Hi, I am trying to use the same keystore file that I am successfully using in conjunction with my Tomcat server also with the Apache Derby Network Server. However while the keystore works fine with Tomcat, Derby doesn't like it and throws the error 'No available certificate or key corresponds to the SSL cipher suites which are enabled' when trying to start-up the server.
The keystore contains one keypair only. Below is the output of a keytool -v -list. As long as I am using keytool to generate my keystore with a self-signed certificate the server starts up using SSL as expected. However, when trying to use a certificate signed by a CA - and as I am only doing this in a test environment on my LAN I am acting as the CA - then I can only get Tomcat to accept my keystore. Here the keystore content: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: thmb Creation date: Dec 11, 2010 Entry type: PrivateKeyEntry Certificate chain length: 2 Certificate[1]: Owner: [email protected], CN=THMB, OU=IT, O=x, L=x, ST=x, C=DE Issuer: [email protected], CN=THMB CA, OU=IT, O=x, L=x, ST=x, C=DE Serial number: 1 Valid from: Sat Dec 11 12:50:08 CET 2010 until: Sun Dec 11 12:50:08 CET 2011 Certificate fingerprints: MD5: A8:27:6E:B4:81:E0:6B:23:B4:A7:4C:13:4B:16:80:EC SHA1: B9:9F:2B:CA:03:40:00:A0:4B:03:A0:CD:E7:E7:8F:61:9D:B9:26:42 Signature algorithm name: SHA1withRSA Version: 3 Certificate[2]: Owner: [email protected], CN=THMB CA, OU=IT, O=x, L=x, ST=x, C=DE Issuer: [email protected], CN=THMB CA, OU=IT, O=x, L=x, ST=x, C=DE Serial number: 95e743a14724966f Valid from: Sat Dec 11 12:44:17 CET 2010 until: Tue Dec 08 12:44:17 CET 2020 Certificate fingerprints: MD5: 8D:D4:44:B6:37:EC:51:CD:25:85:E8:F1:0A:A9:30:2D SHA1: E7:04:DB:FC:DA:16:FE:46:88:56:C5:0B:65:D5:0F:DF:AC:0E:A1:D7 Signature algorithm name: SHA1withRSA Version: 3 Any help would be greatly appreciated. Thanks Thomas
