Hi,

 

I am facing SSL certificate issue in my Tomcat Environment. I have created 
local SSL Server certificate to be authenticated by the certificate imported 
from Thawte Certificate Authority. 

With the following Connector entry in server.xml,

 

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

               maxThreads="150" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" 

               keystorePass="changeit"

               keystoreFile=" "c:/Documents and Settings/rensetty/.keystore" "

               truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts"/>

 

I am seeing the following error repeatedly on my console:

 

*********START ******************************
The following is my SSL configuration I have enabled SSL for user 
authentication. I have is SSL configured. I gWhen I try to authenticate 
communicate to the I get the following error when to issue when I try to 
connect to

 

2007-10-29 09:16:44,217 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] 
[com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule - 
first pass

2007-10-29 09:16:44,233 INFO  [org.apache.coyote.http11.Http11Protocol] 
Starting Coyote HTTP/1.1 on http-8443

2007-10-29 09:16:44,249 ERROR [org.apache.tomcat.util.net.JIoEndpoint] Socket 
accept failed

java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No 
available certificate or key corresponds to the SSL cipher suites which are 
enabled.

            at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)

            at 
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)

            at java.lang.Thread.run(Thread.java:595)

2007-10-29 09:16:44,280 INFO  [org.apache.coyote.ajp.AjpProtocol] Starting 
Coyote AJP/1.3 on ajp-AGILENT-7B2231B%2F146.208.145.86-8009

 

******** END 
**************************************************************************

 

 

However with keyAlis (keyAlias="root") included in the Connector Entry I see a 
different error. I saw a couple of similar queries in the mailing lists but 
didn't help address these errors. Any help on this is highly appreciated.

 

 

******START **********************************

2007-10-29 13:54:52,449 ERROR [org.apache.coyote.http11.Http11Protocol] Error 
starting endpoint

java.io.IOException: Alias name root does not identify a key entry

            at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:412)

            at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:378)

            at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:125)

            at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:496)

            at 
org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:515)

            at 
org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)

            at 
org.apache.catalina.connector.Connector.start(Connector.java:1132)

            at 
org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:584)

            at 
org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:621)

            at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

            at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

            at java.lang.reflect.Method.invoke(Method.java:585)

            at 
org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)

            at $Proxy47.handleNotification(Unknown Source)

            at 
org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)

            at 
org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)

            at 
org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916)

            at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)

            at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)

            at org.jboss.Main.boot(Main.java:200)

            at org.jboss.Main$1.run(Main.java:508)

            at java.lang.Thread.run(Thread.java:595)

2007-10-29 13:54:52,465 WARN  [org.jboss.web.tomcat.service.JBossWeb] Failed to 
startConnectors

 

*****END ******************************************************************

 

 

******** keytool -v -list ******************************************

Enter keystore password:  changeit

 

Keystore type: jks

Keystore provider: SUN

 

Your keystore contains 2 entries

 

Alias name: root

Creation date: 29/10/2007

Entry type: trustedCertEntry

 

Owner: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn

own, C=Unknown

Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FO

R TESTING PURPOSES ONLY, C=ZA

Serial number: 40c098072bee02b452d3a2b2ee03a399

Valid from: Mon Oct 29 17:27:26 GMT+05:30 2007 until: Mon Nov 19 17:27:26 GMT+05

:30 2007

Certificate fingerprints:

         MD5:  F3:5C:C7:50:AD:DC:74:1E:7D:CF:84:10:02:A4:36:7B

         SHA1: 2E:92:2D:A3:51:E7:22:CA:A8:D9:93:FC:F0:78:1E:7A:7C:A0:9F:3F

*******************************************

*******************************************

Alias name: jboss

Creation date: 29/10/2007

Entry type: trustedCertEntry

 

Owner: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn

own, C=Unknown

Issuer: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unk

nown, C=Unknown

Serial number: 4725cab8

Valid from: Mon Oct 29 17:27:44 GMT+05:30 2007 until: Sun Jan 27 17:27:44 GMT+05

:30 2008

Certificate fingerprints:

         MD5:  20:E9:89:66:B0:FF:06:20:9A:EE:0C:05:E2:6D:B6:B7

         SHA1: 6E:ED:3F:AF:46:CF:B9:02:64:E9:A2:23:24:C3:CC:8F:B6:58:53:FB

 

******* keytool -v -list ***********************************************

 

 

Thanks in advance,

 

Renu Kumar

Reply via email to