tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: Question: Tomcat SSL configuration issue
Date Sat, 30 Jul 2011 09:18:35 GMT
Am Freitag, den 29.07.2011, 10:44 -1000 schrieb Sammaiah Kyatham:
> Hello Felix,
> 
> Thanks for the response.
> 
> I have received new certificated based on new CSR generated.
> While importing cert in to key, I'm getting the following error:
> java.lang.Exception: Failed to establish chain from reply
> 
> Here is the keytool command that I used for this:
> 
> keytool -import -alias tomcat -keystore c:/cert/final/private_key
> -trustcacerts -file c:/cert/final/cert.cer.txt
> Enter keystore password:
> keytool error: java.lang.Exception: Failed to establish chain from reply
I think you don't want to add the cert into your trustcacert, so try
removing -trustcacerts from your command line.

Bye
 Felix
> 
> I'm I missing something here.... Thanks in advance.
> 
> Sammaiah
> 
> 
> On 27 July 2011 19:41, Felix Schumacher
> <felix.schumacher@internetallee.de>wrote:
> 
> >
> >
> > Sammaiah Kyatham <sammaiahforu@googlemail.com> schrieb:
> >
> > >Hello,
> > >
> > Your keystore has no private key.
> > The output of keytool below shows only a certificate.
> > You can use keytool -importkeystore to import key and certificate at the
> > same time.
> >
> > Regards
> >  Felix
> > >Could you help me on this issue. I spent many hours with the various
> > >options
> > >> and couldn’t resolve.
> > >>
> > >>
> > >>
> > >> I have configured the server.xml as per the tomcat configuration,
> > >however
> > >> I’m getting below errors.
> > >>
> > >>
> > >>
> > >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> > >> keystoreFile="C:\Program Files\Java\jre6\bin\hakioskcheckin2_key"
> > >> keystorePass="PrivatePWD" keyAlias="tomcat" maxThreads="150"
> > >scheme="https"
> > >> secure="true" clientAuth="false" sslProtocol="TLS" />
> > >>
> > >>
> > >>
> > >> The exception in Catelina log:
> > >>
> > >>
> > >>
> > >> Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init
> > >>
> > >> SEVERE: Error initializing endpoint
> > >>
> > >> java.io.IOException: Alias name tomcat does not identify a key entry
> > >>
> > >>             at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546)
> > >>
> > >>             at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
> > >>
> > >>             at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
> > >>
> > >>             at
> > >> org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> > >>
> > >>             at
> > >> org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
> > >>
> > >>             at
> > >>
> > >org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
> > >>
> > >>             at
> > >>
> >
> > >org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
> > >>
> > >>             at
> > >>
> >
> > >org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
> > >>
> > >>             at
> > >> org.apache.catalina.startup.Catalina.load(Catalina.java:538)
> > >>
> > >>             at
> > >> org.apache.catalina.startup.Catalina.load(Catalina.java:562)
> > >>
> > >>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> > >Method)
> > >>
> > >>             at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
> > >Source)
> > >>
> > >>             at
> > >sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> > >> Source)
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> When list the key using keytool, It lists alias tomcat as
> > >>
> > >> keytool -list -keystore hakioskcheckin2_key -storepass XXXXXX
> > >> Keystore type: JKS
> > >> Keystore provider: SUN
> > >>
> > >> Your keystore contains 1 entry
> > >>
> > >> tomcat, Jul 26, 2011, trustedCertEntry,
> > >> Certificate fingerprint (MD5): -removed intentionally-
> > >>
> > >>
> > >>
> > >> *If I remove alias from server.xml then following exception is
> > >throwing*
> > >>
> > >>
> > >java.io.IOException<
> > http://download.oracle.com/javase/6/docs/api/java/io/IOException.html>:
> > >> jsse.invalid_ssl_conf
> > >> at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
> > >>
> > >> at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
> > >>
> > >> at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
> > >>
> > >> at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> > >> at
> > >org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
> > >> at
> > >org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
> > >>
> > >> at
> > >>
> >
> > >org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
> > >>
> > >> at
> > >>
> >
> > >org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
> > >>
> > >> at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> > >> at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
> > >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message