Can anyone please help with the question below? I'm pretty much clueless...
I think I followed the HOWTO but it seems to be not working... so I must have missed something... Thanks!! On Thu, Sep 4, 2008 at 5:22 PM, Haim Cohen <[EMAIL PROTECTED]> wrote: > Hi > > I'm new to Tomcat and I'm trying to set SSL on a Tomcat server and to > understand how it should be done. > > I started with generating key as explained in the Tomcat SSL howto and > everything went well and I succeeded to connect using https to my server, of > course the browser did not recognize the certificate but this is ok. > > Then I moved to the next phase and created a trial certificate in Verisign > and followed the instructions specified in the Verisign site and in the > howto. > After the installation Tomcat getting to following exception: > Sep 4, 2008 4:43:06 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run > SEVERE: Socket accept failed > java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No > available certificate or key corresponds to the SSL cipher suites which are > enabled. > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) > at > org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310) > at java.lang.Thread.run(Unknown Source) > > Tomcat kept getting this exception and hunged the machine after creating a > log file in the size of all the free disk space (I only had there 10GB). > > Can anyone help me understand where I was wrong? > > To enable the SSL I made the following: > 1. generated trial key and got the intermediateCA from Verisign > 2. run keytool to create keystore: > keytool.exe -import -alias intermediateCA -keystore .\myKeystore > -trustcacerts -file intermediateCA.cert > keytool.exe -import -alias tomcat -keystore .\myKeystore -trustcacerts > -file mine.cert > 3. updated the server.xml and added a connector as following: > <Connector > port="8443" minSpareThreads="5" maxSpareThreads="75" > enableLookups="true" disableUploadTimeout="true" > acceptCount="100" maxThreads="150" > scheme="https" secure="true" SSLEnabled="true" > keystoreFile="full path to myKeystore" keystorePass="123456" > clientAuth="false" sslProtocol="TLS"/> > > The only difference I found was that when I listed the keys in the keystore > I got PrivateKeyEntry for the generated keys and trustedCertEntry for the > trial keys. can it be connected? > > The self generated file: > ---------------------------- > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 1 entry > > tomcat, Sep 3, 2008, PrivateKeyEntry, > Certificate fingerprint (MD5): > 6F:EC:48:31:4C:CC:2A:C3:AB:10:22:BD:A3:78:44:AF > ---------------------------- > > The trial file: > ---------------------------- > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 2 entries > > intermediateca, Sep 4, 2008, trustedCertEntry, > Certificate fingerprint (MD5): > 8D:E9:89:DB:7F:CC:5E:3B:FD:DE:2C:42:08:13:EF:43 > tomcat, Sep 4, 2008, trustedCertEntry, > Certificate fingerprint (MD5): > AC:9F:D0:82:72:BC:61:26:CB:7F:44:5C:AF:06:F1:20 > --------------------------- > > Thanks!!! > Haim >
