Hi Bill- Thanks for replying.
keytool -list says:
C:\Program Files\Java\jdk1.5.0_06\bin>keytool -list -keystore "C:\Documents
and
Settings\HP_Administrator\.keystore
Enter keystore password: changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
root, Sep 11, 2006, trustedCertEntry,
Certificate fingerprint (MD5):
A1:53:42:0F:F5:CB:A3:E2:40:D6:06:89:62:64:3E:55
tomcat, Sep 11, 2006, trustedCertEntry,
Certificate fingerprint (MD5):
A1:53:42:0F:F5:CB:A3:E2:40:D6:06:89:62:64:3E:55
C:\Program Files\Java\jdk1.5.0_06\bin>
I have the same certificate imported under the 'root' and 'tomcat' alias; is
that a problem?
And I'm positive I'm using the same keystore file that I used to generate
the key.
Thanks for replying and your help!! This Security issue has been giving me
problems for over a week now!
-Jeanna
----- Original Message -----
From: "Bill Barker" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Sunday, September 10, 2006 4:54 PM
Subject: Re: Error: No available certificate or key corresponds to the SSL
cipher suites which are enabled.
I don't know if it's just copy/paste errors, but from what you've written,
you've imported the ca cert twice, and into a different keystore file than
you used to generate the key.
What does > keytool -list say?
"Jeanna Geier" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Hi All-
I'm running into an odd problem and am hoping that someone out there can
help me!
I'm trying to configure and run SSL; I am able to create, startup and run
everyting when I am using a self-signed certificate. (Yeah!)
However, when I attempt to use a trial certificate from thawte (which is
where we want to get to), I am getting an error. Here's what I'v done
(http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html):
- created a local Certificate: >keytool -genkey -alias tomcat -keyalg RSA
I didn't get a 'chain certificate' with my free trial, so for the next
step, I imported the certificate I got from Thawte:
- keytool -import -alias root -keystore C:\Documents and
Settings\HP_Administrator\.keystore -trustcacerts -file
C:\thawte_ca_cert.cert
Then I imported the new certificate under my tomcat user:
- keytool -import -alias tomcat -keystore C:\Documents and
Settings\HP_Administrator\.keystore -trustcacerts -file
C:\thawte_ca_cert.cert
According to the directions, that should be it; however, when I go to
start Tomcat, I get the following error:
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:368)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:549)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:595)
Sep 8, 2006 1:34:04 PM org.apache.tomcat.util.net.PoolTcpEndpoint
acceptSocket
WARNING: Reinitializing ServerSocket
Sep 8, 2006 1:34:04 PM org.apache.tomcat.util.net.PoolTcpEndpoint
acceptSocket
SEVERE: Endpoint [SSL:
ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=443]] ignored
exception: java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException:
No available certificate or key corresponds to the SSL cipher suites which
are enabled.
When I search/google on this, it says that one cause could be "different
passwords has been used for the certificate and the Keystore. In this
case, use the Keytool to change the password of the certificate to match
the password of the Keystore." - but that's not the case.
Please, any help you can offer would be greatly appreciated. Thanks!
-Jeanna
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
