Thanks a lot Ognjen, The solution you provided worked very well. -----Original Message----- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Wednesday, March 06, 2013 3:31 PM To: Tomcat Users List Subject: Re: Error configuring tomcat with ssl certificates
Siddhi, On 6.3.2013 10:41, Siddhi Borkar wrote: > The certificate that I am using is RSA based certificate, I tried listing > the RSA based ciphers in the server the xml, however it still gave me the > same error. > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > keystoreFile="/tmp/.keystore" keystorePass="changeit" > enableLookups="false" > ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WIT > H_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_E > DE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA, > SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EX > PORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" > clientAuth="false" sslProtocol="TLS" /> > > Any idea what else could be going wrong? You didn't import your private key into Java keystore. Use openssl to create PKCS#12 keystore containing your private key (prvkey.key), your certificate (sslcert.crt) and sertificate chain (cacert.pem). Then, import PKCS#12 keystore to Java keystore using keytool. Verify Java keystore with: keytool -list -keystore /tmp/.keystore -v You should see one PrivateKeyEntry, with certificate chain to trusted CA. -Ognjen --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
