On 04/01/2012 19:33, Justin Larose wrote:
> Hello Group,
>=20
> I am seeing this error when starting Tomcat 7 on Windows.
>=20
> SEVERE: Failed to initialize end point associated with ProtocolHandler =
> ["http-bio-8443"]
> java.io.IOException: SSL configuration is invalid due to No available=20
> certificate or key corresponds to the SSL cipher suites which are enabl=
ed.
>=20
> I have 3 certs in the keystore 1 root, 1 intermediate and the one recei=
ved=20
> from the csr. I also confirmed they are pointing to the correct place a=
nd=20
> I can see them if I do a
> "keytool -list -v -keystore keystore.jks -alias mydomain"
>=20
> I have attached my server.xml below. Anyone know where to start?
By removing the comments?
p
> ___________
>=20
> <?xml version=3D'1.0' encoding=3D'utf-8'?>
> <Server port=3D"8405" shutdown=3D"SHUTDOWN">
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className=3D"org.apache.catalina.security.SecurityListener"=
/>
> -->
> <!--APR library loader. Documentation at /docs/apr.html -->
> <!-- <Listener className=3D"org.apache.catalina.core.AprLifecycleList=
ener"=20
> SSLEngine=3D"on" /> -->
> <!--Initialize Jasper prior to webapps are loaded. Documentation at=20
> /docs/jasper-howto.html -->
> <Listener className=3D"org.apache.catalina.core.JasperListener" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->=
> <Listener=20
> className=3D"org.apache.catalina.core.JreMemoryLeakPreventionListener" =
/>
> <Listener=20
> className=3D"org.apache.catalina.mbeans.GlobalResourcesLifecycleListene=
r" />
> <Listener=20
> className=3D"org.apache.catalina.core.ThreadLocalLeakPreventionListener=
" />
>=20
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name=3D"UserDatabase" auth=3D"Container"
> type=3D"org.apache.catalina.UserDatabase"
> description=3D"User database that can be updated and save=
d"
> factory=3D"org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname=3D"conf/tomcat-users.xml" />
> </GlobalNamingResources>
>=20
> <!-- A "Service" is a collection of one or more "Connectors" that sha=
re
> a single "Container" Note: A "Service" is not itself a=20
> "Container",=20
> so you may not define subcomponents such as "Valves" at this lev=
el.
> Documentation at /docs/config/service.html
> -->
> <Service name=3D"Catalina">
>=20
> <!--The connectors can use a shared executor, you can define one or=
=20
> more named thread pools-->
> <!--
> <Executor name=3D"tomcatThreadPool" namePrefix=3D"catalina-exec-"=20
> maxThreads=3D"150" minSpareThreads=3D"4"/>
> -->
>=20
>=20
> <!-- A "Connector" represents an endpoint by which requests are=20
> received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html (blocking &=20
> non-blocking)
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL HTTP/1.1 Connector on port 8080
> -->
> <Connector port=3D"18080" protocol=3D"HTTP/1.1"=20
> connectionTimeout=3D"20000"=20
> redirectPort=3D"8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor=3D"tomcatThreadPool"
> port=3D"8080" protocol=3D"HTTP/1.1"=20
> connectionTimeout=3D"20000"=20
> redirectPort=3D"8443" />
> -->=20
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> This connector uses the JSSE configuration, when using APR, th=
e=20
> connector should be using the OpenSSL style configuration
> described in the APR documentation -->
>=20
> <!--
> <Connector port=3D"8443" protocol=3D"HTTP/1.1" SSLEnabled=3D"true"=
> maxThreads=3D"150" scheme=3D"https" secure=3D"true"
> clientAuth=3D"false" sslProtocol=3D"TLS" />
> -->
>=20
> <Connector
> clientAuth=3D"true" port=3D"8443" minSpareThreads=3D"5" maxSpareThre=
ads=3D"75"
> enableLookups=3D"true" disableUploadTimeout=3D"true"
> acceptCount=3D"100" maxThreads=3D"200"
> scheme=3D"https" secure=3D"true" SSLEnabled=3D"true"
> keystoreFile=3D"F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat=20
> 7.0\conf\wcmdev-ssl.jks"
> keystoreType=3D"JKS" keystorePass=3D"******"
> truststoreFile=3D"F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat=20
> 7.0\conf\wcmdev-ssl.jks"
> truststoreType=3D"JKS" truststorePass=3D"******"
> SSLVerifyClient=3D"require" SSLEngine=3D"on" SSLVerifyDepth=3D"2"=20
> sslProtocol=3D"TLS"
> />
>=20
> <!-- Define an AJP 1.3 Connector on port 8409 -->
> <Connector port=3D"8409" protocol=3D"AJP/1.3" redirectPort=3D"8443"=
/>
>=20
>=20
> <!-- An Engine represents the entry point (within Catalina) that=20
> processes
> every request. The Engine implementation for Tomcat stand alo=
ne
> analyzes the HTTP headers included with the request, and passe=
s=20
> them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
>=20
> <!-- You should set jvmRoute to support load-balancing via AJP ie :=
> <Engine name=3D"Catalina" defaultHost=3D"localhost" jvmRoute=3D"jvm=
1"> =20
> -->=20
> <Engine name=3D"Catalina" defaultHost=3D"localhost">
>=20
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className=3D"org.apache.catalina.ha.tcp.SimpleTcpCluster=
"/>
> -->=20
>=20
> <!-- Use the LockOutRealm to prevent attempts to guess user=20
> passwords
> via a brute-force attack -->
> <Realm className=3D"org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global =
> JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediate=
ly
> available for use by the Realm. -->
> <Realm className=3D"org.apache.catalina.realm.UserDatabaseRealm=
"
> resourceName=3D"UserDatabase"/>
> </Realm>
>=20
> <Host name=3D"localhost" appBase=3D"webapps"
> unpackWARs=3D"true" autoDeploy=3D"true">
>=20
> <!-- SingleSignOn valve, share authentication between web=20
> applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className=3D"org.apache.catalina.authenticator.SingleSig=
nOn"=20
> />
> -->
>=20
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using=20
> pattern=3D"common" -->
> <Valve className=3D"org.apache.catalina.valves.AccessLogValve" =
> directory=3D"logs"=20
> prefix=3D"localhost_access_log." suffix=3D".txt"
> pattern=3D"%h %l %u %t "%r" %s %b"=20
> resolveHosts=3D"false"/>
>=20
> </Host>
> </Engine>
> </Service>
> </Server>
>=20
>=20
> Thanks,
> Justin LaRose
> ***********************************************************************=
*******
> This email and any files transmitted with it are intended solely for=20
> the use of the individual or agency to whom they are addressed.=20
> If you have received this email in error please notify the Navy=20
> Exchange Service Command e-mail administrator. This footnote=20
> also confirms that this email message has been scanned for the
> presence of computer viruses.
>=20
> Thank You! =20
> ***********************************************************************=
*******
>=20
>=20
--=20
[key:62590808]
|