tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Date Fri, 26 Oct 2012 09:27:19 GMT
Gabriel Huerta Araujo wrote:
...
> GRAVE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
> java.io.IOException: La configuración SSL no es válida debido a No available certificate
or key corresponds to the SSL cipher suites which are enabled.
> 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:822)
...

> Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to
the SSL cipher suites which are enabled.
> 	at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
> 	at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)

Hola.
I'm not a specialist of SSL, but what the messages above are saying is that there is a 
mistmatch between the encryption/decryption methods that are available to the selected 
HTTPS Connector, and the one you used to create your certificate, with the result that the

Connector cannot read the certificate.
(Example : you encrypted your  certificate using method "A", but the Connector by default

can only decrypt things using methods "B", "C" or "D").
Or something of the kind.
Therefor, the Connector does not start.
Therefor, Tomcat is not listening on that port (8443).
Therefor, when you try to connect to that port with IE, IE tells you that the server 
rejects a connection to that port.

Unless I am mistaken, the connector you are using uses the Java-VM-provided SSL 
mechanisms.  I would imagine that the Java JVM provides some encryption schemes by 
default, and some others optionally.  There must be a parameter somewhere to 
enable/disable some of these schemes.  It's more of a Java thing, but there may be a 
mention of this somewhere in the online Tomcat docs.
Look for terms like "DES", "SHA*", "Blowfish",..


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message