tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Tomcat 5 and SSL Configuration
Date Mon, 25 Apr 2005 19:10:27 GMT
Bruce,

You should not have done step 5. This deleted your private key. I hope 
you have a backup ;)

Mark

Bruce Perryman wrote:
> Hello,
> 
> I'm using TC 5.0.19 and j2sdk1.4.2_04 on RedHat 9.
> 
> My SSL certificate expired and I received a new one
> but haven't been able to get the new one to work. 
> 
> Here are the steps that I used to get the certificate
> and import it into my keystore:
> 
> [1] keytool -genkey -alias tomcat
>      -keyalg RSA -keystore .keystore
> [2] keytool -certreq -alias tomcat
>      -keystore .keystore -file tomcat.csr
> [3] Submit tomcat.csr to Entrust and then
>      retrieve entrust_ssl_ca.cer  (We used
>      cut and paste, not file download.)
> [4] shut down Tomcat
> [5] keytool -delete -alias tomcat
>       -keystore .keystore
> [6] keytool import -trustcacerts
>      -alias tomcat -file entrust_ssl_ca.cer
>      -keystore .keystore
> [7] restart tomcat
> Instead of [6], we also tried:
> [6a] keytool import -alias tomcat
>       -file entrust_ssl_ca.cer -keystore .keystore
> 
> When I restart Tomcat and view my page, I get the
> message that the page cannot be displayed.
> 
> In my catalina.out file, I see the following severe
> error msg:
> 
> Endpoint [SSL: ServerSocket[addr=     ]] ignored
> exception: java.net.SocketException: SSL handshake
> errorjavax.net.ssl.SSLException: No available
> certificate corresponds to the SSL cipher suites which
> are enabled.
> 
> Does anyone know what I'm doing wrong? I don't have
> the exact steps that I performed with my previous
> certificate, but the above steps are what I used for
> the newly issued certificate.
> 
> Thanks, in advance, for your help.
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Yahoo! Mail - 250MB free storage. Do more. Manage less. 
> http://info.mail.yahoo.com/mail_250
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message