tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Kostival <bkosti...@universallumpers.com>
Subject GoDaddy SSL cert update from SHA1 to SHA2
Date Thu, 18 Dec 2014 22:28:01 GMT
Tomcat 6.0.x
Windows Server 2008
Running Java 7
Home grown app written in STS

Running HTTPS with SHA1 cert
Obtained SHA2 cert from GoDaddy by sending CSR generated from original keystore.  Removed
existing aliases from original keystore and loaded new root and domain cert to keystore.
Trying to run up the new cert gives me this error:

SEVERE: Error starting endpoint
java.io.IOException: jsse.invalid_ssl_conf
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
        at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
        at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
        at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207)
        at org.apache.catalina.connector.Connector.start(Connector.java:1196)
        at org.apache.catalina.core.StandardService.start(StandardService.java:540)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the
SSL cipher suites which are enabled.

I feel like I'm missing something basic in the keystore.  Any ideas?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message