You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Bruce Perryman <bp...@yahoo.com> on 2005/04/25 20:31:48 UTC

Tomcat 5 and SSL Configuration

Hello,

I'm using TC 5.0.19 and j2sdk1.4.2_04 on RedHat 9.

My SSL certificate expired and I received a new one
but haven't been able to get the new one to work. 

Here are the steps that I used to get the certificate
and import it into my keystore:

[1] keytool -genkey -alias tomcat
     -keyalg RSA -keystore .keystore
[2] keytool -certreq -alias tomcat
     -keystore .keystore -file tomcat.csr
[3] Submit tomcat.csr to Entrust and then
     retrieve entrust_ssl_ca.cer  (We used
     cut and paste, not file download.)
[4] shut down Tomcat
[5] keytool -delete -alias tomcat
      -keystore .keystore
[6] keytool import -trustcacerts
     -alias tomcat -file entrust_ssl_ca.cer
     -keystore .keystore
[7] restart tomcat
Instead of [6], we also tried:
[6a] keytool import -alias tomcat
      -file entrust_ssl_ca.cer -keystore .keystore

When I restart Tomcat and view my page, I get the
message that the page cannot be displayed.

In my catalina.out file, I see the following severe
error msg:

Endpoint [SSL: ServerSocket[addr=     ]] ignored
exception: java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No available
certificate corresponds to the SSL cipher suites which
are enabled.

Does anyone know what I'm doing wrong? I don't have
the exact steps that I performed with my previous
certificate, but the above steps are what I used for
the newly issued certificate.

Thanks, in advance, for your help.


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Tomcat 5 and SSL Configuration

Posted by Mark Thomas <ma...@apache.org>.

Bruce,

You should not have done step 5. This deleted your private key. I hope 
you have a backup ;)

Mark

Bruce Perryman wrote:
> Hello,
> 
> I'm using TC 5.0.19 and j2sdk1.4.2_04 on RedHat 9.
> 
> My SSL certificate expired and I received a new one
> but haven't been able to get the new one to work. 
> 
> Here are the steps that I used to get the certificate
> and import it into my keystore:
> 
> [1] keytool -genkey -alias tomcat
>      -keyalg RSA -keystore .keystore
> [2] keytool -certreq -alias tomcat
>      -keystore .keystore -file tomcat.csr
> [3] Submit tomcat.csr to Entrust and then
>      retrieve entrust_ssl_ca.cer  (We used
>      cut and paste, not file download.)
> [4] shut down Tomcat
> [5] keytool -delete -alias tomcat
>       -keystore .keystore
> [6] keytool import -trustcacerts
>      -alias tomcat -file entrust_ssl_ca.cer
>      -keystore .keystore
> [7] restart tomcat
> Instead of [6], we also tried:
> [6a] keytool import -alias tomcat
>       -file entrust_ssl_ca.cer -keystore .keystore
> 
> When I restart Tomcat and view my page, I get the
> message that the page cannot be displayed.
> 
> In my catalina.out file, I see the following severe
> error msg:
> 
> Endpoint [SSL: ServerSocket[addr=     ]] ignored
> exception: java.net.SocketException: SSL handshake
> errorjavax.net.ssl.SSLException: No available
> certificate corresponds to the SSL cipher suites which
> are enabled.
> 
> Does anyone know what I'm doing wrong? I don't have
> the exact steps that I performed with my previous
> certificate, but the above steps are what I used for
> the newly issued certificate.
> 
> Thanks, in advance, for your help.
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Yahoo! Mail - 250MB free storage. Do more. Manage less. 
> http://info.mail.yahoo.com/mail_250
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org