can you share the full debug log ? what is the client for this SSL service ? browser or some other standalone programs what version of JDK is being used?
On Thu, Oct 18, 2018 at 2:20 PM Sashidharan Ramamurthy < sashidharan.ramamur...@ericsson.com> wrote: > Any updates users of tomcat on this issue!!! > > -----Original Message----- > From: Sashidharan Ramamurthy <sashidharan.ramamur...@ericsson.com> > Sent: Wednesday, October 17, 2018 4:22 PM > To: users@tomcat.apache.org > Subject: FW: Issue while configuring keystore/SSL for Tomcat 8.5.33 > > Hi Tomcat user group, > > We have installed and deployed Tomcat Version: 8.5.33 in our machine. > > Software: AIX > > We configured SSL at 8443 port using below command for creating keystore. > > $JAVA_HOME/bin/keytool -genkey -alias iscpkey -keystore > $outputfile -keyalg RSA -dname "CN=${site}, OU=Network Solutions, O=ISCP, > L=Piscataway, C=US" -storepass "changeit" -keypass "changeit" -validity > 10000 > > Though 8443 port no has started, we are unable to connect from SSL client. > We are getting SSLException in our client. > > We enabled java.net.debug with SSL logs. > > Client Hello and Server Hello is done but fails soon afterwards in SSL > with internal_error. > > *** ServerHelloDone > https-jsse-nio-8443-exec-4, WRITE: TLSv1 Handshake, length = 1736 > https-jsse-nio-8443-exec-5, READ: TLSv1 Alert, length = 2 > https-jsse-nio-8443-exec-5, RECV TLSv1 ALERT: fatal, internal_error > https-jsse-nio-8443-exec-5, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLException: Received fatal alert: internal_error > https-jsse-nio-8443-exec-5, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLException: Received fatal alert: internal_error > https-jsse-nio-8443-exec-5, called closeOutbound() > https-jsse-nio-8443-exec-5, closeOutboundInternal() > https-jsse-nio-8443-exec-5, SEND TLSv1 ALERT: warning, description = > close_notify https-jsse-nio-8443-exec-5, WRITE: TLSv1 Alert, length = 2 > > We are unable to proceed further. > > Can you let me know what could be the reason? > > Also, if this is not the correct tomcat group, can you point me to correct > group? > > Thanks and Regards, > Sashi > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >