Thanks for your response. I tried configuration you suggested but didn't see any difference in the output.
Just to add to the original problem statement, I don't see any issue when using "CN=localhost" in the Certificate generation. While I see the below mentioned issues when I use "CN=<hostname>". Renu Kumar -----Original Message----- From: zhongliang zhang [mailto:[EMAIL PROTECTED] Sent: Tuesday, 30 October 2007 11:34 AM To: Tomcat Users List Subject: RE: Keytool: SSL Certification Issue Maybe you should try the following fragment: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="changeit" keystoreFile=" "c:/Documents and Settings/rensetty/.keystore" " truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts" truststorePass="yourPassword"/> By default the truststorePass of cacerts is changeit,while the keystorepass is customized by yourself. Also,you need to configure some external info in the web.xml of Tomcat or your own application I think. like <security-constraint> <web-resource-collection> <web-resource-name>app</web-resource-name> <url-pattern>/pages/*</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>app</web-resource-name> <url-pattern>/index.html</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <!-- Authorization setting for SSL --> <login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert</realm-name> </login-config> BR. > Subject: Keytool: SSL Certification Issue> Date: Tue, 30 Oct 2007 13:50:06 > +0800> From: [EMAIL PROTECTED]> To: users@tomcat.apache.org> > Hi,> > > > I > am facing SSL certificate issue in my Tomcat Environment. I have created > local SSL Server certificate to be authenticated by the certificate imported > from Thawte Certificate Authority. > > With the following Connector entry in > server.xml,> > > > <Connector port="8443" protocol="HTTP/1.1" > SSLEnabled="true"> > maxThreads="150" scheme="https" secure="true"> > > clientAuth="false" sslProtocol="TLS" > > keystorePass="changeit"> > > keystoreFile=" "c:/Documents and Settings/rensetty/.keystore" "> > > truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts"/>> > > > I am seeing > the following error repeatedly on my console:> > > > *********START > ******************************> The following is my SSL configuration I have > enabled SSL for user authentication. I have is SSL configured. I gWhen I try > to authenticate communicate to t he I get the following error when to issue when I try to connect to> > > > 2007-10-29 09:16:44,217 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule - first pass> > 2007-10-29 09:16:44,233 INFO [org.apache.coyote.http11.Http11Protocol] Starting Coyote HTTP/1.1 on http-8443> > 2007-10-29 09:16:44,249 ERROR [org.apache.tomcat.util.net.JIoEndpoint] Socket accept failed> > java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.> > at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)> > at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)> > at java.lang.Thread.run(Thread.java:595)> > 2007-10-29 09:16:44,280 INFO [org.apache.coyote.ajp.AjpProtocol] Starting Coyote AJP/1.3 on ajp-AGILENT-7B2231B%2F146.208.145.86-8009> > > > ******** END ***** *********************************************************************> > > > > > However with keyAlis (keyAlias="root") included in the Connector Entry I see a different error. I saw a couple of similar queries in the mailing lists but didn't help address these errors. Any help on this is highly appreciated.> > > > > > ******START **********************************> > 2007-10-29 13:54:52,449 ERROR [org.apache.coyote.http11.Http11Protocol] Error starting endpoint> > java.io.IOException: Alias name root does not identify a key entry> > at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:412)> > at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:378)> > at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:125)> > at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:496)> > at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:515)> > at org.apache.coyot e.http11.Http11Protocol.start(Http11Protocol.java:203)> > at org.apache.catalina.connector.Connector.start(Connector.java:1132)> > at org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:584)> > at org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:621)> > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)> > at java.lang.reflect.Method.invoke(Method.java:585)> > at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)> > at $Proxy47.handleNotification(Unknown Source)> > at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)> > at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)> > at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916)> > at org .jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)> > at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)> > at org.jboss.Main.boot(Main.java:200)> > at org.jboss.Main$1.run(Main.java:508)> > at java.lang.Thread.run(Thread.java:595)> > 2007-10-29 13:54:52,465 WARN [org.jboss.web.tomcat.service.JBossWeb] Failed to startConnectors> > > > *****END ******************************************************************> > > > > > ******** keytool -v -list ******************************************> > Enter keystore password: changeit> > > > Keystore type: jks> > Keystore provider: SUN> > > > Your keystore contains 2 entries> > > > Alias name: root> > Creation date: 29/10/2007> > Entry type: trustedCertEntry> > > > Owner: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn> > own, C=Unknown> > Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FO> > R TESTING PURPOSES ONLY, C=ZA> > Serial number: 40c098072bee02b45 2d3a2b2ee03a399> > Valid from: Mon Oct 29 17:27:26 GMT+05:30 2007 until: Mon Nov 19 17:27:26 GMT+05> > :30 2007> > Certificate fingerprints:> > MD5: F3:5C:C7:50:AD:DC:74:1E:7D:CF:84:10:02:A4:36:7B> > SHA1: 2E:92:2D:A3:51:E7:22:CA:A8:D9:93:FC:F0:78:1E:7A:7C:A0:9F:3F> > *******************************************> > *******************************************> > Alias name: jboss> > Creation date: 29/10/2007> > Entry type: trustedCertEntry> > > > Owner: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unkn> > own, C=Unknown> > Issuer: CN=AGILENT-7B2231B.agilent.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unk> > nown, C=Unknown> > Serial number: 4725cab8> > Valid from: Mon Oct 29 17:27:44 GMT+05:30 2007 until: Sun Jan 27 17:27:44 GMT+05> > :30 2008> > Certificate fingerprints:> > MD5: 20:E9:89:66:B0:FF:06:20:9A:EE:0C:05:E2:6D:B6:B7> > SHA1: 6E:ED:3F:AF:46:CF:B9:02:64:E9:A2:23:24:C3:CC:8F:B6:58:53:FB> > > > ******* keytool -v -list ***************************** ******************> > > > > > Thanks in advance,> > > > Renu Kumar> _________________________________________________________________ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
