Thinking I am running Tomcat on Windows
I have changed keystoreFile parameter below way:
keystoreFile="C:\Users\Gabriel Huerta\.keystore"
And it generates same error log.
This way:
keystoreFile="${user.home}\.keystore"
Again same error log.
Regarding password
I run keytool indicating my password which is the same as the indicated in my
connector section:
keytool -list -keystore .keystore -storepass x_men_gha
Tipo de almacén de claves: JKS
Proveedor de almacén de claves: SUN
Su almacén de claves contiene 2 entradas
root, 24/10/2012, trustedCertEntry,
Huella digital de certificado (MD5):
E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37
tomcat, 24/10/2012, trustedCertEntry,
Huella digital de certificado (MD5):
E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37
<Connector port="8443" keyAlias="tomcat" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}\.keystore" keystorePass="x_men_gha"
clientAuth="false" sslProtocol="TLS"/>
So it is the same password which is used for tomcat and keytool.
With parameter keyAlias="tomcat", Tomcat generates another error:
26/10/2012 10:57:13 AM org.apache.catalina.core.AprLifecycleListener init
INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un
rendimiento óptimo en entornos de desarrollo no ha sido hallada en
java.library.path:
C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program
Files (x86)\ATI
Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program
Files (x86)\Liquid Technologies\Liquid XML Studio
2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program
Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files
(x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files
(x86)\CVSNT\;.
26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol init
GRAVE: Failed to initialize end point associated with ProtocolHandler
["http-bio-8443"]
java.io.IOException: El nombre de Alias tomcat no identifica una entrada de
clave
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:567)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
at org.apache.catalina.startup.Catalina.load(Catalina.java:658)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
26/10/2012 10:57:14 AM org.apache.catalina.core.StandardService initInternal
GRAVE: No pude inicializar el conector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
at org.apache.catalina.startup.Catalina.load(Catalina.java:658)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: org.apache.catalina.LifecycleException: Falló la inicialización del
manejador de protocolo
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.io.IOException: El nombre de Alias tomcat no identifica una
entrada de clave
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:567)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
... 13 more
26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
26/10/2012 10:57:14 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 669 ms
26/10/2012 10:57:14 AM org.apache.catalina.core.StandardService startInternal
INFO: Arrancando servicio Catalina
26/10/2012 10:57:14 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.32
26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web
26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación
web
26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la
aplicación web
26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación
web
26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web
26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
26/10/2012 10:57:14 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 504 ms
Regards.
----- Original Message -----
From: "Christopher Schultz" <ch...@christopherschultz.net>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Friday, October 26, 2012 9:57:13 AM
Subject: Re: Implementing SSL and error invocating https://localhost:8443/
(Tomcat 7.0 on Windows 7)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gabriel,
On 10/25/12 5:32 PM, Gabriel Huerta Araujo wrote:
>
> My web.xml's connector section originally was:
>
> <Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
> disableUploadTimeout="true" enableLookups="false" maxThreads="25"
> port="8443" keystoreFile="${user.home}/.keystore"
> keystorePass=<my_key_pass>
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> scheme="https" secure="true" sslProtocol="TLS" />
>
> and I had to replace for this (because I wanted to know at least
> one message error, this way I could do something else):
>
> <Connector port="8443" maxThreads="200" scheme="https"
> secure="true" SSLEnabled="true"
> keystoreFile="${user.home}/.keystore" keystorePass<my_key_pass>
> clientAuth="false" sslProtocol="TLS"/>
So that's pretty much identical as far as SSL configuration goes.
> Below it is whar Tomcat reports:
>
> 25/10/2012 04:23:20 PM
> org.apache.catalina.core.AprLifecycleListener init INFO: La
> biblioteca nativa de Apache Tomcat basada en ARP que permite un
> rendimiento óptimo en entornos de desarrollo no ha sido hallada en
> java.library.path:
> C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program
> Files (x86)\ATI
> Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program
> Files (x86)\Liquid Technologies\Liquid XML Studio
> 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program
> Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files
> (x86)\QuickTime\QTSystem\;C:\Program
> Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;.
Okay, no APR. That's good, since you have a JSSE certificate
configuration.
> 25/10/2012 04:23:20 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["http-bio-8080"] 25/10/2012
> 04:23:21 PM org.apache.coyote.AbstractProtocol init INFO:
> Initializing ProtocolHandler ["http-bio-8443"] 25/10/2012 04:23:21
> PM org.apache.coyote.AbstractProtocol init GRAVE: Failed to
> initialize end point associated with ProtocolHandler
> ["http-bio-8443"] java.io.IOException: La configuración SSL no es
> válida debido a No available certificate or key corresponds to the
> SSL cipher suites which are enabled.
So either you have failed to configure a set of cipher suites that are
compatible with the JRE or the certificate (not likely, since you have
accepted the default) or your certificate can't be loaded.
> Caused by: javax.net.ssl.SSLException: No available certificate or
> key corresponds to the SSL cipher suites which are enabled. at
> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
>
>
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:818)
>
>
... 20 more
It's odd that the cipher suite check is failing instead of something
earlier.
Are you sure that your keystore can be found under
${user.home}/.keystore? Are you sure that the password is correct? (I
would have expected a different kind of error if something were wrong
with that configuration, but it's worth double-checking).
You might have to set the "keyAlias" attribute in your <Connector>,
otherwise it will choose the "first key read in the keystore" as your
certificate. As your keystore contains these entries:
> Su almacen de claves contiene 2 entradas
>
> root, 24/10/2012, trustedCertEntry, Huella digital de certificado
> (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat,
> 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5):
> E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37
...Tomcat may be choosing the first certificate when you really want
it to choose the second one. Try this:
<Connector ..... keyAlias="tomcat" .... />
See if that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCKpMkACgkQ9CaO5/Lv0PAvoQCgv1u4W7wXxlkKgYW+Rd6HHxEu
jW4An1iotoQTNxXuVzlxM/+w99PbuyFm
=BjW8
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
