Hi,
I am facing SSL certificate issue in my Tomcat Environment. I have created local SSL Server certificate to be authenticated by the certificate imported from Thawte Certificate Authority. With the following Connector entry in server.xml, <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="changeit" keystoreFile=" "c:/Documents and Settings/rensetty/.keystore" " truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts"/> I am seeing the following error repeatedly on my console: *********START ****************************** The following is my SSL configuration I have enabled SSL for user authentication. I have is SSL configured. I gWhen I try to authenticate communicate to the I get the following error when to issue when I try to connect to 2007-10-29 09:16:44,217 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule - first pass 2007-10-29 09:16:44,233 INFO [org.apache.coyote.http11.Http11Protocol] Starting Coyote HTTP/1.1 on http-8443 2007-10-29 09:16:44,249 ERROR [org.apache.tomcat.util.net.JIoEndpoint] Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310) at java.lang.Thread.run(Thread.java:595) 2007-10-29 09:16:44,280 INFO [org.apache.coyote.ajp.AjpProtocol] Starting Coyote AJP/1.3 on ajp-AGILENT-7B2231B%2F146.208.145.86-8009 ******** END ************************************************************************** However with keyAlis (keyAlias="root") included in the Connector Entry I see a different error. I saw a couple of similar queries in the mailing lists but didn't help address these errors. Any help on this is highly appreciated. ******START ********************************** 2007-10-29 13:54:52,449 ERROR [org.apache.coyote.http11.Http11Protocol] Error starting endpoint java.io.IOException: Alias name root does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:412) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:378) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:125) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:496) at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:515) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203) at org.apache.catalina.connector.Connector.start(Connector.java:1132) at org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:584) at org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:621) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153) at $Proxy47.handleNotification(Unknown Source) at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127) at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108) at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916) at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497) at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362) at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:508) at java.lang.Thread.run(Thread.java:595) 2007-10-29 13:54:52,465 WARN [org.jboss.web.tomcat.service.JBossWeb] Failed to startConnectors *****END ****************************************************************** ******** keytool -v -list ****************************************** Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries Alias name: root Creation date: 29/10/2007 Entry type: trustedCertEntry Owner: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn own, C=Unknown Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FO R TESTING PURPOSES ONLY, C=ZA Serial number: 40c098072bee02b452d3a2b2ee03a399 Valid from: Mon Oct 29 17:27:26 GMT+05:30 2007 until: Mon Nov 19 17:27:26 GMT+05 :30 2007 Certificate fingerprints: MD5: F3:5C:C7:50:AD:DC:74:1E:7D:CF:84:10:02:A4:36:7B SHA1: 2E:92:2D:A3:51:E7:22:CA:A8:D9:93:FC:F0:78:1E:7A:7C:A0:9F:3F ******************************************* ******************************************* Alias name: jboss Creation date: 29/10/2007 Entry type: trustedCertEntry Owner: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn own, C=Unknown Issuer: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unk nown, C=Unknown Serial number: 4725cab8 Valid from: Mon Oct 29 17:27:44 GMT+05:30 2007 until: Sun Jan 27 17:27:44 GMT+05 :30 2008 Certificate fingerprints: MD5: 20:E9:89:66:B0:FF:06:20:9A:EE:0C:05:E2:6D:B6:B7 SHA1: 6E:ED:3F:AF:46:CF:B9:02:64:E9:A2:23:24:C3:CC:8F:B6:58:53:FB ******* keytool -v -list *********************************************** Thanks in advance, Renu Kumar