Re: GoDaddy SSL cert update from SHA1 to SHA2
And how do I get the Private Key back? Its definitely not there. From: Igor Cicimov Sent: Thursday, December 18, 2014 17:52 To: Tomcat Users List Subject: Re: GoDaddy SSL cert update from SHA1 to SHA2 On Fri, Dec 19, 2014 at 9:56 AM, Bruce Kostival < bkosti...@universallumpers.com> wrote: > > Thanks Igor I'll poke around based on your input. > > From: Igor Cicimov > Sent: Thursday, December 18, 2014 15:49 > To: Tomcat Users List > Subject: Re: GoDaddy SSL cert update from SHA1 to SHA2 > > On Fri, Dec 19, 2014 at 9:28 AM, Bruce Kostival < > bkosti...@universallumpers.com> wrote: > > > > Tomcat 6.0.x > > Windows Server 2008 > > Running Java 7 > > Home grown app written in STS > > > > Running HTTPS with SHA1 cert > > Obtained SHA2 cert from GoDaddy by sending CSR generated from original > > keystore. Removed existing aliases from original keystore and loaded new > > root and domain cert to keystore. > > Trying to run up the new cert gives me this error: > > > > SEVERE: Error starting endpoint > > java.io.IOException: jsse.invalid_ssl_conf > > at > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846) > > at > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522) > > at > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) > > at > > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) > > at > > org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565) > > at > > org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207) > > at > > org.apache.catalina.connector.Connector.start(Connector.java:1196) > > at > > org.apache.catalina.core.StandardService.start(StandardService.java:540) > > at > > org.apache.catalina.core.StandardServer.start(StandardServer.java:754) > > at org.apache.catalina.startup.Catalina.start(Catalina.java:595) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > > at java.lang.reflect.Method.invoke(Unknown Source) > > at > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > > Caused by: javax.net.ssl.SSLException: No available certificate or key > > corresponds to the SSL cipher suites which are enabled. > > > > I feel like I'm missing something basic in the keystore. Any ideas? > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > Just guessing but based on the cause given in the above error you > probably > have ciphers set in your connector using 128 bit key, something like this: > >ciphers="SSL_RSA_WITH_RC4_128_MD5, >SSL_RSA_WITH_RC4_128_SHA, >TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, >TLS_ECDHE_RSA_WITH_RC4_128_SHA, >TLS_ECDH_ECDSA_WITH_RC4_128_SHA, >TLS_ECDH_RSA_WITH_RC4_128_SHA" > > In that case try to change that to match your new 256 bit key now. Of > course take care of the proper cipher suit names for BIO/NIO or APR > connector since they differ (the above example is for BIO/NIO connector). > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Another possibility is that you have removed the private key used to generate the new CSR by removing the old aliases from the keystore. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GoDaddy SSL cert update from SHA1 to SHA2
Thanks Igor I'll poke around based on your input. From: Igor Cicimov Sent: Thursday, December 18, 2014 15:49 To: Tomcat Users List Subject: Re: GoDaddy SSL cert update from SHA1 to SHA2 On Fri, Dec 19, 2014 at 9:28 AM, Bruce Kostival < bkosti...@universallumpers.com> wrote: > > Tomcat 6.0.x > Windows Server 2008 > Running Java 7 > Home grown app written in STS > > Running HTTPS with SHA1 cert > Obtained SHA2 cert from GoDaddy by sending CSR generated from original > keystore. Removed existing aliases from original keystore and loaded new > root and domain cert to keystore. > Trying to run up the new cert gives me this error: > > SEVERE: Error starting endpoint > java.io.IOException: jsse.invalid_ssl_conf > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) > at > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) > at > org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565) > at > org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207) > at > org.apache.catalina.connector.Connector.start(Connector.java:1196) > at > org.apache.catalina.core.StandardService.start(StandardService.java:540) > at > org.apache.catalina.core.StandardServer.start(StandardServer.java:754) > at org.apache.catalina.startup.Catalina.start(Catalina.java:595) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > Caused by: javax.net.ssl.SSLException: No available certificate or key > corresponds to the SSL cipher suites which are enabled. > > I feel like I'm missing something basic in the keystore. Any ideas? > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Just guessing but based on the cause given in the above error you probably have ciphers set in your connector using 128 bit key, something like this: ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA" In that case try to change that to match your new 256 bit key now. Of course take care of the proper cipher suit names for BIO/NIO or APR connector since they differ (the above example is for BIO/NIO connector). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
GoDaddy SSL cert update from SHA1 to SHA2
Tomcat 6.0.x Windows Server 2008 Running Java 7 Home grown app written in STS Running HTTPS with SHA1 cert Obtained SHA2 cert from GoDaddy by sending CSR generated from original keystore. Removed existing aliases from original keystore and loaded new root and domain cert to keystore. Trying to run up the new cert gives me this error: SEVERE: Error starting endpoint java.io.IOException: jsse.invalid_ssl_conf at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207) at org.apache.catalina.connector.Connector.start(Connector.java:1196) at org.apache.catalina.core.StandardService.start(StandardService.java:540) at org.apache.catalina.core.StandardServer.start(StandardServer.java:754) at org.apache.catalina.startup.Catalina.start(Catalina.java:595) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. I feel like I'm missing something basic in the keystore. Any ideas? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org