tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: SSL Configuration Errors
Date Wed, 04 Jan 2012 20:29:11 GMT
On 04/01/2012 19:33, Justin Larose wrote:
> Hello Group,
> 
> I am seeing this error when starting Tomcat 7 on Windows.
> 
> SEVERE: Failed to initialize end point associated with ProtocolHandler 
> ["http-bio-8443"]
> java.io.IOException: SSL configuration is invalid due to No available 
> certificate or key corresponds to the SSL cipher suites which are enabled.
> 
> I have 3 certs in the keystore 1 root, 1 intermediate and the one received 
> from the csr. I also confirmed they are pointing to the correct place and 
> I can see them if I do a
> "keytool -list -v -keystore keystore.jks -alias mydomain"
> 
> I have attached my server.xml below. Anyone know where to start?

By removing the comments?


p

> ___________
> 
> <?xml version='1.0' encoding='utf-8'?>
> <Server port="8405" shutdown="SHUTDOWN">
>   <!-- Security listener. Documentation at /docs/config/listeners.html
>   <Listener className="org.apache.catalina.security.SecurityListener" />
>   -->
>   <!--APR library loader. Documentation at /docs/apr.html -->
>   <!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" 
> SSLEngine="on" /> -->
>   <!--Initialize Jasper prior to webapps are loaded. Documentation at 
> /docs/jasper-howto.html -->
>   <Listener className="org.apache.catalina.core.JasperListener" />
>   <!-- Prevent memory leaks due to use of particular java/javax APIs-->
>   <Listener 
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>   <Listener 
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
>   <Listener 
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
> 
>   <!-- Global JNDI resources
>        Documentation at /docs/jndi-resources-howto.html
>   -->
>   <GlobalNamingResources>
>     <!-- Editable user database that can also be used by
>          UserDatabaseRealm to authenticate users
>     -->
>     <Resource name="UserDatabase" auth="Container"
>               type="org.apache.catalina.UserDatabase"
>               description="User database that can be updated and saved"
>  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>               pathname="conf/tomcat-users.xml" />
>   </GlobalNamingResources>
> 
>   <!-- A "Service" is a collection of one or more "Connectors" that share
>        a single "Container" Note:  A "Service" is not itself a 
> "Container", 
>        so you may not define subcomponents such as "Valves" at this level.
>        Documentation at /docs/config/service.html
>    -->
>   <Service name="Catalina">
> 
>     <!--The connectors can use a shared executor, you can define one or 
> more named thread pools-->
>     <!--
>     <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" 
>         maxThreads="150" minSpareThreads="4"/>
>     -->
> 
> 
>     <!-- A "Connector" represents an endpoint by which requests are 
> received
>          and responses are returned. Documentation at :
>          Java HTTP Connector: /docs/config/http.html (blocking & 
> non-blocking)
>          Java AJP  Connector: /docs/config/ajp.html
>          APR (HTTP/AJP) Connector: /docs/apr.html
>          Define a non-SSL HTTP/1.1 Connector on port 8080
>     -->
>     <Connector port="18080" protocol="HTTP/1.1" 
>                connectionTimeout="20000" 
>                redirectPort="8443" />
>     <!-- A "Connector" using the shared thread pool-->
>     <!--
>     <Connector executor="tomcatThreadPool"
>                port="8080" protocol="HTTP/1.1" 
>                connectionTimeout="20000" 
>                redirectPort="8443" />
>     --> 
>     <!-- Define a SSL HTTP/1.1 Connector on port 8443
>          This connector uses the JSSE configuration, when using APR, the 
>          connector should be using the OpenSSL style configuration
>          described in the APR documentation -->
> 
> <!--
>     <Connector  port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>                 maxThreads="150" scheme="https" secure="true"
>                 clientAuth="false" sslProtocol="TLS" />
>  -->
> 
>  <Connector
>    clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
>    enableLookups="true" disableUploadTimeout="true"
>    acceptCount="100" maxThreads="200"
>    scheme="https" secure="true" SSLEnabled="true"
>    keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
> 7.0\conf\wcmdev-ssl.jks"
>    keystoreType="JKS" keystorePass="******"
>    truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
> 7.0\conf\wcmdev-ssl.jks"
>    truststoreType="JKS" truststorePass="******"
>    SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" 
> sslProtocol="TLS"
> />
> 
>     <!-- Define an AJP 1.3 Connector on port 8409 -->
>     <Connector port="8409" protocol="AJP/1.3" redirectPort="8443" />
> 
> 
>     <!-- An Engine represents the entry point (within Catalina) that 
> processes
>          every request.  The Engine implementation for Tomcat stand alone
>          analyzes the HTTP headers included with the request, and passes 
> them
>          on to the appropriate Host (virtual host).
>          Documentation at /docs/config/engine.html -->
> 
>     <!-- You should set jvmRoute to support load-balancing via AJP ie :
>     <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">  
>     --> 
>     <Engine name="Catalina" defaultHost="localhost">
> 
>       <!--For clustering, please take a look at documentation at:
>           /docs/cluster-howto.html  (simple how to)
>           /docs/config/cluster.html (reference documentation) -->
>       <!--
>       <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
>       --> 
> 
>       <!-- Use the LockOutRealm to prevent attempts to guess user 
> passwords
>            via a brute-force attack -->
>       <Realm className="org.apache.catalina.realm.LockOutRealm">
>         <!-- This Realm uses the UserDatabase configured in the global 
> JNDI
>              resources under the key "UserDatabase".  Any edits
>              that are performed against this UserDatabase are immediately
>              available for use by the Realm.  -->
>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>                resourceName="UserDatabase"/>
>       </Realm>
> 
>       <Host name="localhost"  appBase="webapps"
>             unpackWARs="true" autoDeploy="true">
> 
>         <!-- SingleSignOn valve, share authentication between web 
> applications
>              Documentation at: /docs/config/valve.html -->
>         <!--
>         <Valve className="org.apache.catalina.authenticator.SingleSignOn" 
> />
>         -->
> 
>         <!-- Access log processes all example.
>              Documentation at: /docs/config/valve.html
>              Note: The pattern used is equivalent to using 
> pattern="common" -->
>         <Valve className="org.apache.catalina.valves.AccessLogValve" 
> directory="logs" 
>                prefix="localhost_access_log." suffix=".txt"
>                pattern="%h %l %u %t &quot;%r&quot; %s %b" 
> resolveHosts="false"/>
> 
>       </Host>
>     </Engine>
>   </Service>
> </Server>
> 
> 
> Thanks,
> Justin LaRose
> ******************************************************************************
> This email and any files transmitted with it are intended solely for 
> the use of the individual or agency to whom they are addressed. 
> If you have received this email in error please notify the Navy 
> Exchange Service Command e-mail administrator. This footnote 
> also confirms that this email message has been scanned for the
> presence of computer viruses.
> 
> Thank You!            
> ******************************************************************************
> 
> 


-- 

[key:62590808]


Mime
View raw message