tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pulkit Singhal" <pulkitsing...@gmail.com>
Subject Re: Error: No available certificate or key corresponds to the SSL cipher suites which are enabled.
Date Wed, 13 Sep 2006 21:38:39 GMT
> I didn't specify the "keyStore" parameter in here
> because I only have one keystore at
> C:\Documents and Settings\HP_Administrator\.keystore
> or do Iexplicitely need to do that? I read somewhere that I didn't.

Personally, I can not even begin to imagine how Tomcat would know where to
find the keystore on a windows machine so one thing I would suggest (until
you get it all working) is to be as explicit as possible and provide the
keystore location in the connector and the password for it as well.

>I have the same certificate imported under the 'root' and 'tomcat' alias;
>is that a problem?
I have no idea why you felt or thought that you needed to have the same
certificate listed twice in your keystore. Its not really a question of
weather or not its a problem...its more a question of me wanting to know the
motivation for you doing this at all.

The point here is configure a "connector" so that when someone uses https,
you can serve up a certificate that you got signed by some CA that is
trusted(the CA cert is trusted by the user's browser) by most user's
browsers and is embedded(the CA's cert is embedded in the user browser) in
them. Since the user's browser trusts the CA's cert to sign other
certs...that means they should/will the certificate that you happen to be
serving....Right?

So as long as you tell the connector what keystore to look in, what the
password for that keystore is, and what alias to use as a handle to pull the
certificate (that needs to be served) out of that keystore....you should be
good to go.

Feel free to tell me otherwise or let me know of any issues you face.

Cheers!

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message