssl.port.enable must be set to "yes" for SSL to be configured properly.