Thanks a lot Ognjen, The solution you provided worked very well. 

-----Original Message-----
From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] 
Sent: Wednesday, March 06, 2013 3:31 PM
To: Tomcat Users List
Subject: Re: Error configuring tomcat with ssl certificates

Siddhi,

On 6.3.2013 10:41, Siddhi Borkar wrote:
> The certificate that I am using is RSA based certificate,  I tried listing 
> the RSA based ciphers in the server the xml, however it still gave me the 
> same error.
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>                   maxThreads="150"  scheme="https" secure="true" 
> keystoreFile="/tmp/.keystore"  keystorePass="changeit" 
> enableLookups="false"  
> ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WIT
> H_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_E
> DE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EX
> PORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"  
> clientAuth="false" sslProtocol="TLS" />
>
> Any idea what else could be going wrong?

You didn't import your private key into Java keystore.

Use openssl to create PKCS#12 keystore containing your private key 
(prvkey.key), your certificate (sslcert.crt) and sertificate chain (cacert.pem).

Then, import PKCS#12 keystore to Java keystore using keytool.

Verify Java keystore with:

   keytool -list -keystore /tmp/.keystore -v

You should see one PrivateKeyEntry, with certificate chain to trusted CA.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the 
property of Persistent Systems Ltd. It is intended only for the use of the 
individual or entity to which it is addressed. If you are not the intended 
recipient, you are not authorized to read, retain, copy, print, distribute or 
use this message. If you have received this communication in error, please 
notify the sender and delete all copies of this message. Persistent Systems 
Ltd. does not accept any liability for virus infected mails.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to