Re: Question: Tomcat SSL configuration issue
Am Freitag, den 29.07.2011, 10:44 -1000 schrieb Sammaiah Kyatham: Hello Felix, Thanks for the response. I have received new certificated based on new CSR generated. While importing cert in to key, I'm getting the following error: java.lang.Exception: Failed to establish chain from reply Here is the keytool command that I used for this: keytool -import -alias tomcat -keystore c:/cert/final/private_key -trustcacerts -file c:/cert/final/cert.cer.txt Enter keystore password: keytool error: java.lang.Exception: Failed to establish chain from reply I think you don't want to add the cert into your trustcacert, so try removing -trustcacerts from your command line. Bye Felix I'm I missing something here Thanks in advance. Sammaiah On 27 July 2011 19:41, Felix Schumacher felix.schumac...@internetallee.dewrote: Sammaiah Kyatham sammaiahf...@googlemail.com schrieb: Hello, Your keystore has no private key. The output of keytool below shows only a certificate. You can use keytool -importkeystore to import key and certificate at the same time. Regards Felix Could you help me on this issue. I spent many hours with the various options and couldn’t resolve. I have configured the server.xml as per the tomcat configuration, however I’m getting below errors. Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true keystoreFile=C:\Program Files\Java\jre6\bin\hakioskcheckin2_key keystorePass=PrivatePWD keyAlias=tomcat maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS / The exception in Catelina log: Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.io.IOException: Alias name tomcat does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1022) at org.apache.catalina.core.StandardService.initialize(StandardService.java:703) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) at org.apache.catalina.startup.Catalina.load(Catalina.java:538) at org.apache.catalina.startup.Catalina.load(Catalina.java:562) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) When list the key using keytool, It lists alias tomcat as keytool -list -keystore hakioskcheckin2_key -storepass XX Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Jul 26, 2011, trustedCertEntry, Certificate fingerprint (MD5): -removed intentionally- *If I remove alias from server.xml then following exception is throwing* java.io.IOException http://download.oracle.com/javase/6/docs/api/java/io/IOException.html: jsse.invalid_ssl_conf at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1014) at org.apache.catalina.core.StandardService.initialize(StandardService.java:680) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at org.apache.catalina.startup.Catalina.load(Catalina.java:548) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question: Tomcat SSL configuration issue
Hello Felix, Thanks for the response. I have received new certificated based on new CSR generated. While importing cert in to key, I'm getting the following error: java.lang.Exception: Failed to establish chain from reply Here is the keytool command that I used for this: keytool -import -alias tomcat -keystore c:/cert/final/private_key -trustcacerts -file c:/cert/final/cert.cer.txt Enter keystore password: keytool error: java.lang.Exception: Failed to establish chain from reply I'm I missing something here Thanks in advance. Sammaiah On 27 July 2011 19:41, Felix Schumacher felix.schumac...@internetallee.dewrote: Sammaiah Kyatham sammaiahf...@googlemail.com schrieb: Hello, Your keystore has no private key. The output of keytool below shows only a certificate. You can use keytool -importkeystore to import key and certificate at the same time. Regards Felix Could you help me on this issue. I spent many hours with the various options and couldn’t resolve. I have configured the server.xml as per the tomcat configuration, however I’m getting below errors. Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true keystoreFile=C:\Program Files\Java\jre6\bin\hakioskcheckin2_key keystorePass=PrivatePWD keyAlias=tomcat maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS / The exception in Catelina log: Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.io.IOException: Alias name tomcat does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1022) at org.apache.catalina.core.StandardService.initialize(StandardService.java:703) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) at org.apache.catalina.startup.Catalina.load(Catalina.java:538) at org.apache.catalina.startup.Catalina.load(Catalina.java:562) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) When list the key using keytool, It lists alias tomcat as keytool -list -keystore hakioskcheckin2_key -storepass XX Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Jul 26, 2011, trustedCertEntry, Certificate fingerprint (MD5): -removed intentionally- *If I remove alias from server.xml then following exception is throwing* java.io.IOException http://download.oracle.com/javase/6/docs/api/java/io/IOException.html: jsse.invalid_ssl_conf at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1014) at org.apache.catalina.core.StandardService.initialize(StandardService.java:680) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at org.apache.catalina.startup.Catalina.load(Catalina.java:548) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question: Tomcat SSL configuration issue
Hello, Could you help me on this issue. I spent many hours with the various options and couldn’t resolve. I have configured the server.xml as per the tomcat configuration, however I’m getting below errors. Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true keystoreFile=C:\Program Files\Java\jre6\bin\hakioskcheckin2_key keystorePass=PrivatePWD keyAlias=tomcat maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS / The exception in Catelina log: Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.io.IOException: Alias name tomcat does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1022) at org.apache.catalina.core.StandardService.initialize(StandardService.java:703) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) at org.apache.catalina.startup.Catalina.load(Catalina.java:538) at org.apache.catalina.startup.Catalina.load(Catalina.java:562) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) When list the key using keytool, It lists alias tomcat as keytool -list -keystore hakioskcheckin2_key -storepass XX Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Jul 26, 2011, trustedCertEntry, Certificate fingerprint (MD5): -removed intentionally- *If I remove alias from server.xml then following exception is throwing* java.io.IOExceptionhttp://download.oracle.com/javase/6/docs/api/java/io/IOException.html: jsse.invalid_ssl_conf at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1014) at org.apache.catalina.core.StandardService.initialize(StandardService.java:680) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at org.apache.catalina.startup.Catalina.load(Catalina.java:548) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Re: Question: Tomcat SSL configuration issue
Sammaiah Kyatham sammaiahf...@googlemail.com schrieb: Hello, Your keystore has no private key. The output of keytool below shows only a certificate. You can use keytool -importkeystore to import key and certificate at the same time. Regards Felix Could you help me on this issue. I spent many hours with the various options and couldn’t resolve. I have configured the server.xml as per the tomcat configuration, however I’m getting below errors. Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true keystoreFile=C:\Program Files\Java\jre6\bin\hakioskcheckin2_key keystorePass=PrivatePWD keyAlias=tomcat maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS / The exception in Catelina log: Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.io.IOException: Alias name tomcat does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1022) at org.apache.catalina.core.StandardService.initialize(StandardService.java:703) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) at org.apache.catalina.startup.Catalina.load(Catalina.java:538) at org.apache.catalina.startup.Catalina.load(Catalina.java:562) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) When list the key using keytool, It lists alias tomcat as keytool -list -keystore hakioskcheckin2_key -storepass XX Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Jul 26, 2011, trustedCertEntry, Certificate fingerprint (MD5): -removed intentionally- *If I remove alias from server.xml then following exception is throwing* java.io.IOExceptionhttp://download.oracle.com/javase/6/docs/api/java/io/IOException.html: jsse.invalid_ssl_conf at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1014) at org.apache.catalina.core.StandardService.initialize(StandardService.java:680) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at org.apache.catalina.startup.Catalina.load(Catalina.java:548) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org