tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeanna Geier" <jge...@apt-cafm.com>
Subject Re: Error: No available certificate or key corresponds to the SSL cipher suites which are enabled.
Date Mon, 11 Sep 2006 13:50:37 GMT
Hi Bill-  Thanks for replying.

>keytool -list says:

C:\Program Files\Java\jdk1.5.0_06\bin>keytool -list -keystore "C:\Documents 
and
Settings\HP_Administrator\.keystore
Enter keystore password:  changeit

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

root, Sep 11, 2006, trustedCertEntry,
Certificate fingerprint (MD5): 
A1:53:42:0F:F5:CB:A3:E2:40:D6:06:89:62:64:3E:55
tomcat, Sep 11, 2006, trustedCertEntry,
Certificate fingerprint (MD5): 
A1:53:42:0F:F5:CB:A3:E2:40:D6:06:89:62:64:3E:55

C:\Program Files\Java\jdk1.5.0_06\bin>

I have the same certificate imported under the 'root' and 'tomcat' alias; is 
that a problem?

And I'm positive I'm using the same keystore file that I used to generate 
the key.

Thanks for replying and your help!!  This Security issue has been giving me 
problems for over a week now!
-Jeanna

----- Original Message ----- 
From: "Bill Barker" <wbarker@wilshire.com>
To: <users@tomcat.apache.org>
Sent: Sunday, September 10, 2006 4:54 PM
Subject: Re: Error: No available certificate or key corresponds to the SSL 
cipher suites which are enabled.


>I don't know if it's just copy/paste errors, but from what you've written, 
>you've imported the ca cert twice, and into a different keystore file than 
>you used to generate the key.
>
> What does > keytool -list say?
>
> "Jeanna Geier" <jgeier@apt-cafm.com> wrote in message 
> news:007001c6d378$7214f470$6700a8c0@geier...
> Hi All-
>
> I'm running into an odd problem and am hoping that someone out there can 
> help me!
>
> I'm trying to configure and run SSL; I am able to create, startup and run 
> everyting when I am using a self-signed certificate. (Yeah!)
>
> However, when I attempt to use a trial certificate from thawte (which is 
> where we want to get to), I am getting an error.  Here's what I'v done 
> (http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html):
>
>  - created a local Certificate: >keytool -genkey -alias tomcat -keyalg RSA
>
>  I didn't get a 'chain certificate' with my free trial, so for the next 
> step, I imported the certificate I got from Thawte:
>
>  - keytool -import -alias root -keystore C:\Documents and 
> Settings\HP_Administrator\.keystore -trustcacerts -file 
> C:\thawte_ca_cert.cert
>
>  Then I imported the new certificate under my tomcat user:
>
>  - keytool -import -alias tomcat -keystore C:\Documents and 
> Settings\HP_Administrator\.keystore -trustcacerts -file 
> C:\thawte_ca_cert.cert
>
>
> According to the directions, that should be it; however, when I go to 
> start Tomcat, I get the following error:
>
>        at 
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)
>        at 
> org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:368)
>        at 
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:549)
>        at 
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
>        at java.lang.Thread.run(Thread.java:595)
> Sep 8, 2006 1:34:04 PM org.apache.tomcat.util.net.PoolTcpEndpoint 
> acceptSocket
> WARNING: Reinitializing ServerSocket
> Sep 8, 2006 1:34:04 PM org.apache.tomcat.util.net.PoolTcpEndpoint 
> acceptSocket
> SEVERE: Endpoint [SSL: 
> ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=443]] ignored 
> exception: java.net.SocketException: SSL handshake 
> errorjavax.net.ssl.SSLException: No available certificate or key 
> corresponds to the SSL cipher suites which are enabled.
> java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: 
> No available certificate or key corresponds to the SSL cipher suites which 
> are enabled.
>
> When I search/google on this, it says that one cause could be "different 
> passwords has been used for the certificate and the Keystore. In this 
> case, use the Keytool to change the password of the certificate to match 
> the password of the Keystore." - but that's not the case.
>
> Please, any help you can offer would be greatly appreciated.  Thanks!
> -Jeanna
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message