My web.xml's connector section originally was:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false"
maxThreads="25"
port="8443" keystoreFile="${user.home}/.keystore"
keystorePass=<my_key_pass>
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https"
secure="true" sslProtocol="TLS" />
and I had to replace for this (because I wanted to know at least one message
error, this way I could do something else):
<Connector port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass<my_key_pass>
clientAuth="false" sslProtocol="TLS"/>
Below it is whar Tomcat reports:
25/10/2012 04:23:20 PM org.apache.catalina.core.AprLifecycleListener init
INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un
rendimiento óptimo en entornos de desarrollo no ha sido hallada en
java.library.path:
C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program
Files (x86)\ATI
Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program
Files (x86)\Liquid Technologies\Liquid XML Studio
2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program
Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files
(x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files
(x86)\CVSNT\;.
25/10/2012 04:23:20 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init
GRAVE: Failed to initialize end point associated with ProtocolHandler
["http-bio-8443"]
java.io.IOException: La configuración SSL no es válida debido a No available
certificate or key corresponds to the SSL cipher suites which are enabled.
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:822)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:470)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
at org.apache.catalina.startup.Catalina.load(Catalina.java:658)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: javax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:818)
... 20 more
25/10/2012 04:23:21 PM org.apache.catalina.core.StandardService initInternal
GRAVE: No pude inicializar el conector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
at org.apache.catalina.startup.Catalina.load(Catalina.java:658)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: org.apache.catalina.LifecycleException: Falló la inicialización del
manejador de protocolo
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.io.IOException: La configuración SSL no es válida debido a No
available certificate or key corresponds to the SSL cipher suites which are
enabled.
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:822)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:470)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
... 13 more
Caused by: javax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:818)
... 20 more
25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
25/10/2012 04:23:21 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 681 ms
25/10/2012 04:23:21 PM org.apache.catalina.core.StandardService startInternal
INFO: Arrancando servicio Catalina
25/10/2012 04:23:21 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.32
25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web
25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación
web
25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la
aplicación web
25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación
web
25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web
25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
25/10/2012 04:23:21 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 549 ms
Additional information required:
C:\Tomcat7.0\bin>catalina version
Using CATALINA_BASE: "C:\Tomcat7.0"
Using CATALINA_HOME: "C:\Tomcat7.0"
Using CATALINA_TMPDIR: "C:\Tomcat7.0\temp"
Using JRE_HOME: "C:\jdk1.6.35"
Using CLASSPATH: "C:\Tomcat7.0\bin\bootstrap.jar;C:\Tomcat7.0\bin\tomcat-j
uli.jar"
Server version: Apache Tomcat/7.0.32
Server built: Oct 3 2012 08:51:20
Server number: 7.0.32.0
OS Name: Windows 7
OS Version: 6.1
Architecture: x86
JVM Version: 1.6.0_35-b10
JVM Vendor: Sun Microsystems Inc.
Regards.
----- Original Message -----
From: "Christopher Schultz" <ch...@christopherschultz.net>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Thursday, October 25, 2012 2:49:50 PM
Subject: Re: Implementing SSL and error invocating https://localhost:8443/
(Tomcat 7.0 on Windows 7)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gabriel,
On 10/25/12 2:08 PM, Gabriel Huerta Araujo wrote:
> An spanish message like this:
>
> Internet Explorer can not display the web page.
>
> Puede diagnosticar lo siguiente: Diagnosticar problemas de
> conexion
>
> When I click "Diagnosticar problemas de conexion", it says "El
> equipo o dispositivo remoto no acepta la conexion" which translated
> means "The computer or remote device does not accept the
> connection"
>
> For more information, it mentions:
>
> "If this is an HTTPS address (secure), click Tools, Internet
> Options, Advanced Options, and check the SSL and TLS protocols are
> enabled in the security section"
>
> I checked it and these are my internet options for SSL and TLS, as
> enabled:
>
> SSL 3.0 TLS 1.0
Do you have access to an OpenSSL client? If this were happening to me,
the first thing I would do is this:
$ openssl c_client -connect host:8443
This will give you a ton of information about the certificate,
ciphers, etc. It's possible that you have configured your connector
such that it cannot use SSL3 or TLS1 secure connections. In that case,
MSIE would not be able to connect at all.
Please post all versions of everything (patch level included, like
Tomcat 7.0.32) like Tomcat and JVM, plus your <Connector>
configuration (unless it hasn't changed).
You can get a win32 binary for OpenSSL here:
http://www.openssl.org/related/binaries.html
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCJl94ACgkQ9CaO5/Lv0PDWKwCaAjTfrFpY6qGMHNlqf8x1rGP8
yj0An0e9nzGeW5nnk9n1parTMhs1vwg8
=a6ba
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
