And how do I get the Private Key back? Its definitely not there. ________________________________________ From: Igor Cicimov <icici...@gmail.com> Sent: Thursday, December 18, 2014 17:52 To: Tomcat Users List Subject: Re: GoDaddy SSL cert update from SHA1 to SHA2
On Fri, Dec 19, 2014 at 9:56 AM, Bruce Kostival < bkosti...@universallumpers.com> wrote: > > Thanks Igor I'll poke around based on your input. > ________________________________________ > From: Igor Cicimov <icici...@gmail.com> > Sent: Thursday, December 18, 2014 15:49 > To: Tomcat Users List > Subject: Re: GoDaddy SSL cert update from SHA1 to SHA2 > > On Fri, Dec 19, 2014 at 9:28 AM, Bruce Kostival < > bkosti...@universallumpers.com> wrote: > > > > Tomcat 6.0.x > > Windows Server 2008 > > Running Java 7 > > Home grown app written in STS > > > > Running HTTPS with SHA1 cert > > Obtained SHA2 cert from GoDaddy by sending CSR generated from original > > keystore. Removed existing aliases from original keystore and loaded new > > root and domain cert to keystore. > > Trying to run up the new cert gives me this error: > > > > SEVERE: Error starting endpoint > > java.io.IOException: jsse.invalid_ssl_conf > > at > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846) > > at > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522) > > at > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) > > at > > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) > > at > > org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565) > > at > > org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207) > > at > > org.apache.catalina.connector.Connector.start(Connector.java:1196) > > at > > org.apache.catalina.core.StandardService.start(StandardService.java:540) > > at > > org.apache.catalina.core.StandardServer.start(StandardServer.java:754) > > at org.apache.catalina.startup.Catalina.start(Catalina.java:595) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > > at java.lang.reflect.Method.invoke(Unknown Source) > > at > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > > Caused by: javax.net.ssl.SSLException: No available certificate or key > > corresponds to the SSL cipher suites which are enabled. > > > > I feel like I'm missing something basic in the keystore. Any ideas? > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > Just guessing but based on the cause given in the above error you > probably > have ciphers set in your connector using 128 bit key, something like this: > > ciphers="SSL_RSA_WITH_RC4_128_MD5, > SSL_RSA_WITH_RC4_128_SHA, > TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, > TLS_ECDHE_RSA_WITH_RC4_128_SHA, > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, > TLS_ECDH_RSA_WITH_RC4_128_SHA" > > In that case try to change that to match your new 256 bit key now. Of > course take care of the proper cipher suit names for BIO/NIO or APR > connector since they differ (the above example is for BIO/NIO connector). > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Another possibility is that you have removed the private key used to generate the new CSR by removing the old aliases from the keystore. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org