tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Perryman <bperryman...@yahoo.com>
Subject Re: Tomcat 5 and SSL Configuration
Date Mon, 25 Apr 2005 19:31:24 GMT
Thanks for responding!

Yes, I do have a backup, but I should have mentioned
that there were several attempts to get this working.
One of the first attempts ommitted step #5, but I had
the same result.
I used step #5 in an attempt to remove the old and
then insert the new. But that didn't work either.

One other thing that I noticed is that my previous
(expired) keystore had 2 certs in it one was a root
trusted cert entry and the tomcat key entry.

This time, in one of my initial attempts, the tomcat
alias was the only entry and it was the trusted cert
entry.

Does this have anything to do with the problem?
--- Mark Thomas <markt@apache.org> wrote:
> Bruce,
> 
> You should not have done step 5. This deleted your
> private key. I hope 
> you have a backup ;)
> 
> Mark
> 
> Bruce Perryman wrote:
> > Hello,
> > 
> > I'm using TC 5.0.19 and j2sdk1.4.2_04 on RedHat 9.
> > 
> > My SSL certificate expired and I received a new
> one
> > but haven't been able to get the new one to work. 
> > 
> > Here are the steps that I used to get the
> certificate
> > and import it into my keystore:
> > 
> > [1] keytool -genkey -alias tomcat
> >      -keyalg RSA -keystore .keystore
> > [2] keytool -certreq -alias tomcat
> >      -keystore .keystore -file tomcat.csr
> > [3] Submit tomcat.csr to Entrust and then
> >      retrieve entrust_ssl_ca.cer  (We used
> >      cut and paste, not file download.)
> > [4] shut down Tomcat
> > [5] keytool -delete -alias tomcat
> >       -keystore .keystore
> > [6] keytool import -trustcacerts
> >      -alias tomcat -file entrust_ssl_ca.cer
> >      -keystore .keystore
> > [7] restart tomcat
> > Instead of [6], we also tried:
> > [6a] keytool import -alias tomcat
> >       -file entrust_ssl_ca.cer -keystore .keystore
> > 
> > When I restart Tomcat and view my page, I get the
> > message that the page cannot be displayed.
> > 
> > In my catalina.out file, I see the following
> severe
> > error msg:
> > 
> > Endpoint [SSL: ServerSocket[addr=     ]] ignored
> > exception: java.net.SocketException: SSL handshake
> > errorjavax.net.ssl.SSLException: No available
> > certificate corresponds to the SSL cipher suites
> which
> > are enabled.
> > 
> > Does anyone know what I'm doing wrong? I don't
> have
> > the exact steps that I performed with my previous
> > certificate, but the above steps are what I used
> for
> > the newly issued certificate.
> > 
> > Thanks, in advance, for your help.
> > 
> > 
> > 		
> > __________________________________ 
> > Do you Yahoo!? 
> > Yahoo! Mail - 250MB free storage. Do more. Manage
> less. 
> > http://info.mail.yahoo.com/mail_250
> > 
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> > 
> > 
> > 
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message