Hello Christoph,
welcome to the club, I am having the same problem. See my thread "Problems
with SSL-enabled Tomcat 5.5".
Bye,
Werner.
----- Original Message -----
From: "Christoph Lechner" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Thursday, August 30, 2007 5:11 PM
Subject: Tomcat keeps breaking/SSL keystore troubles
Hi all,
I've been trying hard to enable the SSL connector in TomCat for a few
days now. As I don't have very much experience with SSL, it's quite hard
for me to figure out what's going wrong.
I read a lot of different setup guides, but I'm getting the same error
messages all the time:
16:37:13,254 INFO [Http11BaseProtocol] Starting Coyote HTTP/1.1 on
http-0.0.0.0
-808016:37:13,338 INFO [ChannelSocket] JK: ajp13 listening on
/0.0.0.0:8009
16:37:13,346 INFO [JkMain] Jk running ID=0 time=0/24
config=null16:37:13,360 INFO [Http11BaseProtocol] Starting Coyote
HTTP/1.1 on http-0.0.0.0
-844316:37:13,371 ERROR [PoolTcpEndpoint] Endpoint [SSL:
ServerSocket[addr=/0.0.0.0,p
ort=0,localport=8443]] ignored exception: java.net.SocketException: SSL
handshake errorjavax.net.ssl.SSLException: No available certificate or
key corresponds t
o the SSL cipher suites which are enabled.java.net.SocketException: SSL
handshake errorjavax.net.ssl.SSLException: No avai
lable certificate or key corresponds to the SSL cipher suites which are
enabled. at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:407)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.run(PoolTcpEndpoint.java:647)
at java.lang.Thread.run(Thread.java:595)
I've got a .crt file, a .csr file and a .key file for the domain and I
also got the root cert from the CA. So I tried to set it up in the
following way (output messages included):
---> Begin of keystore creation <---
ab-server1:~/ssl# keytool -import -trustcacerts -alias root -file
rapidssl_01.cer -keystore thekeystore
Enter keystore password: changeit
Certificate already exists in system-wide CA keystore under alias
<equifaxsecureglobalebusinessca1>
Do you still want to add it to your own keystore? [no]: yes
Certificate was added to keystore
ab-server1:~/ssl# keytool -import -trustcacerts -alias tomcat -file
www_mydomain_com.crt -keystore thekeystore
Enter keystore password: changeit
Certificate was added to keystore
ab-server1:~/ssl# keytool -list -keystore thekeystore
Enter keystore password: changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
root, Aug 30, 2007, trustedCertEntry,
Certificate fingerprint (MD5):
8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
tomcat, Aug 30, 2007, trustedCertEntry,
Certificate fingerprint (MD5):
C4:6F:76:3F:5E:ED:33:04:F9:CB:0F:98:28:21:5D:D4
---> End of keystore creation <---
In server.xml file, I added:
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="/root/ssl/thekeystore"
keystorePass="changeit" sslProtocol = "TLS" />
OTOH I've tried a self-signed certificate and it worked.
What's my fault?
TIA
- C. Lechner
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
