Return-Path: 
 <users-return-230834-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id B3DC99F02
	for <apmail-tomcat-users-archive@www.apache.org>;
 Thu,  5 Jan 2012 18:23:27 +0000 (UTC)
Received: (qmail 34527 invoked by uid 500); 5 Jan 2012 18:23:23 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 34476 invoked by uid 500); 5 Jan 2012 18:23:23 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 34466 invoked by uid 99); 5 Jan 2012 18:23:22 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2012 18:23:22 +0000
X-ASF-Spam-Status: No, hits=2.2 required=5.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [12.160.87.73] (HELO mx1.nexweb.org) (12.160.87.73)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2012 18:23:16 +0000
Received: from ngate1.nexweb.us ([164.226.177.14])
	by mx1.nexweb.org (8.14.1/8.14.1) with ESMTP id q05ITEWx016302
	for <users@tomcat.apache.org>; Thu, 5 Jan 2012 13:29:14 -0500
In-Reply-To: <4F04B697.6050300@pidster.com>
References: 
 <OFC5B5A8ED.F195B21C-ON8525797B.006A921B-8525797B.006B752A@nexweb.us>
 <4F04B697.6050300@pidster.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
MIME-Version: 1.0
Subject: Re: SSL Configuration Errors
X-KeepSent: 24BF5D4D:6C04751B-8525797C:00647A4C;
 type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.1 September 28, 2009
Message-ID: 
 <OF24BF5D4D.6C04751B-ON8525797C.00647A4C-8525797C.0064F6BF@nexweb.us>
From: Justin Larose <Justin.Larose@nexweb.org>
Date: Thu, 5 Jan 2012 13:22:48 -0500
X-MIMETrack: Serialize by Router on NGATE1/HQ/NEXNET(Release 8.5|December 05,
 2008) at
 01/05/2012 01:22:46 PM,
	Serialize complete at 01/05/2012 01:22:46 PM
Content-Type: multipart/alternative;
 boundary="=_alternative 0064F6BD8525797C_="

--=_alternative 0064F6BD8525797C_=
Content-Type: text/plain; charset="US-ASCII"

Sorry. Comments removed.

___________________

<?xml version='1.0' encoding='utf-8'?>
<Server port="8405" shutdown="SHUTDOWN">
   <Listener className="org.apache.catalina.core.JasperListener" />
   <Listener 
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
   <Listener 
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
   <Listener 
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

   <GlobalNamingResources>
     <Resource name="UserDatabase" auth="Container"
               type="org.apache.catalina.UserDatabase"
               description="User database that can be updated and saved"
  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
               pathname="conf/tomcat-users.xml" />
   </GlobalNamingResources>

   <Service name="Catalina">

     <Connector port="18080" protocol="HTTP/1.1"
                connectionTimeout="20000"
                redirectPort="8443" />

  <Connector
    clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
    enableLookups="true" disableUploadTimeout="true"
    acceptCount="100" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
7.0\conf\wcmdev-ssl.jks"
    keystoreType="JKS" keystorePass="******"
    truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 
7.0\conf\wcmdev-ssl.jks"
    truststoreType="JKS" truststorePass="******"
    SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" 
sslProtocol="TLS" />

    <Connector port="8409" protocol="AJP/1.3" redirectPort="8443" />


    <Engine name="Catalina" defaultHost="localhost">

    <Realm className="org.apache.catalina.realm.LockOutRealm">
         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                resourceName="UserDatabase"/>
       </Realm>

       <Host name="localhost"  appBase="webapps"
             unpackWARs="true" autoDeploy="true">

         <Valve className="org.apache.catalina.valves.AccessLogValve" 
directory="logs"
                prefix="localhost_access_log." suffix=".txt"
                pattern="%h %l %u %t &quot;%r&quot; %s %b" 
resolveHosts="false"/>

       </Host>
     </Engine>
   </Service>
 </Server>


Thanks,
Justin LaRose




From:   Pid <pid@pidster.com>
To:     Tomcat Users List <users@tomcat.apache.org>
Date:   01/04/2012 03:29 PM
Subject:        Re: SSL Configuration Errors


On 04/01/2012 19:33, Justin Larose wrote:
> Hello Group,
>
> I am seeing this error when starting Tomcat 7 on Windows.
>
> SEVERE: Failed to initialize end point associated with ProtocolHandler
> ["http-bio-8443"]
> java.io.IOException: SSL configuration is invalid due to No available
> certificate or key corresponds to the SSL cipher suites which are 
enabled.
>
> I have 3 certs in the keystore 1 root, 1 intermediate and the one 
received
> from the csr. I also confirmed they are pointing to the correct place 
and
> I can see them if I do a
> "keytool -list -v -keystore keystore.jks -alias mydomain"
>
> I have attached my server.xml below. Anyone know where to start?

By removing the comments?


p

> ___________
>
> <?xml version='1.0' encoding='utf-8'?>
> <Server port="8405" shutdown="SHUTDOWN">
>   <!-- Security listener. Documentation at /docs/config/listeners.html
>   <Listener className="org.apache.catalina.security.SecurityListener" />
>   -->
>   <!--APR library loader. Documentation at /docs/apr.html -->
>   <!-- <Listener 
className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" /> -->
>   <!--Initialize Jasper prior to webapps are loaded. Documentation at
> /docs/jasper-howto.html -->
>   <Listener className="org.apache.catalina.core.JasperListener" />
>   <!-- Prevent memory leaks due to use of particular java/javax APIs-->
>   <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>   <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" 
/>
>   <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" 
/>
>
>   <!-- Global JNDI resources
>        Documentation at /docs/jndi-resources-howto.html
>   -->
>   <GlobalNamingResources>
>     <!-- Editable user database that can also be used by
>          UserDatabaseRealm to authenticate users
>     -->
>     <Resource name="UserDatabase" auth="Container"
>               type="org.apache.catalina.UserDatabase"
>               description="User database that can be updated and saved"
>  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>               pathname="conf/tomcat-users.xml" />
>   </GlobalNamingResources>
>
>   <!-- A "Service" is a collection of one or more "Connectors" that 
share
>        a single "Container" Note:  A "Service" is not itself a
> "Container",
>        so you may not define subcomponents such as "Valves" at this 
level.
>        Documentation at /docs/config/service.html
>    -->
>   <Service name="Catalina">
>
>     <!--The connectors can use a shared executor, you can define one or
> more named thread pools-->
>     <!--
>     <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
>         maxThreads="150" minSpareThreads="4"/>
>     -->
>
>
>     <!-- A "Connector" represents an endpoint by which requests are
> received
>          and responses are returned. Documentation at :
>          Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
>          Java AJP  Connector: /docs/config/ajp.html
>          APR (HTTP/AJP) Connector: /docs/apr.html
>          Define a non-SSL HTTP/1.1 Connector on port 8080
>     -->
>     <Connector port="18080" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="8443" />
>     <!-- A "Connector" using the shared thread pool-->
>     <!--
>     <Connector executor="tomcatThreadPool"
>                port="8080" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="8443" />
>     -->
>     <!-- Define a SSL HTTP/1.1 Connector on port 8443
>          This connector uses the JSSE configuration, when using APR, the
>          connector should be using the OpenSSL style configuration
>          described in the APR documentation -->
>
> <!--
>     <Connector  port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>                 maxThreads="150" scheme="https" secure="true"
>                 clientAuth="false" sslProtocol="TLS" />
>  -->
>
>  <Connector
>    clientAuth="true" port="8443" minSpareThreads="5" 
maxSpareThreads="75"
>    enableLookups="true" disableUploadTimeout="true"
>    acceptCount="100" maxThreads="200"
>    scheme="https" secure="true" SSLEnabled="true"
>    keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
> 7.0\conf\wcmdev-ssl.jks"
>    keystoreType="JKS" keystorePass="******"
>    truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat
> 7.0\conf\wcmdev-ssl.jks"
>    truststoreType="JKS" truststorePass="******"
>    SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"
> sslProtocol="TLS"
> />
>
>     <!-- Define an AJP 1.3 Connector on port 8409 -->
>     <Connector port="8409" protocol="AJP/1.3" redirectPort="8443" />
>
>
>     <!-- An Engine represents the entry point (within Catalina) that
> processes
>          every request.  The Engine implementation for Tomcat stand 
alone
>          analyzes the HTTP headers included with the request, and passes
> them
>          on to the appropriate Host (virtual host).
>          Documentation at /docs/config/engine.html -->
>
>     <!-- You should set jvmRoute to support load-balancing via AJP ie :
>     <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>     -->
>     <Engine name="Catalina" defaultHost="localhost">
>
>       <!--For clustering, please take a look at documentation at:
>           /docs/cluster-howto.html  (simple how to)
>           /docs/config/cluster.html (reference documentation) -->
>       <!--
>       <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
>       -->
>
>       <!-- Use the LockOutRealm to prevent attempts to guess user
> passwords
>            via a brute-force attack -->
>       <Realm className="org.apache.catalina.realm.LockOutRealm">
>         <!-- This Realm uses the UserDatabase configured in the global
> JNDI
>              resources under the key "UserDatabase".  Any edits
>              that are performed against this UserDatabase are 
immediately
>              available for use by the Realm.  -->
>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>                resourceName="UserDatabase"/>
>       </Realm>
>
>       <Host name="localhost"  appBase="webapps"
>             unpackWARs="true" autoDeploy="true">
>
>         <!-- SingleSignOn valve, share authentication between web
> applications
>              Documentation at: /docs/config/valve.html -->
>         <!--
>         <Valve 
className="org.apache.catalina.authenticator.SingleSignOn"
> />
>         -->
>
>         <!-- Access log processes all example.
>              Documentation at: /docs/config/valve.html
>              Note: The pattern used is equivalent to using
> pattern="common" -->
>         <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>                prefix="localhost_access_log." suffix=".txt"
>                pattern="%h %l %u %t &quot;%r&quot; %s %b"
> resolveHosts="false"/>
>
>       </Host>
>     </Engine>
>   </Service>
> </Server>
>
>
> Thanks,
> Justin LaRose
> 
******************************************************************************
> This email and any files transmitted with it are intended solely for
> the use of the individual or agency to whom they are addressed.
> If you have received this email in error please notify the Navy
> Exchange Service Command e-mail administrator. This footnote
> also confirms that this email message has been scanned for the
> presence of computer viruses.
>
> Thank You!
> 
******************************************************************************
>
>


--

[key:62590808]

[attachment "signature.asc" deleted by Justin Larose/VAB/HQ/NEXNET] 

--=_alternative 0064F6BD8525797C_=--