CAS with signed certificate

Tue, 12 Aug 2008 09:06:27 -0700

O.K. So this is really a Tomcat issue but I can't find an answer to the problem I'm encountering and I've been following the SSL how-to on the CAS pages. I have a Tomcat5.5 set-up that functions correctly with CAS when I use a self-signed certificate. So, I'm using the right keystore at least.
I now have a server certificate that is signed by my organisation's own CA and our root CA certificate is self-signed. So I have imported the CA certificate using keytool thus (having moved the keystore file with the self-signed one in): 


keytool -import -alias root -file {path-to-CA-cert} -keystore 
/usr/share/tomcat5.5/.keystore -trustcacerts


and then imported the signed server certificate thus:


keytool -import -alias tomcat -file {path-to-CA-signed-server-cert} 
-keystore /usr/share/tomcat5.5/.keystore -trustcacerts



I then read that the CA certificate should really go in the JVM's 
cacerts file thus:



keytool -import -alias root -file {path-to-CA-cert} -keystore 
/usr/lib/jvm/java-6-sun/jre/lib/security/cacerts -trustcacerts


and that is the right Java version being used.

However, regardless of where the CA cert is I get the following error:


SEVERE: Endpoint [SSL: 
ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8443]] ignored 
exception: java.net.SocketException: SSL handshake 
errorjavax.net.ssl.SSLException: No available certificate or key 
corresponds to the SSL cipher suites which are enabled.
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: 
No available certificate or key corresponds to the SSL cipher suites 
which are enabled.
        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:114)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:408)
        at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:71)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)

        at java.lang.Thread.run(Thread.java:619)


Which is repeated loads of times until it runs out of file descriptors. 
Please can anyone see the error in what I've done with my certificates?


Thanks

--
Matthew Jones
Interactive Data Managed Solutions Ltd
-----------------------------------------------------------------------
Registered in England Company Number 3691868
Registered Office: Fitzroy House, 13-17 Epworth Street, London, EC2A 4DL
Tel: +44 (0)1242 694133 | Fax: +44 (0)1242 694109
[EMAIL PROTECTED]
http://www.interactivedata-ms.com/694133



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas






















					Reply via email to