Thinking I am running Tomcat on Windows I have changed keystoreFile parameter below way: keystoreFile="C:\Users\Gabriel Huerta\.keystore" And it generates same error log.
This way: keystoreFile="${user.home}\.keystore" Again same error log. Regarding password I run keytool indicating my password which is the same as the indicated in my connector section: keytool -list -keystore .keystore -storepass x_men_gha Tipo de almacén de claves: JKS Proveedor de almacén de claves: SUN Su almacén de claves contiene 2 entradas root, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 <Connector port="8443" keyAlias="tomcat" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="${user.home}\.keystore" keystorePass="x_men_gha" clientAuth="false" sslProtocol="TLS"/> So it is the same password which is used for tomcat and keytool. With parameter keyAlias="tomcat", Tomcat generates another error: 26/10/2012 10:57:13 AM org.apache.catalina.core.AprLifecycleListener init INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program Files (x86)\Liquid Technologies\Liquid XML Studio 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. 26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-bio-8080"] 26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-bio-8443"] 26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol init GRAVE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"] java.io.IOException: El nombre de Alias tomcat no identifica una entrada de clave at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:567) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158) at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:633) at org.apache.catalina.startup.Catalina.load(Catalina.java:658) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450) 26/10/2012 10:57:14 AM org.apache.catalina.core.StandardService initInternal GRAVE: No pude inicializar el conector [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:633) at org.apache.catalina.startup.Catalina.load(Catalina.java:658) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450) Caused by: org.apache.catalina.LifecycleException: Falló la inicialización del manejador de protocolo at org.apache.catalina.connector.Connector.initInternal(Connector.java:983) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... 12 more Caused by: java.io.IOException: El nombre de Alias tomcat no identifica una entrada de clave at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:567) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158) at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981) ... 13 more 26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["ajp-bio-8009"] 26/10/2012 10:57:14 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 669 ms 26/10/2012 10:57:14 AM org.apache.catalina.core.StandardService startInternal INFO: Arrancando servicio Catalina 26/10/2012 10:57:14 AM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.32 26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web 26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación web 26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la aplicación web 26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación web 26/10/2012 10:57:14 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web 26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-bio-8080"] 26/10/2012 10:57:14 AM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["ajp-bio-8009"] 26/10/2012 10:57:14 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 504 ms Regards. ----- Original Message ----- From: "Christopher Schultz" <ch...@christopherschultz.net> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Friday, October 26, 2012 9:57:13 AM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gabriel, On 10/25/12 5:32 PM, Gabriel Huerta Araujo wrote: > > My web.xml's connector section originally was: > > <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" > disableUploadTimeout="true" enableLookups="false" maxThreads="25" > port="8443" keystoreFile="${user.home}/.keystore" > keystorePass=<my_key_pass> > protocol="org.apache.coyote.http11.Http11NioProtocol" > scheme="https" secure="true" sslProtocol="TLS" /> > > and I had to replace for this (because I wanted to know at least > one message error, this way I could do something else): > > <Connector port="8443" maxThreads="200" scheme="https" > secure="true" SSLEnabled="true" > keystoreFile="${user.home}/.keystore" keystorePass<my_key_pass> > clientAuth="false" sslProtocol="TLS"/> So that's pretty much identical as far as SSL configuration goes. > Below it is whar Tomcat reports: > > 25/10/2012 04:23:20 PM > org.apache.catalina.core.AprLifecycleListener init INFO: La > biblioteca nativa de Apache Tomcat basada en ARP que permite un > rendimiento óptimo en entornos de desarrollo no ha sido hallada en > java.library.path: > C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program > Files (x86)\ATI > Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program > Files (x86)\Liquid Technologies\Liquid XML Studio > 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program > Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files > (x86)\QuickTime\QTSystem\;C:\Program > Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. Okay, no APR. That's good, since you have a JSSE certificate configuration. > 25/10/2012 04:23:20 PM org.apache.coyote.AbstractProtocol init > INFO: Initializing ProtocolHandler ["http-bio-8080"] 25/10/2012 > 04:23:21 PM org.apache.coyote.AbstractProtocol init INFO: > Initializing ProtocolHandler ["http-bio-8443"] 25/10/2012 04:23:21 > PM org.apache.coyote.AbstractProtocol init GRAVE: Failed to > initialize end point associated with ProtocolHandler > ["http-bio-8443"] java.io.IOException: La configuración SSL no es > válida debido a No available certificate or key corresponds to the > SSL cipher suites which are enabled. So either you have failed to configure a set of cipher suites that are compatible with the JRE or the certificate (not likely, since you have accepted the default) or your certificate can't be loaded. > Caused by: javax.net.ssl.SSLException: No available certificate or > key corresponds to the SSL cipher suites which are enabled. at > com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310) > > at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:818) > > ... 20 more It's odd that the cipher suite check is failing instead of something earlier. Are you sure that your keystore can be found under ${user.home}/.keystore? Are you sure that the password is correct? (I would have expected a different kind of error if something were wrong with that configuration, but it's worth double-checking). You might have to set the "keyAlias" attribute in your <Connector>, otherwise it will choose the "first key read in the keystore" as your certificate. As your keystore contains these entries: > Su almacen de claves contiene 2 entradas > > root, 24/10/2012, trustedCertEntry, Huella digital de certificado > (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, > 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): > E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 ...Tomcat may be choosing the first certificate when you really want it to choose the second one. Try this: <Connector ..... keyAlias="tomcat" .... /> See if that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCKpMkACgkQ9CaO5/Lv0PAvoQCgv1u4W7wXxlkKgYW+Rd6HHxEu jW4An1iotoQTNxXuVzlxM/+w99PbuyFm =BjW8 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org