Following up this email from Werner, did you fix it Werner???
I am facing the same problem, aparently my process is correct, here is
some info:
Catalina.out: (Alias name autentiacert does not identify a key entry)
---------------------------- Catalina.out -------------------------
GRAVE: Error inicializando punto final (endpoint)
java.io.IOException: El nombre de Alias autentiacert no identifica una
entrada de clave
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:143)
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
at
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:138)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791)
at org.apache.catalina.startup.Catalina.load(Catalina.java:503)
at org.apache.catalina.startup.Catalina.load(Catalina.java:523)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
01-oct-2007 16:55:21 org.apache.catalina.startup.Catalina load
GRAVE: Catalina.start
LifecycleException: Falló la inicialización del manejador de
protocolo: java.io.IOException: El nombre de Alias autentiacert no
identifica una entrada de clave
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1018)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791)
at org.apache.catalina.startup.Catalina.load(Catalina.java:503)
at org.apache.catalina.startup.Catalina.load(Catalina.java:523)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
---------------------------- Catalina.out -------------------------
----------------------------------------------------- server.xml
---------------------------------
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/root/.keystore"
keystorePass="changeit"
keyAlias="autentiacert"
URIEncoding="UTF-8" />
----------------------------------------------------- server.xml
---------------------------------
--------------------------------- keytool -list -v -storepass changeit
----------------------
Tipo del almacén de claves: jks
Proveedor del almacén de claves: IBMJCE
El almacén de claves contiene 3 entradas
Nombre de alias: autentiacacert
Fecha de creación: 01-oct-2007
Tipo de entrada: trustedCertEntry
Propietario: [EMAIL PROTECTED], CN=Angel,
OU=Pymes2, O=Gobernalia, ST=Madrid, C=ES
Emisor: [EMAIL PROTECTED], CN=Angel,
OU=Pymes2, O=Gobernalia, ST=Madrid, C=ES
Número de serie: 0
Válido desde: 1/10/07 18:22 hasta: 30/09/10 18:22
Huellas de certificado:
MD5: E6:7B:06:78:AB:71:F2:F9:E7:74:B9:64:FB:FA:43:F2
SHA1: A9:E5:6B:58:56:71:BB:37:2D:4D:02:6E:71:E3:7E:EE:24:BF:7F:84
*******************************************
*******************************************
Nombre de alias: pymes2
Fecha de creación: 01-oct-2007
Tipo de entrada: keyEntry
Longitud de la cadena de certificados: 1
Certificado[1]:
Propietario: CN=pymes2.gobernalianet.es, OU=Pymes2, O=Gobernalia,
L=Madrid, ST=Madrid, C=ES
Emisor: CN=pymes2.gobernalianet.es, OU=Pymes2, O=Gobernalia, L=Madrid,
ST=Madrid, C=ES
Número de serie: 47010c0d
Válido desde: 1/10/07 17:02 hasta: 30/12/07 16:02
Huellas de certificado:
MD5: 9D:36:5D:F9:D1:33:27:F9:E0:3F:BA:BF:F7:07:35:58
SHA1: 33:DA:68:79:13:66:65:E4:02:19:A6:6E:AF:73:1C:2B:45:E1:14:38
*******************************************
*******************************************
Nombre de alias: autentiacert
Fecha de creación: 01-oct-2007
Tipo de entrada: trustedCertEntry
Propietario: CN=pymes2.gobernalianet.es, OU=Pymes2, O=Gobernalia,
L=Madrid, ST=Madrid, C=ES
Emisor: [EMAIL PROTECTED], CN=Angel,
OU=Pymes2, O=Gobernalia, ST=Madrid, C=ES
Número de serie: 1
Válido desde: 1/10/07 18:28 hasta: 30/09/08 18:28
Huellas de certificado:
MD5: 2C:D4:6F:C6:8F:A5:8D:19:45:F8:12:AF:0F:F6:CE:50
SHA1: 1E:11:C1:68:35:5F:BE:5A:8D:F4:07:61:6F:41:BE:92:86:BF:C5:98
*******************************************
*******************************************
--------------------------------- keytool -list -v -storepass changeit
----------------------
En of message,
Thank you so much,
Angel
----- Original Message -----
Hello,
setting keyAlias="root" did not change anything. Then I downloaded the
latest version of Tomcat, added the Verisign cert to my cacerts file
and imported my Verisign-signed SSL certificate into a new keystore.
Unfortunately that does not change my situation: Either Tomcat is
unable to find my alias in the keystore file (if I specify a keyAlias)
or there appears to be a problem with the SSL ciphers or certificate
itself (if I don't specify a
keyAlias).
The two error message I am getting when attempting to start Tomcat are
(see further below):
1/with keyAlias directive:
INFO: Starting Coyote HTTP/1.1 on myhostname%2F10.10.11.32-6510
Aug 29, 2007 12:44:53 PM org.apache.coyote.http11.Http11BaseProtocol
start
SEVERE: Error starting endpoint
java.io.IOException: Alias name tomcat does not identify a key entry
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:143)
2/without keyAlias directive:
java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled. at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)
Any more ideas? Is the problem maybe caused because I am creating a
new keystore and the key of the Verisign-signed certificate is in a
separate file (my colleague deleted the original keystore file)? Are
we screwed now?
Thank you. Any input is greatly appreciated.
Bye,
Werner.
----- Original Message ----- From: "Filip Hanik - Dev Lists" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Wednesday, August 29, 2007 10:32 PM
Subject: Re: Problems with SSL-enabled Tomcat 5.5
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
