tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Angel Quintana" <angel.quint...@gobernalia.com>
Subject Re: Problems with SSL-enabled Tomcat 5.5
Date Tue, 02 Oct 2007 07:54:04 GMT
Following up this email from Werner, did you fix it Werner???

I am facing the same problem, aparently my process is correct, here is
some info:

Catalina.out: (Alias name autentiacert does not identify a key entry)
---------------------------- Catalina.out -------------------------
GRAVE: Error inicializando punto final (endpoint)
java.io.IOException: El nombre de Alias autentiacert no identifica una
entrada de clave
       at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:143)
       at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109)
       at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
       at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:138)
       at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
       at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
       at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791)
       at org.apache.catalina.startup.Catalina.load(Catalina.java:503)
       at org.apache.catalina.startup.Catalina.load(Catalina.java:523)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266)
       at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
01-oct-2007 16:55:21 org.apache.catalina.startup.Catalina load
GRAVE: Catalina.start
LifecycleException:  Falló la inicialización del manejador de
protocolo: java.io.IOException: El nombre de Alias autentiacert no
identifica una entrada de clave
       at org.apache.catalina.connector.Connector.initialize(Connector.java:1018)
       at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
       at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791)
       at org.apache.catalina.startup.Catalina.load(Catalina.java:503)
       at org.apache.catalina.startup.Catalina.load(Catalina.java:523)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266)
       at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
---------------------------- Catalina.out -------------------------

----------------------------------------------------- server.xml
---------------------------------
  <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/root/.keystore"
               keystorePass="changeit"
               keyAlias="autentiacert"
               URIEncoding="UTF-8" />
----------------------------------------------------- server.xml
---------------------------------

--------------------------------- keytool -list -v -storepass changeit
----------------------
Tipo del almacén de claves: jks
Proveedor del almacén de claves: IBMJCE

El almacén de claves contiene 3 entradas

Nombre de alias: autentiacacert
Fecha de creación: 01-oct-2007
Tipo de entrada: trustedCertEntry

Propietario: EMAILADDRESS=angel.quintana@gobernalia.com, CN=Angel,
OU=Pymes2, O=Gobernalia, ST=Madrid, C=ES
Emisor: EMAILADDRESS=angel.quintana@gobernalia.com, CN=Angel,
OU=Pymes2, O=Gobernalia, ST=Madrid, C=ES
Número de serie: 0
Válido desde: 1/10/07 18:22 hasta: 30/09/10 18:22
Huellas de certificado:
        MD5:  E6:7B:06:78:AB:71:F2:F9:E7:74:B9:64:FB:FA:43:F2
        SHA1: A9:E5:6B:58:56:71:BB:37:2D:4D:02:6E:71:E3:7E:EE:24:BF:7F:84


*******************************************
*******************************************


Nombre de alias: pymes2
Fecha de creación: 01-oct-2007
Tipo de entrada: keyEntry
Longitud de la cadena de certificados: 1
Certificado[1]:
Propietario: CN=pymes2.gobernalianet.es, OU=Pymes2, O=Gobernalia,
L=Madrid, ST=Madrid, C=ES
Emisor: CN=pymes2.gobernalianet.es, OU=Pymes2, O=Gobernalia, L=Madrid,
ST=Madrid, C=ES
Número de serie: 47010c0d
Válido desde: 1/10/07 17:02 hasta: 30/12/07 16:02
Huellas de certificado:
        MD5:  9D:36:5D:F9:D1:33:27:F9:E0:3F:BA:BF:F7:07:35:58
        SHA1: 33:DA:68:79:13:66:65:E4:02:19:A6:6E:AF:73:1C:2B:45:E1:14:38
*******************************************
*******************************************
Nombre de alias: autentiacert
Fecha de creación: 01-oct-2007
Tipo de entrada: trustedCertEntry

Propietario: CN=pymes2.gobernalianet.es, OU=Pymes2, O=Gobernalia,
L=Madrid, ST=Madrid, C=ES
Emisor: EMAILADDRESS=angel.quintana@gobernalia.com, CN=Angel,
OU=Pymes2, O=Gobernalia, ST=Madrid, C=ES
Número de serie: 1
Válido desde: 1/10/07 18:28 hasta: 30/09/08 18:28
Huellas de certificado:
        MD5:  2C:D4:6F:C6:8F:A5:8D:19:45:F8:12:AF:0F:F6:CE:50
        SHA1: 1E:11:C1:68:35:5F:BE:5A:8D:F4:07:61:6F:41:BE:92:86:BF:C5:98
*******************************************
*******************************************
--------------------------------- keytool -list -v -storepass changeit
----------------------

En of message,

Thank you so much,

Angel

----- Original Message -----
Hello,
setting keyAlias="root" did not change anything. Then I downloaded the
latest version of Tomcat, added the Verisign cert to my cacerts file
and imported my Verisign-signed SSL certificate into a new keystore.
Unfortunately that does not change my situation: Either Tomcat is
unable to find my alias in the keystore file (if I specify a keyAlias)
or there appears to be a problem with the SSL ciphers or certificate
itself (if I don't specify a

keyAlias).


The two error message I am getting when attempting to start Tomcat are
(see further below):

1/with keyAlias directive:
INFO: Starting Coyote HTTP/1.1 on myhostname%2F10.10.11.32-6510
Aug 29, 2007 12:44:53 PM org.apache.coyote.http11.Http11BaseProtocol
start
SEVERE: Error starting endpoint
java.io.IOException: Alias name tomcat does not identify a key entry

at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:143)

2/without keyAlias directive:
java.net.SocketException: SSL handshake

errorjavax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled. at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)

Any more ideas? Is the problem maybe caused because I am creating a
new keystore and the key of the Verisign-signed certificate is in a
separate file (my colleague deleted the original keystore file)? Are
we screwed now?

Thank you. Any input is greatly appreciated.

Bye,
Werner.


----- Original Message ----- From: "Filip Hanik - Dev Lists" <[EMAIL PROTECTED]>

To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Wednesday, August 29, 2007 10:32 PM
Subject: Re: Problems with SSL-enabled Tomcat 5.5

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message