Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 7402 invoked from network); 25 Apr 2005 19:31:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 25 Apr 2005 19:31:53 -0000 Received: (qmail 94947 invoked by uid 500); 25 Apr 2005 19:32:00 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 94927 invoked by uid 500); 25 Apr 2005 19:32:00 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 94913 invoked by uid 99); 25 Apr 2005 19:32:00 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from web51605.mail.yahoo.com (HELO web51605.mail.yahoo.com) (206.190.38.210) by apache.org (qpsmtpd/0.28) with SMTP; Mon, 25 Apr 2005 12:31:59 -0700 Received: (qmail 29932 invoked by uid 60001); 25 Apr 2005 19:31:24 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=1upBLTNwAk6haNNT15qHHVrSsCV9fJ5/UNEnq2XNRcS5tIN5Nsm+REtUP/4XJZjNmh0PRw/bA/hhMR1yfkX/5ZMsJqQybvVz2m5inndHmMS1oT0/SF0j+F3Gn5LVu5j8YIo6K9vO8XlHdkvfweunxu3IjAk+i3CQrDUkoA1HUz4= ; Message-ID: <20050425193124.29930.qmail@web51605.mail.yahoo.com> Received: from [68.236.170.106] by web51605.mail.yahoo.com via HTTP; Mon, 25 Apr 2005 12:31:24 PDT Date: Mon, 25 Apr 2005 12:31:24 -0700 (PDT) From: Bruce Perryman Subject: Re: Tomcat 5 and SSL Configuration To: Tomcat Users List In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Thanks for responding! Yes, I do have a backup, but I should have mentioned that there were several attempts to get this working. One of the first attempts ommitted step #5, but I had the same result. I used step #5 in an attempt to remove the old and then insert the new. But that didn't work either. One other thing that I noticed is that my previous (expired) keystore had 2 certs in it one was a root trusted cert entry and the tomcat key entry. This time, in one of my initial attempts, the tomcat alias was the only entry and it was the trusted cert entry. Does this have anything to do with the problem? --- Mark Thomas wrote: > Bruce, > > You should not have done step 5. This deleted your > private key. I hope > you have a backup ;) > > Mark > > Bruce Perryman wrote: > > Hello, > > > > I'm using TC 5.0.19 and j2sdk1.4.2_04 on RedHat 9. > > > > My SSL certificate expired and I received a new > one > > but haven't been able to get the new one to work. > > > > Here are the steps that I used to get the > certificate > > and import it into my keystore: > > > > [1] keytool -genkey -alias tomcat > > -keyalg RSA -keystore .keystore > > [2] keytool -certreq -alias tomcat > > -keystore .keystore -file tomcat.csr > > [3] Submit tomcat.csr to Entrust and then > > retrieve entrust_ssl_ca.cer (We used > > cut and paste, not file download.) > > [4] shut down Tomcat > > [5] keytool -delete -alias tomcat > > -keystore .keystore > > [6] keytool import -trustcacerts > > -alias tomcat -file entrust_ssl_ca.cer > > -keystore .keystore > > [7] restart tomcat > > Instead of [6], we also tried: > > [6a] keytool import -alias tomcat > > -file entrust_ssl_ca.cer -keystore .keystore > > > > When I restart Tomcat and view my page, I get the > > message that the page cannot be displayed. > > > > In my catalina.out file, I see the following > severe > > error msg: > > > > Endpoint [SSL: ServerSocket[addr= ]] ignored > > exception: java.net.SocketException: SSL handshake > > errorjavax.net.ssl.SSLException: No available > > certificate corresponds to the SSL cipher suites > which > > are enabled. > > > > Does anyone know what I'm doing wrong? I don't > have > > the exact steps that I performed with my previous > > certificate, but the above steps are what I used > for > > the newly issued certificate. > > > > Thanks, in advance, for your help. > > > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Mail - 250MB free storage. Do more. Manage > less. > > http://info.mail.yahoo.com/mail_250 > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > tomcat-user-unsubscribe@jakarta.apache.org > > For additional commands, e-mail: > tomcat-user-help@jakarta.apache.org > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: > tomcat-user-help@jakarta.apache.org > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org