SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled

Fri, 02 Oct 2009 15:18:03 -0700 

Hey all,

Apache 2.0/Tomcat 5.5/mod_jk installed on RedHat Enterprise Linux ES 4.0.

Our web server has been up and running smoothly for more than 2 years
now. This morning I noticed that the websites were down. When I
checked the logs, I found the following message:
java.io.FileNotFoundException: The file /root/.keystore is not available

Sure enough, the /root/.keystore file was missing. I have no clue how
that file got deleted in first place. So, I created the keystore file
using the following commands:
Added the certificate chain file to the keystore (When prompted for
the password, I entered 'changeit') :
$JAVA_HOME/bin/keytool -import -alias root -trustcacerts -file
/etc/httpd/conf/ssl.crt/gd_intermediate_bundle.crt

Added the certificate file to the keystore (When prompted for the
password, I entered 'changeit'):
$JAVA_HOME/bin/keytool -import -alias tomcat -trustcacerts -file
/etc/httpd/conf/ssl.crt/_joesdomain.com.crt

The above two commands created the /root/.keystore file. I then added
the keystoreFile and keystorePass attributes to Tomcat's server.xml
file's connector element as follows

       <Connector className="org.apache.coyote.tomcat5.Coyote-Connector"
               port="8443" miniProcessors="5" maxProcessors="75"
               enableLookups="true" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/root/.keystore"
               keystorePass="changeit" />

Now, when I restart the web server, the websites seem to be working
fine, but the tomcat logs are inundated with the following error
message:
2009 Oct 02 / 15:18:29 ERROR -
[org.apache.tomcat.util.net.PoolTcpEndpoint] : Endpoint [SSL:
ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8443]] ignored
exception: java.net.SocketException: SSL handshake error
javax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.


Can a Tomcat/SSL guru please guide me in solving this issue.

Thank you!
Joe

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to