You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Kernel freak <ke...@gmail.com> on 2015/09/30 17:13:38 UTC

Tomcat 7, no_cypher_overlap error, no solutions working, please help.

Hi guys,

I am trying to setup https on tomcat, but not having much luck since 5
hours. I am always getting no_cypher_overlap errror.
The certificate is not self-signed, but issued. The crt file I am importing
for both root and tomcat alias.

These are the files I have domainname.ca-bundle, .crt, .csr, .key, .p12,
domainname.jks,

THis is the command I gave :

keytool -import -trustcacerts -alias root -file domainname.crt -keyalg RSA
-keystore domainaname.jks

Connector looks like this :

 <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="200" compression="force"
              compressionMinSize="1024" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
sslProtocol="TLS" URIEncoding="utf-8"
 compressableMimeType="text/html,text/xml,text/plain,text/css,text/
javascript,application/x-javascript,application/javascript"
               keystoreFile="domain.jks" keystorePass="pass" />

Still it is not working, there are so many users out there, who have the

same problem, and still there is no good solution for this.

I have also posted it on Stackoverflow(Link below), no help there too. If

anyone knows what I can do, kindly let me know. THis is messed up to

configure https for 5 hours with issued certificate. Thanks.

http://stackoverflow.com/questions/32866528/apache-tomcat-importing-already-existing-certificates-into-keystore

Regards,
Kernel

Re: Tomcat 7, no_cypher_overlap error, no solutions working, please help.

Posted by David kerber <dc...@verizon.net>.

On 9/30/2015 11:13 AM, Kernel freak wrote:
> Hi guys,
>
> I am trying to setup https on tomcat, but not having much luck since 5
> hours. I am always getting no_cypher_overlap errror.

This error means that your server and the client browser don't have any 
cypers in common (there are none that they can both work with).


> The certificate is not self-signed, but issued. The crt file I am importing
> for both root and tomcat alias.
>
> These are the files I have domainname.ca-bundle, .crt, .csr, .key, .p12,
> domainname.jks,
>
> THis is the command I gave :
>
> keytool -import -trustcacerts -alias root -file domainname.crt -keyalg RSA
> -keystore domainaname.jks
>
> Connector looks like this :
>
>   <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="200" compression="force"
>                compressionMinSize="1024" scheme="https" secure="true"
> clientAuth="false" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
> sslProtocol="TLS" URIEncoding="utf-8"
>   compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> javascript,application/x-javascript,application/javascript"
>                 keystoreFile="domain.jks" keystorePass="pass" />
>
> Still it is not working, there are so many users out there, who have the
>
> same problem, and still there is no good solution for this.
>
> I have also posted it on Stackoverflow(Link below), no help there too. If
>
> anyone knows what I can do, kindly let me know. THis is messed up to
>
> configure https for 5 hours with issued certificate. Thanks.
>
> http://stackoverflow.com/questions/32866528/apache-tomcat-importing-already-existing-certificates-into-keystore
>
> Regards,
> Kernel
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat 7, no_cypher_overlap error, no solutions working, please help.

Posted by Mark Thomas <ma...@apache.org>.

On 30 September 2015 16:13:38 BST, Kernel freak <ke...@gmail.com> wrote:
>Hi guys,
>
>I am trying to setup https on tomcat, but not having much luck since 5
>hours. I am always getting no_cypher_overlap errror.
>The certificate is not self-signed, but issued. The crt file I am
>importing
>for both root and tomcat alias.
>
>These are the files I have domainname.ca-bundle, .crt, .csr, .key,
>.p12,
>domainname.jks,
>
>THis is the command I gave :
>
>keytool -import -trustcacerts -alias root -file domainname.crt -keyalg
>RSA
>-keystore domainaname.jks
>
>Connector looks like this :
>
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>maxThreads="200" compression="force"
>              compressionMinSize="1024" scheme="https" secure="true"
>clientAuth="false" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
>sslProtocol="TLS" URIEncoding="utf-8"
> compressableMimeType="text/html,text/xml,text/plain,text/css,text/
>javascript,application/x-javascript,application/javascript"
>               keystoreFile="domain.jks" keystorePass="pass" />
>
>Still it is not working, there are so many users out there, who have
>the
>
>same problem, and still there is no good solution for this.
>
>I have also posted it on Stackoverflow(Link below), no help there too.
>If
>
>anyone knows what I can do, kindly let me know. THis is messed up to
>
>configure https for 5 hours with issued certificate. Thanks.
>
>http://stackoverflow.com/questions/32866528/apache-tomcat-importing-already-existing-certificates-into-keystore
>
>Regards,
>Kernel

ssllabs is your friend.

Mark