the infinite loop is fixed in 6.0.18,
the system will still not start, since the JVM you're running with
doesn't support the type of cipher that you're keystore is trying to use
search http://tomcat.markmail.org for the same error, it's been answered
before
Filip
Neil B. Cohen wrote:
I'm having a problem setting up SSL with Tomcat. The situation is this:
I have a system running IBM's Netcool/Portal software. We added SSL to
the Portal a while back. I created a certificate for the machine.
However, Netcool/Portal does not create a keystore file - you simply
copy the certificate as a text file into a specific directory and it
works from there. Netcool/Portal has its own version of the JDK.
Now, on the same machine, I have installed a current JDK (v1.6) and my
own installation of Tomcat (v6.0.16). Runs just fine on port 8080.
I want to add SSL capability to the Tomcat setup so I can talk to it
using https. I created a keystore file using the certificate we
generated for Netcool, as follows:
keytool -importcert -v -trustcacerts -alias tomcat -keystore
<path_to_keystore>/keystore.kdb -file
/opt/netcool/portal/<path_to_cert>/server.crt
Then,
keytool -list -keystore ./keystore.kdb
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, Nov 20, 2008, trustedCertEntry,
Certificate fingerprint (MD5):
11:87:A8:7C:BB:55:AC:68:46:34:4F:45:7D:62:9C:AF
So I have a keystore. I set up the tomcat server.xml file:
<Connector port="7443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
keystoreFile="/usr/<path_to_keystore>/keystore.kdb"
keystorePass="<password>"
sslProtocol="TLS" />
And when I start Tomcat, I get an infinite loop in the log file that
looks like:
Nov 20, 2008 1:40:17 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Nov 20, 2008 1:40:17 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-7443
Nov 20, 2008 1:40:17 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 886 ms
Nov 20, 2008 1:40:17 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Nov 20, 2008 1:40:17 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.16
Nov 20, 2008 1:40:18 PM com.sun.faces.config.ConfigureListener
contextInitialize
d
INFO: Initializing Sun's JavaServer Faces implementation
(1.2_04-b20-p03) for co
ntext '/NCAdmin'
Nov 20, 2008 1:40:20 PM org.apache.catalina.core.StandardContext
addApplicationL
istener
INFO: The listener "listeners.ContextListener" is already configured
for this co
ntext. The duplicate definition has been ignored.
Nov 20, 2008 1:40:20 PM org.apache.catalina.core.StandardContext
addApplicationL
istener
INFO: The listener "listeners.SessionListener" is already configured
for this co
ntext. The duplicate definition has been ignored.
Nov 20, 2008 1:40:20 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Nov 20, 2008 1:40:20 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-7443
Nov 20, 2008 1:40:20 PM
org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No avai
lable certificate or key corresponds to the SSL cipher suites which
are enabled.
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo
cketFactory.java:150)
at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:
310)
at java.lang.Thread.run(Thread.java:619)
Nov 20, 2008 1:40:20 PM
org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No avai
lable certificate or key corresponds to the SSL cipher suites which
are enabled.
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo
cketFactory.java:150)
at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:
310)
at java.lang.Thread.run(Thread.java:619)
Nov 20, 2008 1:40:20 PM
org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No avai
lable certificate or key corresponds to the SSL cipher suites which
are enabled.
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo
cketFactory.java:150)
at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:
310)
at java.lang.Thread.run(Thread.java:619)
Nov 20, 2008 1:40:20 PM
org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
I'm not an SSL expert, so I'm not sure where to look. Am I missing an
intermediate certificate somewhere? Or have I
configured the keystore incorrectly? I'd appreciate any pointers or
suggestions for
getting this running.
Thanks very much,
nbc
NAME: Neil B. Cohen (Verisign Inc.)
PHONE: 703-948-4471
DOMAIN: [EMAIL PROTECTED]
*************************************************************
* Murphy's Philosophy: Smile - tomorrow will be worse... *
* *
* O'Tooles Commentary: Murphy was an optimist! *
*************************************************************
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]