Home/ Questions/Q 6048673
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T07:29:23+00:00

I have problem where google chrome is showing: The site uses SSL, but Google

  • 0

I have problem where google chrome is showing:

The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.

message which shows up as crossed with red https sign.

How should I configure tomcat to get rid of the message shown in detail on the below picture?

I found this link but can’t make out from it how to fix this:
http://code.google.com/p/chromium/issues/detail?id=72716

Also there is mention of OpenSSL problem with APR (what would be the OpenSSL alternative?):
http://tomcat.apache.org/security-native.html

I have GeoTrust Business ID certificate which is more than adequate for the site and should be secure enough. So I believe this some issue with either Tomcat or Java.

Working configuration in server.xml:

<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="16384"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"

compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"

scheme="https"
secure="true"
SSLEnabled="true"
sslProtocol="TLS"
clientAuth="false"
keystoreFile="/usr/share/tomcat6/conf/tomcat.keystore" keystorePass="somepass"
/>

is giving me the error on the picture:

enter image description here

UPDATE – Going native

`<Connector port="443"`  

 protocol="org.apache.coyote.http11.Http11AprProtocol"
 maxHttpHeaderSize="16384"
 maxThreads="150"
 enableLookups="false"
 acceptCount="100"
 disableUploadTimeout="true" 

 compression="on"
 compressionMinSize="2048"
 noCompressionUserAgents="gozilla, traviata"
 compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css" 
 scheme="https"
 secure="true"
 SSLEnabled="true"
 SSLCertificateFile="/tomcat/conf/cert.crt"
 SSLCertificateKeyFile="/tomcat/conf/key.pem"
 SSLCACertificateFile="/tomcat/conf/rootandintermidiate.crt"
 clientAuth="optional"
/>

This seemed to do the trick!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    According to:

    http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

    “The APR connector uses different
    attributes for SSL keys and
    certificates.”

    The examples they give is (JSSE):

    <Connector 
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>

    For JSSE and then APR:

    <Connector 
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/usr/local/ssl/server.crt" 
           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
           clientAuth="optional" SSLProtocol="TLSv1"/>

    The first thing I noticed was SSLProtocol is different (attribute and its value) and it doesn’t use keystoreFile. This appears to be because:

    “If the installation uses APR – i.e.
    you have installed the Tomcat native
    library – then it will use the APR SSL
    implementation.”

    The attributes in your example relate to the JSSE implementation, so I’m assuming the issue relates to the use of the NIO protocol and / or APR. Change your Connector to use the attributes designed solely for APR and remove the JSSE ones (or vice versa).

    • 0