You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bruce Perryman <bp...@yahoo.com> on 2005/04/25 20:31:48 UTC
Tomcat 5 and SSL Configuration
Hello,
I'm using TC 5.0.19 and j2sdk1.4.2_04 on RedHat 9.
My SSL certificate expired and I received a new one
but haven't been able to get the new one to work.
Here are the steps that I used to get the certificate
and import it into my keystore:
[1] keytool -genkey -alias tomcat
-keyalg RSA -keystore .keystore
[2] keytool -certreq -alias tomcat
-keystore .keystore -file tomcat.csr
[3] Submit tomcat.csr to Entrust and then
retrieve entrust_ssl_ca.cer (We used
cut and paste, not file download.)
[4] shut down Tomcat
[5] keytool -delete -alias tomcat
-keystore .keystore
[6] keytool import -trustcacerts
-alias tomcat -file entrust_ssl_ca.cer
-keystore .keystore
[7] restart tomcat
Instead of [6], we also tried:
[6a] keytool import -alias tomcat
-file entrust_ssl_ca.cer -keystore .keystore
When I restart Tomcat and view my page, I get the
message that the page cannot be displayed.
In my catalina.out file, I see the following severe
error msg:
Endpoint [SSL: ServerSocket[addr= ]] ignored
exception: java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No available
certificate corresponds to the SSL cipher suites which
are enabled.
Does anyone know what I'm doing wrong? I don't have
the exact steps that I performed with my previous
certificate, but the above steps are what I used for
the newly issued certificate.
Thanks, in advance, for your help.
__________________________________
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
http://info.mail.yahoo.com/mail_250
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat 5 and SSL Configuration
Posted by Mark Thomas <ma...@apache.org>.
Bruce,
You should not have done step 5. This deleted your private key. I hope
you have a backup ;)
Mark
Bruce Perryman wrote:
> Hello,
>
> I'm using TC 5.0.19 and j2sdk1.4.2_04 on RedHat 9.
>
> My SSL certificate expired and I received a new one
> but haven't been able to get the new one to work.
>
> Here are the steps that I used to get the certificate
> and import it into my keystore:
>
> [1] keytool -genkey -alias tomcat
> -keyalg RSA -keystore .keystore
> [2] keytool -certreq -alias tomcat
> -keystore .keystore -file tomcat.csr
> [3] Submit tomcat.csr to Entrust and then
> retrieve entrust_ssl_ca.cer (We used
> cut and paste, not file download.)
> [4] shut down Tomcat
> [5] keytool -delete -alias tomcat
> -keystore .keystore
> [6] keytool import -trustcacerts
> -alias tomcat -file entrust_ssl_ca.cer
> -keystore .keystore
> [7] restart tomcat
> Instead of [6], we also tried:
> [6a] keytool import -alias tomcat
> -file entrust_ssl_ca.cer -keystore .keystore
>
> When I restart Tomcat and view my page, I get the
> message that the page cannot be displayed.
>
> In my catalina.out file, I see the following severe
> error msg:
>
> Endpoint [SSL: ServerSocket[addr= ]] ignored
> exception: java.net.SocketException: SSL handshake
> errorjavax.net.ssl.SSLException: No available
> certificate corresponds to the SSL cipher suites which
> are enabled.
>
> Does anyone know what I'm doing wrong? I don't have
> the exact steps that I performed with my previous
> certificate, but the above steps are what I used for
> the newly issued certificate.
>
> Thanks, in advance, for your help.
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 250MB free storage. Do more. Manage less.
> http://info.mail.yahoo.com/mail_250
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org