tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: Tomcat keeps breaking/SSL keystore troubles
Date Thu, 30 Aug 2007 15:22:24 GMT
my guess is that the keystore file doesn't contain your private key,

Filip

Christoph Lechner wrote:
> Hi all,
>
> I've been trying hard to enable the SSL connector in TomCat for a few
> days now. As I don't have very much experience with SSL, it's quite hard
> for me to figure out what's going wrong.
> I read a lot of different setup guides, but I'm getting the same error
> messages all the time:
>
> 16:37:13,254 INFO  [Http11BaseProtocol] Starting Coyote HTTP/1.1 on
> http-0.0.0.0
> -808016:37:13,338 INFO  [ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009
> 16:37:13,346 INFO  [JkMain] Jk running ID=0 time=0/24
> config=null16:37:13,360 INFO  [Http11BaseProtocol] Starting Coyote
> HTTP/1.1 on http-0.0.0.0
> -844316:37:13,371 ERROR [PoolTcpEndpoint] Endpoint [SSL:
> ServerSocket[addr=/0.0.0.0,p
> ort=0,localport=8443]] ignored exception: java.net.SocketException: SSL
> handshake errorjavax.net.ssl.SSLException: No available certificate or
> key corresponds t
> o the SSL cipher suites which are enabled.java.net.SocketException: SSL
> handshake errorjavax.net.ssl.SSLException: No avai
> lable certificate or key corresponds to the SSL cipher suites which are
> enabled.        at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)
>         at
> org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:407)
>         at
> org.apache.tomcat.util.net.PoolTcpEndpoint.run(PoolTcpEndpoint.java:647)
>         at java.lang.Thread.run(Thread.java:595)
>
> I've got a .crt file, a .csr file and a .key file for the domain and I
> also got the root cert from the CA. So I tried to set it up in the
> following way (output messages included):
> ---> Begin of keystore creation <---
> ab-server1:~/ssl# keytool -import -trustcacerts -alias root -file
> rapidssl_01.cer -keystore thekeystore
> Enter keystore password:  changeit
> Certificate already exists in system-wide CA keystore under alias
> <equifaxsecureglobalebusinessca1>
> Do you still want to add it to your own keystore? [no]:  yes
> Certificate was added to keystore
> ab-server1:~/ssl# keytool -import -trustcacerts -alias tomcat -file
> www_mydomain_com.crt -keystore thekeystore
> Enter keystore password:  changeit
> Certificate was added to keystore
> ab-server1:~/ssl# keytool -list -keystore thekeystore
> Enter keystore password:  changeit
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> root, Aug 30, 2007, trustedCertEntry,
> Certificate fingerprint (MD5):
> 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
> tomcat, Aug 30, 2007, trustedCertEntry,
> Certificate fingerprint (MD5):
> C4:6F:76:3F:5E:ED:33:04:F9:CB:0F:98:28:21:5D:D4
> ---> End of keystore creation <---
>
> In server.xml file, I added:
> <Connector port="8443" address="${jboss.bind.address}"
>             maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
>             emptySessionPath="true"
>             scheme="https" secure="true" clientAuth="false"
>             keystoreFile="/root/ssl/thekeystore"
>             keystorePass="changeit" sslProtocol = "TLS" />
>
>
> OTOH I've tried a self-signed certificate and it worked.
>
> What's my fault?
>
> TIA
> - C. Lechner
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message