I think I just solved my issue. I followed the instructions on GoDaddy
to get this done.
To install the GoDaddy Certificates:
Create a keystore file
openssl pkcs12 -export -chain -CAfile
/etc/httpd/conf/ssl.crt/gd_intermediate_bundle.crt -in
/etc/httpd/conf/ssl.crt/_.joesdomain.com.crt -inkey
/etc/httpd/conf/ssl.key/joesdomain.key -out
/etc/httpd/conf/ssl.crt/keystore.tomcat -name tomcat -passout
pass:changeit
To list the certificates in the keystore file:
$JAVA_HOME/bin/keytool -list -v -storetype pkcs12 -keystore
/etc/httpd/conf/ssl.crt/keystore.tomcat
/* server.xml */
<Connector className="org.apache.coyote.tomcat5.Coyote-Connector"
port="8443" miniProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/httpd/conf/ssl.crt/keystore.tomcat"
keystorePass="changeit"
keystoreType="PKCS12" />
-Joe
On Fri, Oct 2, 2009 at 4:17 PM, Joe Hansen <joe.hansen...@gmail.com> wrote:
> Hey all,
>
> Apache 2.0/Tomcat 5.5/mod_jk installed on RedHat Enterprise Linux ES 4.0.
>
> Our web server has been up and running smoothly for more than 2 years
> now. This morning I noticed that the websites were down. When I
> checked the logs, I found the following message:
> java.io.FileNotFoundException: The file /root/.keystore is not available
>
> Sure enough, the /root/.keystore file was missing. I have no clue how
> that file got deleted in first place. So, I created the keystore file
> using the following commands:
> Added the certificate chain file to the keystore (When prompted for
> the password, I entered 'changeit') :
> $JAVA_HOME/bin/keytool -import -alias root -trustcacerts -file
> /etc/httpd/conf/ssl.crt/gd_intermediate_bundle.crt
>
> Added the certificate file to the keystore (When prompted for the
> password, I entered 'changeit'):
> $JAVA_HOME/bin/keytool -import -alias tomcat -trustcacerts -file
> /etc/httpd/conf/ssl.crt/_joesdomain.com.crt
>
> The above two commands created the /root/.keystore file. I then added
> the keystoreFile and keystorePass attributes to Tomcat's server.xml
> file's connector element as follows
>
> <Connector className="org.apache.coyote.tomcat5.Coyote-Connector"
> port="8443" miniProcessors="5" maxProcessors="75"
> enableLookups="true" disableUploadTimeout="true"
> acceptCount="100" debug="0" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> keystoreFile="/root/.keystore"
> keystorePass="changeit" />
>
> Now, when I restart the web server, the websites seem to be working
> fine, but the tomcat logs are inundated with the following error
> message:
> 2009 Oct 02 / 15:18:29 ERROR -
> [org.apache.tomcat.util.net.PoolTcpEndpoint] : Endpoint [SSL:
> ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8443]] ignored
> exception: java.net.SocketException: SSL handshake error
> javax.net.ssl.SSLException: No available certificate or key
> corresponds to the SSL cipher suites which are enabled.
>
>
> Can a Tomcat/SSL guru please guide me in solving this issue.
>
> Thank you!
> Joe
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
