Hey Scott, I got it working. It took me a few hours because I am installing CAS and Confluence/JIRA in different machines.
In my case I had to install the SSL certificate on the Confluence/JIRA machine also. So, in my case I had to do this: A) On the CAS server: %JAVA_HOME%\bin\keytool -delete -alias tomcat -keypass changeit %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg RSA %JAVA_HOME%\bin\keytool -export -alias tomcat -keypass changeit -file server.crt %JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts %JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit A) On the CAS client (Confluence/JIRA): (bring a copy of the file server.crt previously generated) %JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts %JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit Then it worked. Thank you so much. Kind Regards, RODRIGUEZ, Unai ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Battaglia Sent: Friday, April 27, 2007 8:00 PM To: Yale CAS mailing list Subject: Re: SSL handshake errorjavax.net.ssl.SSLException: No availablecertificate or key corresponds to the SSL cipher suites whichare enabled In general (from what I've seen) your Tomcat keystore is generally not your JVM's keystore. We generally recommend following these steps: http://www.ja-sig.org/products/cas/server/ssl/index.html <http://www.ja-sig.org/products/cas/server/ssl/index.html> -Scott On 4/27/07, Rodriguez, Unai <[EMAIL PROTECTED]> wrote: Hello, I have the following tools/systems set up: 1) CAS 3.0.5 integrated with LDAP 2) Atlassian Confluence 2.3.3 3) Atlassian Jira Enterprise 3.7.4 I am trying to implement Single-Sign-On via the CAS server. I am able to go to Confluence or Jira URL and then get redirected to CAS. I input valid username/password and then get the "Unable to validate ProxyTicketValidator" error. Let's not go deep into that because I believe the problem I am having is generating valid Tomcat security certificates. I generate the certificate following these steps: 1) /usr/lib/java/bin/keytool -delete -alias tomcat -keypass changeit 2) /usr/lib/java/bin/keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -validity 365 Enter keystore password: changeit What is your first and last name? [Unknown]: idmanager.intranet.behringer What is the name of your organizational unit? [Unknown]: idmanager.intranet.behringer What is the name of your organization? [Unknown]: idmanager.intranet.behringer What is the name of your City or Locality? [Unknown]: City What is the name of your State or Province? [Unknown]: Manila What is the two-letter country code for this unit? [Unknown]: PH 3) /usr/lib/java/bin/keytool -export -alias tomcat -keypass changeit -file server.crt 4) /usr/lib/java/bin/keytool -import -file server.crt -keypass changeit -keystore /usr/lib/java/jre/lib/security/cacerts I set up the tomcat SSL config (server.xml) like this (I added: "keystoreFile" attribute): <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" keystoreFile="/usr/lib/java/jre/lib/security/cacerts" clientAuth="false" sslProtocol="TLS" /> When I start tomcat, I get this error: Apr 27, 2007 5:59:58 PM org.apache.tomcat.util.net.PoolTcpEndpoint acceptSocket SEVERE: Endpoint [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8443]] ignored exception: java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException : No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocke tFactory.java:114) at org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint. java:408) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow erWorkerThread.java:71) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:685) at java.lang.Thread.run(Thread.java:595) Did anyone find this problem? Any comments? Are my certification generating steps wrong? Thank you so much! Kind Regards, RODRIGUEZ, Unai _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia <http://www.linkedin.com/in/scottbattaglia> _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
