-----Original Message-----
From: Siddhi Borkar [mailto:siddhi_bor...@persistent.co.in]
Sent: 06 March 2013 12:15
To: users@tomcat.apache.org
Subject: Error configuring tomcat with ssl certificates
Hi,
I need help configuring tomcat 6 will ssl certificates. I have been provided
with the following
cacert.pem
prvkey.key
and sslcert.crt
I tried the following steps:
1) Generated a keystore using java keytool and the certificate file using
the following command.
keytool -import -trustcacerts -alias tomcatcert -file sslcert.crt -keystore
keystore
2) Added the .pem file to the keystore
keytool -import -trustcacerts -alias root -file
cacert.pem-keystore keystore
3) Start the tomcat server
4) After starting the server, the following error was seen in the logs.
Mar 4, 2013 10:52:22 PM org.apache.coyote.http11.Http11Protocol start
SEVERE: Error starting endpoint
java.io.IOException: jsse.invalid_ssl_conf
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
at
org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
at org.apache.catalina.connector.Connector.start(Connector.java:1107)
at
org.apache.catalina.core.StandardService.start(StandardService.java:531)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.
at
sun.security.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:327)
at
sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:272)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:751)
... 15 more
Can someone help on this?
Thanks
Siddhi,
You might want to check your ciphers attribute value in the Connector
definition in server.xml file. Generally, the list of ciphers that you include
here are based upon the type of your certificate. If you have RSA based
certificate, you need to enlist RSA based ciphers (ones with _RSA in the cipher
suite name) and similarly for DSA based certificate you should have
corresponding cipher suites (ones with _DSS in the cipher suite names). May be
you have this mismatched and that is the problem.
The other way round would be to generate or use a certificate based upon the
cipher suites that you want or are supported in your ciphers attribute value.
Brijesh Deo
Dell | SonicWALL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
