Connection interrupted using SSL with a JBoss AS7 (Richfaces page)

Question

I've a strange problem. I'm using Richfaces 4 on a JBOSS AS7 webserver with HTTPS and client authentication.

Everything (client auth, HTTPS, etc.) works actually fine BUT sometimes style sheets and JavaScript resources are not loaded with Internet Explorer and strangely with Firefox too. Firebug and other debugging tools just say that the connection was interrupted, no additional information.

In addition, after a while, I cannot reproduce a situation, Internet Explorer (and even Firefox but less often) cannot display the whole site. In that situation no refresh, deleting cache, cookies, restarting IE does help at all.

Just to be sure it's not a company's network or proxy problem, I did unplug my computer from it, running my webserver on localhost. The same issues occurs here too.

Any ideas? Thank you in advance!

---

Nobody? I did change my log level to DEBUG and observed following output:

10:25:48,518 DEBUG [org.apache.tomcat.util.net.AprEndpoint] (http--0.0.0.0-8443-1) 
             Handshake failed: error:00000000:lib(0):func(0):reason(0)

---

It seems that the connection will be reseted.

Answer 1

I have not found why my settings were not working. However, I was using JBoss native connectors and so I decided to not use them.

Without using a native connector and after generating new certificates it's working perfectly, the above described issues didn't happen so far.

I was using following source how to generate my self-signed certificates:

• http://virgo47.wordpress.com/2010/08/23/tomcat-web-application-with-ssl-client-certificates/

This are my configurations in standalone.xml

<security-domain ....
<jsse 
    keystore-password="changeit" 
    keystore-url="keystore.jks" 
    truststore-password="changeit" 
    truststore-url="cacerts.jks" 
    server-alias="sercer" 
    client-auth="true" 
    protocols="TLS"/>

and

<connector ....
<ssl 
    name="ssl" 
    key-alias="sercer" 
    password="changeit" 
    certificate-key-file="keystore.jks" 
    protocol="TLSv1" 
    verify-client="true" 
    ca-certificate-file="cacerts.jks" />

However, I still do not understand why it has worked before randomly in IE and FF as well as without issues in Chrome. This would exclude my certificates to be the original problem, wouldn't it?