Maybe you should try the following fragment:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystorePass="changeit"
keystoreFile=" "c:/Documents and Settings/rensetty/.keystore" "
truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts"
truststorePass="yourPassword"/>
By default the truststorePass of cacerts is changeit,while the keystorepass is
customized by yourself.
Also,you need to configure some external info in the web.xml of Tomcat or your
own application I think.
like <security-constraint> <web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/pages/*</url-pattern> </web-resource-collection>
<web-resource-collection> <web-resource-name>app</web-resource-name>
<url-pattern>/index.html</url-pattern> </web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> </security-constraint>
<!-- Authorization setting for SSL --> <login-config>
<auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert</realm-name>
</login-config>
BR.
> Subject: Keytool: SSL Certification Issue> Date: Tue, 30 Oct 2007 13:50:06
> +0800> From: [EMAIL PROTECTED]> To: users@tomcat.apache.org> > Hi,> > > > I
> am facing SSL certificate issue in my Tomcat Environment. I have created
> local SSL Server certificate to be authenticated by the certificate imported
> from Thawte Certificate Authority. > > With the following Connector entry in
> server.xml,> > > > <Connector port="8443" protocol="HTTP/1.1"
> SSLEnabled="true"> > maxThreads="150" scheme="https" secure="true"> >
> clientAuth="false" sslProtocol="TLS" > > keystorePass="changeit"> >
> keystoreFile=" "c:/Documents and Settings/rensetty/.keystore" "> >
> truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts"/>> > > > I am seeing
> the following error repeatedly on my console:> > > > *********START
> ******************************> The following is my SSL configuration I have
> enabled SSL for user authentication. I have is SSL configured. I gWhen I try
> to authenticate communicate to t
he I get the following error when to issue when I try to connect to> > > >
2007-10-29 09:16:44,217 DEBUG [com.arjuna.ats.jta.logging.loggerI18N]
[com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule -
first pass> > 2007-10-29 09:16:44,233 INFO
[org.apache.coyote.http11.Http11Protocol] Starting Coyote HTTP/1.1 on
http-8443> > 2007-10-29 09:16:44,249 ERROR
[org.apache.tomcat.util.net.JIoEndpoint] Socket accept failed> >
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No
available certificate or key corresponds to the SSL cipher suites which are
enabled.> > at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)>
> at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)> > at
java.lang.Thread.run(Thread.java:595)> > 2007-10-29 09:16:44,280 INFO
[org.apache.coyote.ajp.AjpProtocol] Starting Coyote AJP/1.3 on
ajp-AGILENT-7B2231B%2F146.208.145.86-8009> > > > ******** END *****
*********************************************************************> > > > >
> However with keyAlis (keyAlias="root") included in the Connector Entry I see
a different error. I saw a couple of similar queries in the mailing lists but
didn't help address these errors. Any help on this is highly appreciated.> > >
> > > ******START **********************************> > 2007-10-29 13:54:52,449
ERROR [org.apache.coyote.http11.Http11Protocol] Error starting endpoint> >
java.io.IOException: Alias name root does not identify a key entry> > at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:412)>
> at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:378)>
> at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:125)>
> at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:496)> > at
org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:515)> > at
org.apache.coyot
e.http11.Http11Protocol.start(Http11Protocol.java:203)> > at
org.apache.catalina.connector.Connector.start(Connector.java:1132)> > at
org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:584)> > at
org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:621)> >
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)> > at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)>
> at java.lang.reflect.Method.invoke(Method.java:585)> > at
org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)>
> at $Proxy47.handleNotification(Unknown Source)> > at
org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)>
> at
org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)>
> at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916)>
> at org
.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)> > at
org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)> > at
org.jboss.Main.boot(Main.java:200)> > at org.jboss.Main$1.run(Main.java:508)> >
at java.lang.Thread.run(Thread.java:595)> > 2007-10-29 13:54:52,465 WARN
[org.jboss.web.tomcat.service.JBossWeb] Failed to startConnectors> > > >
*****END ******************************************************************> >
> > > > ******** keytool -v -list ******************************************> >
Enter keystore password: changeit> > > > Keystore type: jks> > Keystore
provider: SUN> > > > Your keystore contains 2 entries> > > > Alias name: root>
> Creation date: 29/10/2007> > Entry type: trustedCertEntry> > > > Owner:
CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn> >
own, C=Unknown> > Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte
Certification, ST=FO> > R TESTING PURPOSES ONLY, C=ZA> > Serial number:
40c098072bee02b45
2d3a2b2ee03a399> > Valid from: Mon Oct 29 17:27:26 GMT+05:30 2007 until: Mon
Nov 19 17:27:26 GMT+05> > :30 2007> > Certificate fingerprints:> > MD5:
F3:5C:C7:50:AD:DC:74:1E:7D:CF:84:10:02:A4:36:7B> > SHA1:
2E:92:2D:A3:51:E7:22:CA:A8:D9:93:FC:F0:78:1E:7A:7C:A0:9F:3F> >
*******************************************> >
*******************************************> > Alias name: jboss> > Creation
date: 29/10/2007> > Entry type: trustedCertEntry> > > > Owner:
CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn> >
own, C=Unknown> > Issuer: CN=AGILENT-7B2231B.agilent.com, OU=Unknown,
O=Unknown, L=Unknown, ST=Unk> > nown, C=Unknown> > Serial number: 4725cab8> >
Valid from: Mon Oct 29 17:27:44 GMT+05:30 2007 until: Sun Jan 27 17:27:44
GMT+05> > :30 2008> > Certificate fingerprints:> > MD5:
20:E9:89:66:B0:FF:06:20:9A:EE:0C:05:E2:6D:B6:B7> > SHA1:
6E:ED:3F:AF:46:CF:B9:02:64:E9:A2:23:24:C3:CC:8F:B6:58:53:FB> > > > *******
keytool -v -list *****************************
******************> > > > > > Thanks in advance,> > > > Renu Kumar>
_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx
