tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haim Cohen" <>
Subject Error while trying to use trial certificate for SSL in Tomcat
Date Thu, 04 Sep 2008 14:22:07 GMT

I'm new to Tomcat and I'm trying to set SSL on a Tomcat server and to
understand how it should be done.

I started with generating key as explained in the Tomcat SSL howto and
everything went well and I succeeded to connect using https to my server, of
course the browser did not recognize the certificate but this is ok.

Then I moved to the next phase and created a trial certificate in Verisign
and followed the instructions specified in the Verisign site and in the
After the installation Tomcat getting to following exception:
Sep 4, 2008 4:43:06 PM$Acceptor run
SEVERE: Socket accept failed SSL handshake No
available certificate or key corresponds to the SSL cipher suites which are
    at Source)

Tomcat kept getting this exception and hunged the machine after creating a
log file in the size of all the free disk space (I only had there 10GB).

Can anyone help me understand where I was wrong?

To enable the SSL I made the following:
1. generated trial key and got the intermediateCA from Verisign
2. run keytool to create keystore:
    keytool.exe -import -alias intermediateCA -keystore .\myKeystore
-trustcacerts -file intermediateCA.cert
    keytool.exe -import -alias tomcat -keystore .\myKeystore -trustcacerts
-file mine.cert
3. updated the server.xml and added a connector as following:
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="150"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="full path to myKeystore" keystorePass="123456"
clientAuth="false" sslProtocol="TLS"/>

The only difference I found was that when I listed the keys in the keystore
I got PrivateKeyEntry for the generated keys and trustedCertEntry for the
trial keys. can it be connected?

The self generated file:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Sep 3, 2008, PrivateKeyEntry,
Certificate fingerprint (MD5):

The trial file:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

intermediateca, Sep 4, 2008, trustedCertEntry,
Certificate fingerprint (MD5):
tomcat, Sep 4, 2008, trustedCertEntry,
Certificate fingerprint (MD5):


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message