Hi,
I am facing SSL certificate issue in my Tomcat Environment. I have created
local SSL Server certificate to be authenticated by the certificate imported
from Thawte Certificate Authority.
With the following Connector entry in server.xml,
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystorePass="changeit"
keystoreFile=" "c:/Documents and Settings/rensetty/.keystore" "
truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts"/>
I am seeing the following error repeatedly on my console:
*********START ******************************
The following is my SSL configuration I have enabled SSL for user
authentication. I have is SSL configured. I gWhen I try to authenticate
communicate to the I get the following error when to issue when I try to
connect to
2007-10-29 09:16:44,217 DEBUG [com.arjuna.ats.jta.logging.loggerI18N]
[com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule -
first pass
2007-10-29 09:16:44,233 INFO [org.apache.coyote.http11.Http11Protocol]
Starting Coyote HTTP/1.1 on http-8443
2007-10-29 09:16:44,249 ERROR [org.apache.tomcat.util.net.JIoEndpoint] Socket
accept failed
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No
available certificate or key corresponds to the SSL cipher suites which are
enabled.
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
at java.lang.Thread.run(Thread.java:595)
2007-10-29 09:16:44,280 INFO [org.apache.coyote.ajp.AjpProtocol] Starting
Coyote AJP/1.3 on ajp-AGILENT-7B2231B%2F146.208.145.86-8009
******** END
**************************************************************************
However with keyAlis (keyAlias="root") included in the Connector Entry I see a
different error. I saw a couple of similar queries in the mailing lists but
didn't help address these errors. Any help on this is highly appreciated.
******START **********************************
2007-10-29 13:54:52,449 ERROR [org.apache.coyote.http11.Http11Protocol] Error
starting endpoint
java.io.IOException: Alias name root does not identify a key entry
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:412)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:378)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:125)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:496)
at
org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:515)
at
org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
at
org.apache.catalina.connector.Connector.start(Connector.java:1132)
at
org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:584)
at
org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:621)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)
at $Proxy47.handleNotification(Unknown Source)
at
org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)
at
org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)
at
org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
at org.jboss.Main.boot(Main.java:200)
at org.jboss.Main$1.run(Main.java:508)
at java.lang.Thread.run(Thread.java:595)
2007-10-29 13:54:52,465 WARN [org.jboss.web.tomcat.service.JBossWeb] Failed to
startConnectors
*****END ******************************************************************
******** keytool -v -list ******************************************
Enter keystore password: changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: root
Creation date: 29/10/2007
Entry type: trustedCertEntry
Owner: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn
own, C=Unknown
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FO
R TESTING PURPOSES ONLY, C=ZA
Serial number: 40c098072bee02b452d3a2b2ee03a399
Valid from: Mon Oct 29 17:27:26 GMT+05:30 2007 until: Mon Nov 19 17:27:26 GMT+05
:30 2007
Certificate fingerprints:
MD5: F3:5C:C7:50:AD:DC:74:1E:7D:CF:84:10:02:A4:36:7B
SHA1: 2E:92:2D:A3:51:E7:22:CA:A8:D9:93:FC:F0:78:1E:7A:7C:A0:9F:3F
*******************************************
*******************************************
Alias name: jboss
Creation date: 29/10/2007
Entry type: trustedCertEntry
Owner: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn
own, C=Unknown
Issuer: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unk
nown, C=Unknown
Serial number: 4725cab8
Valid from: Mon Oct 29 17:27:44 GMT+05:30 2007 until: Sun Jan 27 17:27:44 GMT+05
:30 2008
Certificate fingerprints:
MD5: 20:E9:89:66:B0:FF:06:20:9A:EE:0C:05:E2:6D:B6:B7
SHA1: 6E:ED:3F:AF:46:CF:B9:02:64:E9:A2:23:24:C3:CC:8F:B6:58:53:FB
******* keytool -v -list ***********************************************
Thanks in advance,
Renu Kumar
