tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haim Cohen" <hai...@gmail.com>
Subject Re: Error while trying to use trial certificate for SSL in Tomcat
Date Mon, 08 Sep 2008 20:27:12 GMT
Can anyone please help with the question below?
I'm pretty much clueless...

I think I followed the HOWTO but it seems to be not working... so I must
have missed something...

Thanks!!

On Thu, Sep 4, 2008 at 5:22 PM, Haim Cohen <haimcn@gmail.com> wrote:

> Hi
>
> I'm new to Tomcat and I'm trying to set SSL on a Tomcat server and to
> understand how it should be done.
>
> I started with generating key as explained in the Tomcat SSL howto and
> everything went well and I succeeded to connect using https to my server, of
> course the browser did not recognize the certificate but this is ok.
>
> Then I moved to the next phase and created a trial certificate in Verisign
> and followed the instructions specified in the Verisign site and in the
> howto.
> After the installation Tomcat getting to following exception:
> Sep 4, 2008 4:43:06 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
> SEVERE: Socket accept failed
> java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No
> available certificate or key corresponds to the SSL cipher suites which are
> enabled.
>     at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
>     at
> org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
>     at java.lang.Thread.run(Unknown Source)
>
> Tomcat kept getting this exception and hunged the machine after creating a
> log file in the size of all the free disk space (I only had there 10GB).
>
> Can anyone help me understand where I was wrong?
>
> To enable the SSL I made the following:
> 1. generated trial key and got the intermediateCA from Verisign
> 2. run keytool to create keystore:
>     keytool.exe -import -alias intermediateCA -keystore .\myKeystore
> -trustcacerts -file intermediateCA.cert
>     keytool.exe -import -alias tomcat -keystore .\myKeystore -trustcacerts
> -file mine.cert
> 3. updated the server.xml and added a connector as following:
> <Connector
> port="8443" minSpareThreads="5" maxSpareThreads="75"
> enableLookups="true" disableUploadTimeout="true"
> acceptCount="100" maxThreads="150"
> scheme="https" secure="true" SSLEnabled="true"
> keystoreFile="full path to myKeystore" keystorePass="123456"
> clientAuth="false" sslProtocol="TLS"/>
>
> The only difference I found was that when I listed the keys in the keystore
> I got PrivateKeyEntry for the generated keys and trustedCertEntry for the
> trial keys. can it be connected?
>
> The self generated file:
> ----------------------------
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> tomcat, Sep 3, 2008, PrivateKeyEntry,
> Certificate fingerprint (MD5):
> 6F:EC:48:31:4C:CC:2A:C3:AB:10:22:BD:A3:78:44:AF
> ----------------------------
>
> The trial file:
> ----------------------------
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> intermediateca, Sep 4, 2008, trustedCertEntry,
> Certificate fingerprint (MD5):
> 8D:E9:89:DB:7F:CC:5E:3B:FD:DE:2C:42:08:13:EF:43
> tomcat, Sep 4, 2008, trustedCertEntry,
> Certificate fingerprint (MD5):
> AC:9F:D0:82:72:BC:61:26:CB:7F:44:5C:AF:06:F1:20
> ---------------------------
>
> Thanks!!!
> Haim
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message