-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Bruce,
On 12/18/14 5:28 PM, Bruce Kostival wrote: > Tomcat 6.0.x Windows Server 2008 Running Java 7 Home grown app > written in STS > > Running HTTPS with SHA1 cert Obtained SHA2 cert from GoDaddy by > sending CSR generated from original keystore. Removed existing > aliases from original keystore and loaded new root and domain cert > to keystore. Trying to run up the new cert gives me this error: > > SEVERE: Error starting endpoint java.io.IOException: > jsse.invalid_ssl_conf at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846) > > at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) > > at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) > at > org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565) > at > org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207) > > at org.apache.catalina.connector.Connector.start(Connector.java:1196) > at > org.apache.catalina.core.StandardService.start(StandardService.java:540) > > at org.apache.catalina.core.StandardServer.start(StandardServer.java:754) > at org.apache.catalina.startup.Catalina.start(Catalina.java:595) at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at > sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at > java.lang.reflect.Method.invoke(Unknown Source) at > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > Caused by: javax.net.ssl.SSLException: No available certificate or > key corresponds to the SSL cipher suites which are enabled. > > I feel like I'm missing something basic in the keystore. Any > ideas? The you use the original (old) key to generate the new CSR? If so, do you still have the old private key? (Your later reply seems to indicate that you no longer have the private key). If you don't have the private key anymore, you will have to generate a new one and go through the whole process again. I always make it a point to start over from scratch when obtaining a new certificate even when I'm not using Java Keystores, which seem to be unnecessarily finicky. If you have to do it all over again, move the old keystore out of the way (e.g. re-name it to keystore.backup-[date]) and create a new keystore, private key, and CSR. Send the CSR to the CA and then import the certificate and chain they give back to you. That should be all you need to do. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUlEyHAAoJEBzwKT+lPKRYUycP/jmLEVFRXYVYbOjOWuB1fV5r u91WT1vC6xQUeHz7gZpn6YY/qKnhOcKibGZTn/3RFZ5uOin+beKsJdfRD3OYTZxa 1RW5IDATsYbvzf1SCxZmyh3IUKA2+EoV8icc2uOwnPIftfUOl9NyrQI7l+oKjriQ tRQR3S6oETyzsnYKB04Su7duZc6tefA4UI2ZNXnUs2EVgd6Q6B3fAzGOEY2JrhTc R6Qre2PLBUepM5XhnzrcgSTkBNvJ0MM/58eoPCf5pQGpXKveb0p1owli2ITX/0xy 0DcHBMp7Xt2NvId6Jai7S8ysU2dGBk/fZAtKd8UqtT27VXOlDAuz7u7KdOsJNuzo /eWRJAU2gqZ6npFwxlHcPmSwjFfbu06SgTgljx6dIl4D6ckzG/CvHvL0hThJBg11 j9rlpxIVlfEIyXbag/9KZAON5o3M+fsTbU3bDD4ct6NV8ZqjsIMWLOo+ymKq0fe5 KAUtiKPK9fXGo1EKi0hya/orX3V4YmSf1y0VN+fef4IXToBkvlQgt7t4boFUD8v7 LUeS1JGNI33r1xG4ues5wLH+dvot3Qk6UK9NHLkvlh0NwIxE1yKY2oKE8jsmqDnl P3awTny0qy3vdaoGbZMVz6vorS5DrELwynxZ+Ws5vLR7/Yw+DuqrbmhbzR/h1xd/ HeV8EyEZmJF2Xi5J8gGU =btLS -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org