tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Lechner <cl0...@l-mx.de>
Subject Tomcat keeps breaking/SSL keystore troubles
Date Thu, 30 Aug 2007 15:11:48 GMT
Hi all,

I've been trying hard to enable the SSL connector in TomCat for a few
days now. As I don't have very much experience with SSL, it's quite hard
for me to figure out what's going wrong.
I read a lot of different setup guides, but I'm getting the same error
messages all the time:

16:37:13,254 INFO  [Http11BaseProtocol] Starting Coyote HTTP/1.1 on
http-0.0.0.0
-808016:37:13,338 INFO  [ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009
16:37:13,346 INFO  [JkMain] Jk running ID=0 time=0/24
config=null16:37:13,360 INFO  [Http11BaseProtocol] Starting Coyote
HTTP/1.1 on http-0.0.0.0
-844316:37:13,371 ERROR [PoolTcpEndpoint] Endpoint [SSL:
ServerSocket[addr=/0.0.0.0,p
ort=0,localport=8443]] ignored exception: java.net.SocketException: SSL
handshake errorjavax.net.ssl.SSLException: No available certificate or
key corresponds t
o the SSL cipher suites which are enabled.java.net.SocketException: SSL
handshake errorjavax.net.ssl.SSLException: No avai
lable certificate or key corresponds to the SSL cipher suites which are
enabled.        at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)
        at
org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:407)
        at
org.apache.tomcat.util.net.PoolTcpEndpoint.run(PoolTcpEndpoint.java:647)
        at java.lang.Thread.run(Thread.java:595)

I've got a .crt file, a .csr file and a .key file for the domain and I
also got the root cert from the CA. So I tried to set it up in the
following way (output messages included):
---> Begin of keystore creation <---
ab-server1:~/ssl# keytool -import -trustcacerts -alias root -file
rapidssl_01.cer -keystore thekeystore
Enter keystore password:  changeit
Certificate already exists in system-wide CA keystore under alias
<equifaxsecureglobalebusinessca1>
Do you still want to add it to your own keystore? [no]:  yes
Certificate was added to keystore
ab-server1:~/ssl# keytool -import -trustcacerts -alias tomcat -file
www_mydomain_com.crt -keystore thekeystore
Enter keystore password:  changeit
Certificate was added to keystore
ab-server1:~/ssl# keytool -list -keystore thekeystore
Enter keystore password:  changeit

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

root, Aug 30, 2007, trustedCertEntry,
Certificate fingerprint (MD5):
8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
tomcat, Aug 30, 2007, trustedCertEntry,
Certificate fingerprint (MD5):
C4:6F:76:3F:5E:ED:33:04:F9:CB:0F:98:28:21:5D:D4
---> End of keystore creation <---

In server.xml file, I added:
<Connector port="8443" address="${jboss.bind.address}"
            maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
            emptySessionPath="true"
            scheme="https" secure="true" clientAuth="false"
            keystoreFile="/root/ssl/thekeystore"
            keystorePass="changeit" sslProtocol = "TLS" />


OTOH I've tried a self-signed certificate and it worked.

What's my fault?

TIA
- C. Lechner


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message