Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 88643 invoked from network); 8 Sep 2008 20:28:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 Sep 2008 20:28:02 -0000 Received: (qmail 26720 invoked by uid 500); 8 Sep 2008 20:27:48 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 26674 invoked by uid 500); 8 Sep 2008 20:27:48 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 26663 invoked by uid 99); 8 Sep 2008 20:27:48 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Sep 2008 13:27:47 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of haimcn@gmail.com designates 209.85.200.168 as permitted sender) Received: from [209.85.200.168] (HELO wf-out-1314.google.com) (209.85.200.168) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Sep 2008 20:26:50 +0000 Received: by wf-out-1314.google.com with SMTP id 25so1779183wfc.12 for ; Mon, 08 Sep 2008 13:27:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=1uEkFLpRaovpHKGSK1/KidTbkLOlLkv3COHpO/n319I=; b=vdor8rerijEvnlpdMmAv30dM5owFWl9JfvQBwsiAG7y5ujORytMP5N8Ydkqpg5Pn2S yZrAVRSn0gGdYoe7Tv8MWmgMvj3uUaAB4lHzDQOZAxrx/w6fUqUYUGo+74j9p7BdpXBE 3RXijhHiF04cXkGTbyys2KB2IUGidjYKVU22Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=jUHtlp1fiJswcOa5UVMgLh3SVMseFuxh6nqwVTYaKCMun9JE+Hrj8yPoKx3Y/9Nkyg U9+s8P+A9RhUTCdQ4STUyJLb/IJte70YLdTavJw21at5F4vdkEfRZmdPDZYOl8qjVVoH 22AYV+taRkmHR6Ke0g426bcFUi1sHoQDqmBZQ= Received: by 10.142.239.13 with SMTP id m13mr5403658wfh.298.1220905632783; Mon, 08 Sep 2008 13:27:12 -0700 (PDT) Received: by 10.142.212.13 with HTTP; Mon, 8 Sep 2008 13:27:12 -0700 (PDT) Message-ID: <8e554cf90809081327o44074ee1m16d3133ac8f8b620@mail.gmail.com> Date: Mon, 8 Sep 2008 23:27:12 +0300 From: "Haim Cohen" To: users@tomcat.apache.org Subject: Re: Error while trying to use trial certificate for SSL in Tomcat In-Reply-To: <8e554cf90809040722t8c54308t8e567b85721d2106@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_106889_22687598.1220905632779" References: <8e554cf90809040722t8c54308t8e567b85721d2106@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_106889_22687598.1220905632779 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Can anyone please help with the question below? I'm pretty much clueless... I think I followed the HOWTO but it seems to be not working... so I must have missed something... Thanks!! On Thu, Sep 4, 2008 at 5:22 PM, Haim Cohen wrote: > Hi > > I'm new to Tomcat and I'm trying to set SSL on a Tomcat server and to > understand how it should be done. > > I started with generating key as explained in the Tomcat SSL howto and > everything went well and I succeeded to connect using https to my server, of > course the browser did not recognize the certificate but this is ok. > > Then I moved to the next phase and created a trial certificate in Verisign > and followed the instructions specified in the Verisign site and in the > howto. > After the installation Tomcat getting to following exception: > Sep 4, 2008 4:43:06 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run > SEVERE: Socket accept failed > java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No > available certificate or key corresponds to the SSL cipher suites which are > enabled. > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) > at > org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310) > at java.lang.Thread.run(Unknown Source) > > Tomcat kept getting this exception and hunged the machine after creating a > log file in the size of all the free disk space (I only had there 10GB). > > Can anyone help me understand where I was wrong? > > To enable the SSL I made the following: > 1. generated trial key and got the intermediateCA from Verisign > 2. run keytool to create keystore: > keytool.exe -import -alias intermediateCA -keystore .\myKeystore > -trustcacerts -file intermediateCA.cert > keytool.exe -import -alias tomcat -keystore .\myKeystore -trustcacerts > -file mine.cert > 3. updated the server.xml and added a connector as following: > port="8443" minSpareThreads="5" maxSpareThreads="75" > enableLookups="true" disableUploadTimeout="true" > acceptCount="100" maxThreads="150" > scheme="https" secure="true" SSLEnabled="true" > keystoreFile="full path to myKeystore" keystorePass="123456" > clientAuth="false" sslProtocol="TLS"/> > > The only difference I found was that when I listed the keys in the keystore > I got PrivateKeyEntry for the generated keys and trustedCertEntry for the > trial keys. can it be connected? > > The self generated file: > ---------------------------- > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 1 entry > > tomcat, Sep 3, 2008, PrivateKeyEntry, > Certificate fingerprint (MD5): > 6F:EC:48:31:4C:CC:2A:C3:AB:10:22:BD:A3:78:44:AF > ---------------------------- > > The trial file: > ---------------------------- > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 2 entries > > intermediateca, Sep 4, 2008, trustedCertEntry, > Certificate fingerprint (MD5): > 8D:E9:89:DB:7F:CC:5E:3B:FD:DE:2C:42:08:13:EF:43 > tomcat, Sep 4, 2008, trustedCertEntry, > Certificate fingerprint (MD5): > AC:9F:D0:82:72:BC:61:26:CB:7F:44:5C:AF:06:F1:20 > --------------------------- > > Thanks!!! > Haim > ------=_Part_106889_22687598.1220905632779--