SSL setup question

Thu, 20 Nov 2008 05:45:45 -0800 

I'm having a problem setting up SSL with Tomcat. The situation is this:
I have a system running IBM's Netcool/Portal software. We added SSL to the Portal a while back. I created a certificate for the machine. However, Netcool/Portal does not create a keystore file - you simply copy the certificate as a text file into a specific directory and it works from there. Netcool/Portal has its own version of the JDK.
Now, on the same machine, I have installed a current JDK (v1.6) and my own installation of Tomcat (v6.0.16). Runs just fine on port 8080. I want to add SSL capability to the Tomcat setup so I can talk to it using https. I created a keystore file using the certificate we generated for Netcool, as follows:
keytool -importcert -v -trustcacerts -alias tomcat -keystore <path_to_keystore>/keystore.kdb -file /opt/netcool/portal/<path_to_cert>/server.crt 

Then,

keytool -list -keystore ./keystore.kdb
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Nov 20, 2008, trustedCertEntry,
Certificate fingerprint (MD5): 11:87:A8:7C:BB:55:AC:68:46:34:4F:45:7D:62:9C:AF 

So I have a keystore. I set up the tomcat server.xml file:

<Connector port="7443" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="150"
                scheme="https"
                secure="true"
                clientAuth="false"
                keystoreFile="/usr/<path_to_keystore>/keystore.kdb"
                keystorePass="<password>"
                sslProtocol="TLS" />
And when I start Tomcat, I get an infinite loop in the log file that looks like: 
Nov 20, 2008 1:40:17 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Nov 20, 2008 1:40:17 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-7443
Nov 20, 2008 1:40:17 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 886 ms
Nov 20, 2008 1:40:17 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Nov 20, 2008 1:40:17 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.16
Nov 20, 2008 1:40:18 PM com.sun.faces.config.ConfigureListener contextInitialize 
d
INFO: Initializing Sun's JavaServer Faces implementation (1.2_04-b20-p03) for co 
ntext '/NCAdmin'
Nov 20, 2008 1:40:20 PM org.apache.catalina.core.StandardContext addApplicationL 
istener
INFO: The listener "listeners.ContextListener" is already configured for this co 
ntext. The duplicate definition has been ignored.
Nov 20, 2008 1:40:20 PM org.apache.catalina.core.StandardContext addApplicationL 
istener
INFO: The listener "listeners.SessionListener" is already configured for this co 
ntext. The duplicate definition has been ignored.
Nov 20, 2008 1:40:20 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Nov 20, 2008 1:40:20 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-7443
Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No avai lable certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo 
cketFactory.java:150)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java: 
310)
        at java.lang.Thread.run(Thread.java:619)
Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No avai lable certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo 
cketFactory.java:150)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java: 
310)
        at java.lang.Thread.run(Thread.java:619)
Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No avai lable certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo 
cketFactory.java:150)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java: 
310)
        at java.lang.Thread.run(Thread.java:619)
Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
I'm not an SSL expert, so I'm not sure where to look. Am I missing an intermediate certificate somewhere? Or have I configured the keystore incorrectly? I'd appreciate any pointers or suggestions for 
getting this running.

Thanks very much,

nbc

NAME:   Neil B. Cohen (Verisign Inc.)
PHONE:  703-948-4471
DOMAIN: [EMAIL PROTECTED]
*************************************************************
* Murphy's Philosophy: Smile - tomorrow will be worse...    *
*                                                           *
* O'Tooles Commentary: Murphy was an optimist!              *
*************************************************************




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to