Thanks Charles, I was offline most of today... I'm using a public machine image from Amazon, and that was the version given. Maybe I'll just start from scratch with the latest.
The sigalg seems to be SHA1withRSA. I gather there is something like a cipher suite associated with JSEE...not sure how to specify one (the right one). JAVA VERSION: java version "1.6.0_17" Java(TM) SE Runtime Environment (build 1.6.0_17-b04) I thought versions above 1.4 had JSEE installed, but maybe there are missing pieces. I sure wish one of the cert vendors would just sell you a .keystore file that worked! -Allen Verbose keytool -list -v: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:0 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: FD AC 61 32 93 6C 45 D6 E2 EE 85 5F 9A BA E7 76 ..a2.lE...._...v 0010: 99 68 CC E7 .h.. ] ] #4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [accessMethod: 1.3.6.1.5.5.7.48.1 accessLocation: URIName: http://ocsp.godaddy.com] ] #5: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://certificates.godaddy.com/repository/gdroot.crl] ]] #6: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi 0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co 0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository ]] ] ] #7: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: D2 C4 B0 D2 91 D4 4C 11 71 B3 61 CB 3D A1 FE DD ......L.q.a.=... 0010: A8 6A D4 E3 .j.. ] ] ******************************************* ******************************************* Alias name: tomcat Creation date: Jul 8, 2010 Entry type: trustedCertEntry Owner: CN=*.truenumbers.com, OU=Domain Control Validated, O=*.truenumbers.com Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Serial number: 449ec6f045efd Valid from: Sun Jun 27 19:22:11 EDT 2010 until: Mon Jun 27 19:22:11 EDT 2011 Certificate fingerprints: MD5: 73:B5:1A:91:E5:F5:56:A1:10:8A:95:E1:A5:7A:0D:AF SHA1: ED:C0:D5:7D:C1:DB:BF:12:68:F9:87:99:63:1D:59:3C:75:6B:C9:84 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen:2147483647 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 22 75 BA 70 0B 1D AB BF C3 77 64 8B 70 23 35 5E "u.p.....wd.p#5^ 0010: C9 AB D9 7F .... ] ] #4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [accessMethod: 1.3.6.1.5.5.7.48.1 accessLocation: URIName: http://ocsp.godaddy.com/, accessMethod: 1.3.6.1.5.5.7.48.2 accessLocation: URIName: http://certificates.godaddy.com/repository/gd_intermediate.crt] ] #5: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.godaddy.com/gds1-19.crl] ]] #6: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.16.840.1.114413.1.7.23.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2B 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .+http://certifi 0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co 0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 2F m/repository/ ]] ] ] #7: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #8: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: FD AC 61 32 93 6C 45 D6 E2 EE 85 5F 9A BA E7 76 ..a2.lE...._...v 0010: 99 68 CC E7 .h.. ] ] #9: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: *.truenumbers.com DNSName: truenumbers.com ] ******************************************* ******************************************* Alias name: cross Creation date: Jul 8, 2010 Entry type: trustedCertEntry Owner: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Issuer: emailaddress=i...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network Serial number: 10d Valid from: Tue Jun 29 13:06:20 EDT 2004 until: Sat Jun 29 13:06:20 EDT 2024 Certificate fingerprints: MD5: 82:BD:9A:0B:82:6A:0E:3E:91:AD:3E:27:04:2B:3F:45 SHA1: DE:70:F4:E2:11:6F:7F:DC:E7:5F:9D:13:01:2B:7E:68:7A:3B:2C:62 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: D2 C4 B0 D2 91 D4 4C 11 71 B3 61 CB 3D A1 FE DD ......L.q.a.=... 0010: A8 6A D4 E3 .j.. ] ] #4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [accessMethod: 1.3.6.1.5.5.7.48.1 accessLocation: URIName: http://ocsp.godaddy.com] ] #5: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://certificates.godaddy.com/repository/root.crl] ]] #6: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi 0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co 0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository ]] ] ] #7: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ [emailaddress=i...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network] SerialNumber: [ 01] ] ******************************************* ******************************************* [r...@ip-10-212-151-97 ~]# > -----Original Message----- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Thursday, July 08, 2010 2:41 PM > To: Tomcat Users List > Subject: RE: SSL problem > > > From: Allen Razdow [mailto:araz...@truenum.com] > > Subject: SSL problem > > > > Using Tomcat 6.0.14 on an amazon EC2 server instance > > Don't suppose you'd like to try this on a version that's a bit less than > three years old? Pretty pointless to debug on something that ancient. > Also, what JVM are you using with Tomcat? > > > Running keytool -list on it reveals 3 entries: > > Are you sure one of those is your Go Daddy certificate? (Use the -v > option with -list to display the details.) > > > javax.net.ssl.SSLException: No available certificate or key > > corresponds to the SSL cipher suites which are enabled. > > What signature algorithms does -list -v show for the Go Daddy certificate? > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
