You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sammaiah Kyatham <sa...@googlemail.com> on 2011/07/28 05:26:25 UTC
Re: Question: Tomcat SSL configuration issue
Hello,
Could you help me on this issue. I spent many hours with the various options
> and couldn’t resolve.
>
>
>
> I have configured the server.xml as per the tomcat configuration, however
> I’m getting below errors.
>
>
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> keystoreFile="C:\Program Files\Java\jre6\bin\hakioskcheckin2_key"
> keystorePass="PrivatePWD" keyAlias="tomcat" maxThreads="150" scheme="https"
> secure="true" clientAuth="false" sslProtocol="TLS" />
>
>
>
> The exception in Catelina log:
>
>
>
> Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init
>
> SEVERE: Error initializing endpoint
>
> java.io.IOException: Alias name tomcat does not identify a key entry
>
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546)
>
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
>
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
>
> at
> org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
>
> at
> org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
>
> at
> org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
>
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
>
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
>
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:538)
>
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:562)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> Source)
>
>
>
>
>
> When list the key using keytool, It lists alias tomcat as
>
> keytool -list -keystore hakioskcheckin2_key -storepass XXXXXX
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> tomcat, Jul 26, 2011, trustedCertEntry,
> Certificate fingerprint (MD5): -removed intentionally-
>
>
>
> *If I remove alias from server.xml then following exception is throwing*
>
> java.io.IOException<http://download.oracle.com/javase/6/docs/api/java/io/IOException.html>:
> jsse.invalid_ssl_conf
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
>
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
>
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
>
> at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
> at org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
>
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
>
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
>
> at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
Re: Question: Tomcat SSL configuration issue
Posted by Felix Schumacher <fe...@internetallee.de>.
Am Freitag, den 29.07.2011, 10:44 -1000 schrieb Sammaiah Kyatham:
> Hello Felix,
>
> Thanks for the response.
>
> I have received new certificated based on new CSR generated.
> While importing cert in to key, I'm getting the following error:
> java.lang.Exception: Failed to establish chain from reply
>
> Here is the keytool command that I used for this:
>
> keytool -import -alias tomcat -keystore c:/cert/final/private_key
> -trustcacerts -file c:/cert/final/cert.cer.txt
> Enter keystore password:
> keytool error: java.lang.Exception: Failed to establish chain from reply
I think you don't want to add the cert into your trustcacert, so try
removing -trustcacerts from your command line.
Bye
Felix
>
> I'm I missing something here.... Thanks in advance.
>
> Sammaiah
>
>
> On 27 July 2011 19:41, Felix Schumacher
> <fe...@internetallee.de>wrote:
>
> >
> >
> > Sammaiah Kyatham <sa...@googlemail.com> schrieb:
> >
> > >Hello,
> > >
> > Your keystore has no private key.
> > The output of keytool below shows only a certificate.
> > You can use keytool -importkeystore to import key and certificate at the
> > same time.
> >
> > Regards
> > Felix
> > >Could you help me on this issue. I spent many hours with the various
> > >options
> > >> and couldn’t resolve.
> > >>
> > >>
> > >>
> > >> I have configured the server.xml as per the tomcat configuration,
> > >however
> > >> I’m getting below errors.
> > >>
> > >>
> > >>
> > >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> > >> keystoreFile="C:\Program Files\Java\jre6\bin\hakioskcheckin2_key"
> > >> keystorePass="PrivatePWD" keyAlias="tomcat" maxThreads="150"
> > >scheme="https"
> > >> secure="true" clientAuth="false" sslProtocol="TLS" />
> > >>
> > >>
> > >>
> > >> The exception in Catelina log:
> > >>
> > >>
> > >>
> > >> Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init
> > >>
> > >> SEVERE: Error initializing endpoint
> > >>
> > >> java.io.IOException: Alias name tomcat does not identify a key entry
> > >>
> > >> at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546)
> > >>
> > >> at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
> > >>
> > >> at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
> > >>
> > >> at
> > >> org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> > >>
> > >> at
> > >> org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
> > >>
> > >> at
> > >>
> > >org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
> > >>
> > >> at
> > >>
> >
> > >org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
> > >>
> > >> at
> > >>
> >
> > >org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
> > >>
> > >> at
> > >> org.apache.catalina.startup.Catalina.load(Catalina.java:538)
> > >>
> > >> at
> > >> org.apache.catalina.startup.Catalina.load(Catalina.java:562)
> > >>
> > >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> > >Method)
> > >>
> > >> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
> > >Source)
> > >>
> > >> at
> > >sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> > >> Source)
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> When list the key using keytool, It lists alias tomcat as
> > >>
> > >> keytool -list -keystore hakioskcheckin2_key -storepass XXXXXX
> > >> Keystore type: JKS
> > >> Keystore provider: SUN
> > >>
> > >> Your keystore contains 1 entry
> > >>
> > >> tomcat, Jul 26, 2011, trustedCertEntry,
> > >> Certificate fingerprint (MD5): -removed intentionally-
> > >>
> > >>
> > >>
> > >> *If I remove alias from server.xml then following exception is
> > >throwing*
> > >>
> > >>
> > >java.io.IOException<
> > http://download.oracle.com/javase/6/docs/api/java/io/IOException.html>:
> > >> jsse.invalid_ssl_conf
> > >> at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
> > >>
> > >> at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
> > >>
> > >> at
> > >>
> >
> > >org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
> > >>
> > >> at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> > >> at
> > >org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
> > >> at
> > >org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
> > >>
> > >> at
> > >>
> >
> > >org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
> > >>
> > >> at
> > >>
> >
> > >org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
> > >>
> > >> at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> > >> at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
> > >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Question: Tomcat SSL configuration issue
Posted by Sammaiah Kyatham <sa...@googlemail.com>.
Hello Felix,
Thanks for the response.
I have received new certificated based on new CSR generated.
While importing cert in to key, I'm getting the following error:
java.lang.Exception: Failed to establish chain from reply
Here is the keytool command that I used for this:
keytool -import -alias tomcat -keystore c:/cert/final/private_key
-trustcacerts -file c:/cert/final/cert.cer.txt
Enter keystore password:
keytool error: java.lang.Exception: Failed to establish chain from reply
I'm I missing something here.... Thanks in advance.
Sammaiah
On 27 July 2011 19:41, Felix Schumacher
<fe...@internetallee.de>wrote:
>
>
> Sammaiah Kyatham <sa...@googlemail.com> schrieb:
>
> >Hello,
> >
> Your keystore has no private key.
> The output of keytool below shows only a certificate.
> You can use keytool -importkeystore to import key and certificate at the
> same time.
>
> Regards
> Felix
> >Could you help me on this issue. I spent many hours with the various
> >options
> >> and couldn’t resolve.
> >>
> >>
> >>
> >> I have configured the server.xml as per the tomcat configuration,
> >however
> >> I’m getting below errors.
> >>
> >>
> >>
> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> >> keystoreFile="C:\Program Files\Java\jre6\bin\hakioskcheckin2_key"
> >> keystorePass="PrivatePWD" keyAlias="tomcat" maxThreads="150"
> >scheme="https"
> >> secure="true" clientAuth="false" sslProtocol="TLS" />
> >>
> >>
> >>
> >> The exception in Catelina log:
> >>
> >>
> >>
> >> Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init
> >>
> >> SEVERE: Error initializing endpoint
> >>
> >> java.io.IOException: Alias name tomcat does not identify a key entry
> >>
> >> at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546)
> >>
> >> at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
> >>
> >> at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
> >>
> >> at
> >> org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> >>
> >> at
> >> org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
> >>
> >> at
> >>
> >org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
> >>
> >> at
> >>
>
> >org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
> >>
> >> at
> >>
>
> >org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
> >>
> >> at
> >> org.apache.catalina.startup.Catalina.load(Catalina.java:538)
> >>
> >> at
> >> org.apache.catalina.startup.Catalina.load(Catalina.java:562)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >Method)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
> >Source)
> >>
> >> at
> >sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> >> Source)
> >>
> >>
> >>
> >>
> >>
> >> When list the key using keytool, It lists alias tomcat as
> >>
> >> keytool -list -keystore hakioskcheckin2_key -storepass XXXXXX
> >> Keystore type: JKS
> >> Keystore provider: SUN
> >>
> >> Your keystore contains 1 entry
> >>
> >> tomcat, Jul 26, 2011, trustedCertEntry,
> >> Certificate fingerprint (MD5): -removed intentionally-
> >>
> >>
> >>
> >> *If I remove alias from server.xml then following exception is
> >throwing*
> >>
> >>
> >java.io.IOException<
> http://download.oracle.com/javase/6/docs/api/java/io/IOException.html>:
> >> jsse.invalid_ssl_conf
> >> at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
> >>
> >> at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
> >>
> >> at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
> >>
> >> at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> >> at
> >org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
> >> at
> >org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
> >>
> >> at
> >>
>
> >org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
> >>
> >> at
> >>
>
> >org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
> >>
> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Question: Tomcat SSL configuration issue
Posted by Felix Schumacher <fe...@internetallee.de>.
Sammaiah Kyatham <sa...@googlemail.com> schrieb:
>Hello,
>
Your keystore has no private key.
The output of keytool below shows only a certificate.
You can use keytool -importkeystore to import key and certificate at the same time.
Regards
Felix
>Could you help me on this issue. I spent many hours with the various
>options
>> and couldn’t resolve.
>>
>>
>>
>> I have configured the server.xml as per the tomcat configuration,
>however
>> I’m getting below errors.
>>
>>
>>
>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>> keystoreFile="C:\Program Files\Java\jre6\bin\hakioskcheckin2_key"
>> keystorePass="PrivatePWD" keyAlias="tomcat" maxThreads="150"
>scheme="https"
>> secure="true" clientAuth="false" sslProtocol="TLS" />
>>
>>
>>
>> The exception in Catelina log:
>>
>>
>>
>> Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init
>>
>> SEVERE: Error initializing endpoint
>>
>> java.io.IOException: Alias name tomcat does not identify a key entry
>>
>> at
>>
>org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546)
>>
>> at
>>
>org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
>>
>> at
>>
>org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
>>
>> at
>> org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
>>
>> at
>> org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
>>
>> at
>>
>org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
>>
>> at
>>
>org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
>>
>> at
>>
>org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
>>
>> at
>> org.apache.catalina.startup.Catalina.load(Catalina.java:538)
>>
>> at
>> org.apache.catalina.startup.Catalina.load(Catalina.java:562)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>Method)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
>Source)
>>
>> at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>> Source)
>>
>>
>>
>>
>>
>> When list the key using keytool, It lists alias tomcat as
>>
>> keytool -list -keystore hakioskcheckin2_key -storepass XXXXXX
>> Keystore type: JKS
>> Keystore provider: SUN
>>
>> Your keystore contains 1 entry
>>
>> tomcat, Jul 26, 2011, trustedCertEntry,
>> Certificate fingerprint (MD5): -removed intentionally-
>>
>>
>>
>> *If I remove alias from server.xml then following exception is
>throwing*
>>
>>
>java.io.IOException<http://download.oracle.com/javase/6/docs/api/java/io/IOException.html>:
>> jsse.invalid_ssl_conf
>> at
>>
>org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
>>
>> at
>>
>org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
>>
>> at
>>
>org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
>>
>> at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
>> at
>org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
>> at
>org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
>>
>> at
>>
>org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
>>
>> at
>>
>org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
>>
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org