Hi Andre I also am a newbie with this stuff
But something that I saw about my .keystore file and my certificate from a Certificate Authority(I got this certificate from http://getacert.com/signacert.html): I run below command with its respective output for my keystore file which I have generated with keytool: keytool -list -keystore .keystore Tipo de almacén de claves: JKS Proveedor de almacén de claves: SUN Su almacén de claves contiene 2 entradas root, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 And for my certificate to see its content: keytool -printcert -file GabrielHuerta-2012-10-24-161410.cer Propietario: CN=Gabriel Huerta, OU=home, O=home, L=Queretaro, ST=Santiago, C=MX Emisor: O=getaCert - www.getacert.com, L=Seattle, ST=Washington, C=US Número de serie: 11b2 Válido desde: Wed Oct 24 18:14:11 CDT 2012 hasta: Tue Oct 25 18:14:11 CDT 2022 Huellas digitales del certificado: MD5: E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 SHA1: 9B:F6:59:58:82:4A:D0:A9:A5:32:F1:31:D9:9C:D2:E8:D6:A8:2F:05 Nombre del algoritmo de firma: MD5withRSA Versión: 1 For MD5 it is the same certificate's fingerprint (or whatever). So I do not know what is validated for JVM to choose this specific encryption/decryption method you mention. ----- Original Message ----- From: "André Warnier" <a...@ice-sa.com> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Friday, October 26, 2012 4:27:19 AM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) Gabriel Huerta Araujo wrote: ... > GRAVE: Failed to initialize end point associated with ProtocolHandler > ["http-bio-8443"] > java.io.IOException: La configuración SSL no es válida debido a No available > certificate or key corresponds to the SSL cipher suites which are enabled. > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:822) ... > Caused by: javax.net.ssl.SSLException: No available certificate or key > corresponds to the SSL cipher suites which are enabled. > at > com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310) > at > com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255) Hola. I'm not a specialist of SSL, but what the messages above are saying is that there is a mistmatch between the encryption/decryption methods that are available to the selected HTTPS Connector, and the one you used to create your certificate, with the result that the Connector cannot read the certificate. (Example : you encrypted your certificate using method "A", but the Connector by default can only decrypt things using methods "B", "C" or "D"). Or something of the kind. Therefor, the Connector does not start. Therefor, Tomcat is not listening on that port (8443). Therefor, when you try to connect to that port with IE, IE tells you that the server rejects a connection to that port. Unless I am mistaken, the connector you are using uses the Java-VM-provided SSL mechanisms. I would imagine that the Java JVM provides some encryption schemes by default, and some others optionally. There must be a parameter somewhere to enable/disable some of these schemes. It's more of a Java thing, but there may be a mention of this somewhere in the online Tomcat docs. Look for terms like "DES", "SHA*", "Blowfish",.. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
