Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Gabriel, On 28.10.2012 3:48, Gabriel Huerta Araujo wrote: 5.- When I open IE with http://mydomain.com:8080/ or https://mydomain.com:8443/ appears or : IE can not show web page. It seems that your hosts file is not properly configured. 1. Make sure you are editing %SystemRoot%\system32\drivers\etc\hosts (e.g. C:\Windows\System32\drivers\etc\hosts) 2. Make sure that your changes are actually saved. Show us the complete content of your hosts file. 3. Just in case, flush your DNS cache. Execute these two commands from command prompt: ipconfig /flushdns nbtstat -R 4. Test your namespace reolution with this command form command prompt: ping mydomain.com It should output something like this: C:\ping mydomain.com Pinging mydomain.com [192.168.1.254] with 32 bytes of data: Reply from 192.168.1.254: bytes=32 time1ms TTL=128 Reply from 192.168.1.254: bytes=32 time1ms TTL=128 Reply from 192.168.1.254: bytes=32 time1ms TTL=128 Reply from 192.168.1.254: bytes=32 time1ms TTL=128 Ping statistics for 192.168.1.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Hi Ognjen: I have my configuration as you have stated. I have followed steps indicated for below link: http://www.youtube.com/watch?v=2P0bJDKQHpcfeature=related I have tested with Mozilla and it works perfectly. Thanks a lot all of you for your patience and effort, I appreciate that. Regards. - Original Message - From: Ognjen Blagojevic ognjen.d.blagoje...@gmail.com To: users@tomcat.apache.org Sent: Monday, October 29, 2012 2:48:09 AM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) Gabriel, On 28.10.2012 3:48, Gabriel Huerta Araujo wrote: 5.- When I open IE with http://mydomain.com:8080/ or https://mydomain.com:8443/ appears or : IE can not show web page. It seems that your hosts file is not properly configured. 1. Make sure you are editing %SystemRoot%\system32\drivers\etc\hosts (e.g. C:\Windows\System32\drivers\etc\hosts) 2. Make sure that your changes are actually saved. Show us the complete content of your hosts file. 3. Just in case, flush your DNS cache. Execute these two commands from command prompt: ipconfig /flushdns nbtstat -R 4. Test your namespace reolution with this command form command prompt: ping mydomain.com It should output something like this: C:\ping mydomain.com Pinging mydomain.com [192.168.1.254] with 32 bytes of data: Reply from 192.168.1.254: bytes=32 time1ms TTL=128 Reply from 192.168.1.254: bytes=32 time1ms TTL=128 Reply from 192.168.1.254: bytes=32 time1ms TTL=128 Reply from 192.168.1.254: bytes=32 time1ms TTL=128 Ping statistics for 192.168.1.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
I have reached IE accepts my certificate as a valid certificate but when I open IE with link https://localhost:8443/ appears below message: There is a problem with the security certificate for this site Go to this website (not recommended). When I clicked on this message (Go to this website (not recommended), it is showed Tomcat page but in the IE's toolbar indicates Certificate Error with red color. My question here is how do I disappear this annoying indication?. Regards - Original Message - From: Igor Cicimov icici...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, October 26, 2012 7:43:05 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) On 27/10/2012 11:22 AM, Gabriel Huerta Araujo huert...@hildebrando.com wrote: Is it enough with putting a line into this file like this?: 192.168.30.73 logangha Where 192.168.30.73 is my IP 192.168.30.73 logangha THE-DOMAIN-NAME-FROM-THE-CERTIFICATE This should work.eg: 192.168.30.73 logangha mydomai.com And access with: http://mydomain.com - Original Message - From: Gabriel Huerta Araujo huert...@hildebrando.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, October 26, 2012 7:15:26 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/(Tomcat 7.0 on Windows 7) This is my hosts file's content: 10.254.5.1 sigcbd01#10.192.19.1 sigc 10.254.4.63 sdswbd01#10.192.17.66sadigeo 10.254.2.248nsisba01 None of these IP's is my domain. How do I configure dns resolution for such name on my computer to point to the ip of my laptop? As I am testing I am using my laptop with Windows 7 installed. Regards. - Original Message - From: Igor Cicimov icici...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, October 26, 2012 6:21:49 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/(Tomcat 7.0 on Windows 7) On 27/10/2012 10:09 AM, Gabriel Huerta Araujo huert...@hildebrando.com wrote: I used logangha(which is my computer name) instead of localhost but again I had to click the Information bar to display the content (not recommended). So you got the cert for logangha??? Again, you should match the name of the domain you got the certificate for not the server name. Meaning you need dns resolution for that name on your server or local network to point to the ip of the server. Thats easy done in linux by editing the /etc/hosts file, not sure about windows. Google is your friend i think there should be simmilar file too. Regards. - Original Message - From: Igor Cicimov icici...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, October 26, 2012 5:41:59 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/(Tomcat 7.0 on Windows 7) On 27/10/2012 9:37 AM, Gabriel Huerta Araujo huert...@hildebrando.com wrote: I have followed below steps: 1.- Erase keytore keytool -delete -keystore .keystore -storepass x_men_gha 2.- List to verify if it has been deleted. keytool -list -storepass x_men_gha Tipo de almacÚn de claves: JKS Proveedor de almacÚn de claves: SUN Su almacÚn de claves contiene 0 entradas 3.- Create as stated: keytool -genkey -alias tomcat -keyalg RSA Escriba la contrase±a del almacÚn de claves: La contrase±a del almacÚn de claves es demasiado corta, debe tener al menos 6 ca racteres Escriba la contrase±a del almacÚn de claves: ┐Cußles son su nombre y su apellido? [Unknown]: Gabriel Huerta ┐Cußl es el nombre de su unidad de organizaci¾n? [Unknown]: Desarrollo ┐Cußl es el nombre de su organizaci¾n? [Unknown]: Hildebrando ┐Cußl es el nombre de su ciudad o localidad? [Unknown]: Queretaro ┐Cußl es el nombre de su estado o provincia? [Unknown]: Santiago ┐Cußl es el c¾digo de paÝs de dos letras de la unidad? [Unknown]: MX ┐Es correcto CN=Gabriel Huerta, OU=Desarrollo, O=Hildebrando, L=Queretaro, ST=Sa ntiago, C=MX? [no]: y Escriba la contrase±a clave para tomcat (INTRO si es la misma contrase±a que la del almacÚn de claves): 4.- List to verify it: C:\Users\Gabriel Huertakeytool -list Escriba la contrase±a del almacÚn de claves: Tipo de almacÚn de claves: JKS Proveedor de almacÚn de claves: SUN Su almacÚn de claves contiene entrada 1 tomcat, 26/10/2012, PrivateKeyEntry, Huella digital de certificado (MD5): 00:37:8B:7F:F1:A4:B6:EE:8F:00:69:95:0A:A8:AD:14 5.- Import certificate as stated for Tomcat documentation: For Verisign.com trial certificates go to: http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html Once there I followed instructions where says Click here to go to the Installation
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Gabriel Huerta Araujo wrote: ... GRAVE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: La configuración SSL no es válida debido a No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:822) ... Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255) Hola. I'm not a specialist of SSL, but what the messages above are saying is that there is a mistmatch between the encryption/decryption methods that are available to the selected HTTPS Connector, and the one you used to create your certificate, with the result that the Connector cannot read the certificate. (Example : you encrypted your certificate using method A, but the Connector by default can only decrypt things using methods B, C or D). Or something of the kind. Therefor, the Connector does not start. Therefor, Tomcat is not listening on that port (8443). Therefor, when you try to connect to that port with IE, IE tells you that the server rejects a connection to that port. Unless I am mistaken, the connector you are using uses the Java-VM-provided SSL mechanisms. I would imagine that the Java JVM provides some encryption schemes by default, and some others optionally. There must be a parameter somewhere to enable/disable some of these schemes. It's more of a Java thing, but there may be a mention of this somewhere in the online Tomcat docs. Look for terms like DES, SHA*, Blowfish,.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 5:42 PM, Gabriel Huerta Araujo wrote: Sorry I forgot to include what below command generates: openssl c_client -connect host:8443 Oops. That should have been s_client, but you already figured that out: I had to run it as: openssl s_client -connect host:8443 And this is what generates: gethostbyname failure connect:errno=1 What happens if you use the actual hostname of the server you are trying to contact? It probably can't connect because of connection refused (see other reply). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCKox0ACgkQ9CaO5/Lv0PCBjACePY9FW4XrWJ04o6vJzp/zqgVc ihAAoJ1peCXB+aAmaUHSrlQZZYdBjQo5 =RSR9 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 5:32 PM, Gabriel Huerta Araujo wrote: My web.xml's connector section originally was: Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false maxThreads=25 port=8443 keystoreFile=${user.home}/.keystore keystorePass=my_key_pass protocol=org.apache.coyote.http11.Http11NioProtocol scheme=https secure=true sslProtocol=TLS / and I had to replace for this (because I wanted to know at least one message error, this way I could do something else): Connector port=8443 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=${user.home}/.keystore keystorePassmy_key_pass clientAuth=false sslProtocol=TLS/ So that's pretty much identical as far as SSL configuration goes. Below it is whar Tomcat reports: 25/10/2012 04:23:20 PM org.apache.catalina.core.AprLifecycleListener init INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program Files (x86)\Liquid Technologies\Liquid XML Studio 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. Okay, no APR. That's good, since you have a JSSE certificate configuration. 25/10/2012 04:23:20 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8443] 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init GRAVE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: La configuración SSL no es válida debido a No available certificate or key corresponds to the SSL cipher suites which are enabled. So either you have failed to configure a set of cipher suites that are compatible with the JRE or the certificate (not likely, since you have accepted the default) or your certificate can't be loaded. Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:818) ... 20 more It's odd that the cipher suite check is failing instead of something earlier. Are you sure that your keystore can be found under ${user.home}/.keystore? Are you sure that the password is correct? (I would have expected a different kind of error if something were wrong with that configuration, but it's worth double-checking). You might have to set the keyAlias attribute in your Connector, otherwise it will choose the first key read in the keystore as your certificate. As your keystore contains these entries: Su almacen de claves contiene 2 entradas root, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 ...Tomcat may be choosing the first certificate when you really want it to choose the second one. Try this: Connector . keyAlias=tomcat / See if that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCKpMkACgkQ9CaO5/Lv0PAvoQCgv1u4W7wXxlkKgYW+Rd6HHxEu jW4An1iotoQTNxXuVzlxM/+w99PbuyFm =BjW8 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Hi Christopher I do not understand what you mean with other reply, but I tried openssl s_client -host logangha -port 8443 connect: Connection refused connect:errno=111 Also I tried openssl s_client -connect logangha:8443 And generates same output: connect: Connection refused connect:errno=111 - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Friday, October 26, 2012 9:50:05 AM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 5:42 PM, Gabriel Huerta Araujo wrote: Sorry I forgot to include what below command generates: openssl c_client -connect host:8443 Oops. That should have been s_client, but you already figured that out: I had to run it as: openssl s_client -connect host:8443 And this is what generates: gethostbyname failure connect:errno=1 What happens if you use the actual hostname of the server you are trying to contact? It probably can't connect because of connection refused (see other reply). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCKox0ACgkQ9CaO5/Lv0PCBjACePY9FW4XrWJ04o6vJzp/zqgVc ihAAoJ1peCXB+aAmaUHSrlQZZYdBjQo5 =RSR9 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
(not recommended). When I clicked on this message (Go to this website (not recommended), it is showed Tomcat page but in the IE's toolbar indicates Certificate Error. My question here is how do I disappear this annoying indication?. Regards - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Friday, October 26, 2012 2:29:28 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/26/12 11:57 AM, Gabriel Huerta Araujo wrote: Regarding password I run keytool indicating my password which is the same as the indicated in my connector section: keytool -list -keystore .keystore -storepass x_men_gha Tipo de almacén de claves: JKS Proveedor de almacén de claves: SUN Su almacén de claves contiene 2 entradas root, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 I don't usually use keystores... do the root and tomcat strings in there indicate the alias for each entry? Hmm... when I create a keystore like this: $ keytool -genkey -alias tomcat -keyalg RSA $ keytool -list Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Oct 26, 2012, PrivateKeyEntry, Certificate fingerprint (SHA1): C1:8A:4F:EF:80:AB:41:8E:10:B4:98:6B:C4:EE:58:7E:7A:F2:8C:A8 Note the PrivateKeyEntry in there: you need to have the certificate's private key available in order to unlock the certificate. Can you try re-creating your keystore and posting all the commands you use? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCK5JgACgkQ9CaO5/Lv0PB43gCgusGt82p+037mjGlwk0UsFtQ9 cBoAmwZrEYkIXxNjW7MF/Mqk9raXdhyB =9CMe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
://localhost:8443/ appears below message: There is a problem with the security certificate for this site Go to this website (not recommended). When I clicked on this message (Go to this website (not recommended), it is showed Tomcat page but in the IE's toolbar indicates Certificate Error. My question here is how do I disappear this annoying indication?. Use the server name you got the certificate for in the link instead of localhost. Regards - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Friday, October 26, 2012 2:29:28 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/(Tomcat 7.0 on Windows 7) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/26/12 11:57 AM, Gabriel Huerta Araujo wrote: Regarding password I run keytool indicating my password which is the same as the indicated in my connector section: keytool -list -keystore .keystore -storepass x_men_gha Tipo de almacén de claves: JKS Proveedor de almacén de claves: SUN Su almacén de claves contiene 2 entradas root, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 I don't usually use keystores... do the root and tomcat strings in there indicate the alias for each entry? Hmm... when I create a keystore like this: $ keytool -genkey -alias tomcat -keyalg RSA $ keytool -list Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Oct 26, 2012, PrivateKeyEntry, Certificate fingerprint (SHA1): C1:8A:4F:EF:80:AB:41:8E:10:B4:98:6B:C4:EE:58:7E:7A:F2:8C:A8 Note the PrivateKeyEntry in there: you need to have the certificate's private key available in order to unlock the certificate. Can you try re-creating your keystore and posting all the commands you use? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCK5JgACgkQ9CaO5/Lv0PB43gCgusGt82p+037mjGlwk0UsFtQ9 cBoAmwZrEYkIXxNjW7MF/Mqk9raXdhyB =9CMe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
This is my hosts file's content: 10.254.5.1 sigcbd01#10.192.19.1 sigc 10.254.4.63 sdswbd01#10.192.17.66sadigeo 10.254.2.248nsisba01 None of these IP's is my domain. How do I configure dns resolution for such name on my computer to point to the ip of my laptop? As I am testing I am using my laptop with Windows 7 installed. Regards. - Original Message - From: Igor Cicimov icici...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, October 26, 2012 6:21:49 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) On 27/10/2012 10:09 AM, Gabriel Huerta Araujo huert...@hildebrando.com wrote: I used logangha(which is my computer name) instead of localhost but again I had to click the Information bar to display the content (not recommended). So you got the cert for logangha??? Again, you should match the name of the domain you got the certificate for not the server name. Meaning you need dns resolution for that name on your server or local network to point to the ip of the server. Thats easy done in linux by editing the /etc/hosts file, not sure about windows. Google is your friend i think there should be simmilar file too. Regards. - Original Message - From: Igor Cicimov icici...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, October 26, 2012 5:41:59 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/(Tomcat 7.0 on Windows 7) On 27/10/2012 9:37 AM, Gabriel Huerta Araujo huert...@hildebrando.com wrote: I have followed below steps: 1.- Erase keytore keytool -delete -keystore .keystore -storepass x_men_gha 2.- List to verify if it has been deleted. keytool -list -storepass x_men_gha Tipo de almacÚn de claves: JKS Proveedor de almacÚn de claves: SUN Su almacÚn de claves contiene 0 entradas 3.- Create as stated: keytool -genkey -alias tomcat -keyalg RSA Escriba la contrase±a del almacÚn de claves: La contrase±a del almacÚn de claves es demasiado corta, debe tener al menos 6 ca racteres Escriba la contrase±a del almacÚn de claves: ┐Cußles son su nombre y su apellido? [Unknown]: Gabriel Huerta ┐Cußl es el nombre de su unidad de organizaci¾n? [Unknown]: Desarrollo ┐Cußl es el nombre de su organizaci¾n? [Unknown]: Hildebrando ┐Cußl es el nombre de su ciudad o localidad? [Unknown]: Queretaro ┐Cußl es el nombre de su estado o provincia? [Unknown]: Santiago ┐Cußl es el c¾digo de paÝs de dos letras de la unidad? [Unknown]: MX ┐Es correcto CN=Gabriel Huerta, OU=Desarrollo, O=Hildebrando, L=Queretaro, ST=Sa ntiago, C=MX? [no]: y Escriba la contrase±a clave para tomcat (INTRO si es la misma contrase±a que la del almacÚn de claves): 4.- List to verify it: C:\Users\Gabriel Huertakeytool -list Escriba la contrase±a del almacÚn de claves: Tipo de almacÚn de claves: JKS Proveedor de almacÚn de claves: SUN Su almacÚn de claves contiene entrada 1 tomcat, 26/10/2012, PrivateKeyEntry, Huella digital de certificado (MD5): 00:37:8B:7F:F1:A4:B6:EE:8F:00:69:95:0A:A8:AD:14 5.- Import certificate as stated for Tomcat documentation: For Verisign.com trial certificates go to: http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html Once there I followed instructions where says Click here to go to the Installation Instructions, basically I copied below message and pasted it into a file named certif.cer: -BEGIN CERTIFICATE- MIIEVzCCAz+gAwIBAgIQFoFkpCjKEt+rEvGfsbk1VDANBgkqhkiG9w0BAQUFADCB jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQSAtIEcyMB4X DTA5MDQwMTAwMDAwMFoXDTI5MDMzMTIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9yIFRlc3QgUHVycG9z ZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylWZXJpU2lnbiBUcmlh bCBTZWN1cmUgU2VydmVyIFJvb3QgQ0EgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMCJggWnSVAcIomnvCFhXlCdgafCKCDxVSNQY2jhYGZXcZsq ToJmDQ7b9JO39VCPnXELOENP2+4FNCUQnzarLfghsJ8kQ9pxjRTfcMp0bsH+Gk/1 qLDgvf9WuiBa5SM/jXNvroEQZwPuMZg4r2E2k0412VTq9ColODYNDZw3ziiYdSjV fY3VfbsLSXJIh2jaJC5kVRsUsx72s4/wgGXbb+P/XKr15nMIB0yH9A5tiCCXQ5nO EV7/ddZqmL3zdeAtyGmijOxjwiy+GS6xr7KACfbPEJYZYaS/P0wctIOyQy6CkNKL o5vDDkOZks0zjf6RAzNXZndvsXEJpQe5WO1avm8CAwEAAaOBsjCBrzAPBgNVHRMB Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkw VzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZ LjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E FgQUSBnnkm+SnTRjmcDwmcjWpYyMf2UwDQYJKoZIhvcNAQEFBQADggEBADuswa8C 0hunHp17KJQ0WwNRQCp8f/u4L8Hz/TiGfybnaMXgn0sKI8Xe79iGE91M7vrzh0Gt ap0GLShkiqHGsHkIxBcVMFbEQ1VS63XhTeg36cWQ1EjOHmu+8tQe0oZuwFsYYdfs n4EZcpspiep9LFc
Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
I have followed your procedure which has been stated on http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html to use SSL or https with JSSE implementation. Below is configuration for my server.xml Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false maxThreads=25 port=8443 keystoreFile=${user.home}/.keystore keystorePass=my_password protocol=org.apache.coyote.http11.Http11NioProtocol scheme=https secure=true sslProtocol=TLS / where my_password for obvious reasons I do not provide to you. As a matter of fact, I have generated two trusted certificate entries with keytool: keytool -list -keystore .keystore Escriba la contrase±a del almacÚn de claves: Tipo de almacen de claves: JKS Proveedor de almacen de claves: SUN Su almacen de claves contiene 2 entradas root, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 But when I put https://localhost:8443/ on my explorer page, this crashes (tomcat server is running). Any idea what is the problem? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Hi Christopher: What I tried to mean is that Internet explorer fails. I have attached image file with the error generated(Internet Explorer error.gif). By the way below is what Tomcat generates as log, once I started Tomcat and after executing https://localhost:8443/ on my Internet Explorer: 25/10/2012 12:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program Files (x86)\Liquid Technologies\Liquid XML Studio 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector INFO: Using a shared selector for servlet write/read 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 679 ms 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardService startInternal INFO: Arrancando servicio Catalina 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.32 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 488 ms Regards. - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 25, 2012 11:21:15 AM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 10:35 AM, Gabriel Huerta Araujo wrote: I have followed your procedure which has been stated on http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html to use SSL or https with JSSE implementation. Below is configuration for my server.xml Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false maxThreads=25 port=8443 keystoreFile=${user.home}/.keystore keystorePass=my_password protocol=org.apache.coyote.http11.Http11NioProtocol scheme=https secure=true sslProtocol=TLS / where my_password for obvious reasons I do not provide to you. As a matter of fact, I have generated two trusted certificate entries with keytool: keytool -list -keystore .keystore Escriba la contrase±a del almacÚn de claves: Tipo de almacen de claves: JKS Proveedor de almacen de claves: SUN Su almacen de claves contiene 2 entradas root, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 But when I put https://localhost:8443/ on my explorer page, this crashes (tomcat server is running). What do you mean this crashes? Please be specific. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using
RE: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Gabriel unless you are using a cert from entrust, verisign or thawte you cannot generate a certificate which will be trusted as a CA level cert by all versions for all supported browsers Buena Suerte, Martin __ Porfavor..no altere ni interruptir esta communicacion..Gracias Date: Thu, 25 Oct 2012 12:02:22 -0500 From: huert...@hildebrando.com To: users@tomcat.apache.org Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) Hi Christopher: What I tried to mean is that Internet explorer fails. I have attached image file with the error generated(Internet Explorer error.gif). By the way below is what Tomcat generates as log, once I started Tomcat and after executing https://localhost:8443/ on my Internet Explorer: 25/10/2012 12:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program Files (x86)\Liquid Technologies\Liquid XML Studio 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector INFO: Using a shared selector for servlet write/read 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 679 ms 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardService startInternal INFO: Arrancando servicio Catalina 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.32 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 488 ms Regards. - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 25, 2012 11:21:15 AM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 10:35 AM, Gabriel Huerta Araujo wrote: I have followed your procedure which has been stated on http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html to use SSL or https with JSSE implementation. Below is configuration for my server.xml Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false maxThreads=25 port=8443 keystoreFile=${user.home}/.keystore keystorePass=my_password protocol=org.apache.coyote.http11.Http11NioProtocol scheme=https secure=true sslProtocol=TLS / where my_password for obvious reasons I do not provide to you. As a matter of fact, I have generated two trusted certificate entries with keytool: keytool -list -keystore .keystore Escriba la contrase±a del almacÚn de claves: Tipo de almacen de claves: JKS Proveedor de almacen de claves: SUN Su almacen de claves contiene 2 entradas root
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Ok Martin: You are right I am using a certificate generated for getacert (http://getacert.com/signacert.html). Even though Tomcat tells me to purchase a certificate from those places you mention, is there any way to get this certificate free? As a matter of fact I am just testing how to use htpps connection with Tomcat (an open source product). Regards. - Original Message - From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 25, 2012 12:27:31 PM Subject: RE: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) Gabriel unless you are using a cert from entrust, verisign or thawte you cannot generate a certificate which will be trusted as a CA level cert by all versions for all supported browsers Buena Suerte, Martin __ Porfavor..no altere ni interruptir esta communicacion..Gracias Date: Thu, 25 Oct 2012 12:02:22 -0500 From: huert...@hildebrando.com To: users@tomcat.apache.org Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) Hi Christopher: What I tried to mean is that Internet explorer fails. I have attached image file with the error generated(Internet Explorer error.gif). By the way below is what Tomcat generates as log, once I started Tomcat and after executing https://localhost:8443/ on my Internet Explorer: 25/10/2012 12:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program Files (x86)\Liquid Technologies\Liquid XML Studio 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector INFO: Using a shared selector for servlet write/read 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 679 ms 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardService startInternal INFO: Arrancando servicio Catalina 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.32 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 488 ms Regards. - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 25, 2012 11:21:15 AM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 10:35 AM, Gabriel Huerta Araujo wrote: I have followed your procedure which has been stated on http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html to use SSL or https with JSSE implementation. Below is configuration for my server.xml Connector SSLEnabled
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 1:02 PM, Gabriel Huerta Araujo wrote: What I tried to mean is that Internet explorer fails. That's not terribly specific. Seg fault? BSOD? Blank screen? I have attached image file with the error generated(Internet Explorer error.gif). This list strips most attachments. Try your best to describe what you see. Consider posting the text of any error messages that you see. By the way below is what Tomcat generates as log, once I started Tomcat and after executing https://localhost:8443/ on my Internet Explorer: 25/10/2012 12:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program Files (x86)\Liquid Technologies\Liquid XML Studio 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector INFO: Using a shared selector for servlet write/read 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 679 ms 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardService startInternal INFO: Arrancando servicio Catalina 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.32 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 488 ms That all looks good to me. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCJezIACgkQ9CaO5/Lv0PCFnACeO5qVLrZFYBX7ZCi9NwnXxQDJ 94AAnjGVQMkAblNo4UhDLn4IgzBgN/r5 =Nrmj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 1:43 PM, Gabriel Huerta Araujo wrote: Even though Tomcat tells me to purchase a certificate from those places you mention, is there any way to get this certificate free? Most CAs will issue you a free 30-day certificate to make sure that everything is going to work. If you want a long-term cert, you may as well just buy one because the process is such a pain in the neck: it's going to work. As a matter of fact I am just testing how to use htpps connection with Tomcat (an open source product). If you just need an SSL connection, then there is no reason you couldn't use a self-signed certificate. The only problem is that your web browser is going to complain. Most web browsers have an option to accept the certificate permanently so you don't get security warnings all the time. If you want a free, well-recognized certificate, I can recommend StartSSL: https://www.startssl.com/ After you validate that you control a domain (via email), you can create 1-year basic certificates entirely for free. Here's their comparison chart which includes their rate card and browser/OS support: https://www.startssl.com/?app=40 All major OSs and browsers currently support StartSSL, though, unfortunately, Java does not: you'll have to import their CA and intermediate certificates into a local trust store if you want to use a Java client with these certificates. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCJfIoACgkQ9CaO5/Lv0PD68wCgmZfuZIHr0CU65k8mbZXF0DvX Ds4An0S9oDEfpSaZlq+rlKodk/LLvv04 =M3NB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Chistopher: An spanish message like this: Internet Explorer can not display the web page. Puede diagnosticar lo siguiente: Diagnosticar problemas de conexion When I click Diagnosticar problemas de conexion, it says El equipo o dispositivo remoto no acepta la conexion which translated means The computer or remote device does not accept the connection For more information, it mentions: If this is an HTTPS address (secure), click Tools, Internet Options, Advanced Options, and check the SSL and TLS protocols are enabled in the security section I checked it and these are my internet options for SSL and TLS, as enabled: SSL 3.0 TLS 1.0 Regards - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 25, 2012 12:47:30 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 1:02 PM, Gabriel Huerta Araujo wrote: What I tried to mean is that Internet explorer fails. That's not terribly specific. Seg fault? BSOD? Blank screen? I have attached image file with the error generated(Internet Explorer error.gif). This list strips most attachments. Try your best to describe what you see. Consider posting the text of any error messages that you see. By the way below is what Tomcat generates as log, once I started Tomcat and after executing https://localhost:8443/ on my Internet Explorer: 25/10/2012 12:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program Files (x86)\Liquid Technologies\Liquid XML Studio 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] 25/10/2012 12:00:57 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector INFO: Using a shared selector for servlet write/read 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 679 ms 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardService startInternal INFO: Arrancando servicio Catalina 25/10/2012 12:00:58 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.32 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación web 25/10/2012 12:00:58 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-nio-8443] 25/10/2012 12:00:58 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] 25/10/2012 12:00:58 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 488 ms That all looks good to me. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCJezIACgkQ9CaO5/Lv0PCFnACeO5qVLrZFYBX7ZCi9NwnXxQDJ 94AAnjGVQMkAblNo4UhDLn4IgzBgN/r5 =Nrmj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 2:08 PM, Gabriel Huerta Araujo wrote: An spanish message like this: Internet Explorer can not display the web page. Puede diagnosticar lo siguiente: Diagnosticar problemas de conexion When I click Diagnosticar problemas de conexion, it says El equipo o dispositivo remoto no acepta la conexion which translated means The computer or remote device does not accept the connection For more information, it mentions: If this is an HTTPS address (secure), click Tools, Internet Options, Advanced Options, and check the SSL and TLS protocols are enabled in the security section I checked it and these are my internet options for SSL and TLS, as enabled: SSL 3.0 TLS 1.0 Do you have access to an OpenSSL client? If this were happening to me, the first thing I would do is this: $ openssl c_client -connect host:8443 This will give you a ton of information about the certificate, ciphers, etc. It's possible that you have configured your connector such that it cannot use SSL3 or TLS1 secure connections. In that case, MSIE would not be able to connect at all. Please post all versions of everything (patch level included, like Tomcat 7.0.32) like Tomcat and JVM, plus your Connector configuration (unless it hasn't changed). You can get a win32 binary for OpenSSL here: http://www.openssl.org/related/binaries.html - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCJl94ACgkQ9CaO5/Lv0PDWKwCaAjTfrFpY6qGMHNlqf8x1rGP8 yj0An0e9nzGeW5nnk9n1parTMhs1vwg8 =a6ba -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:633) at org.apache.catalina.startup.Catalina.load(Catalina.java:658) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450) Caused by: org.apache.catalina.LifecycleException: Falló la inicialización del manejador de protocolo at org.apache.catalina.connector.Connector.initInternal(Connector.java:983) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... 12 more Caused by: java.io.IOException: La configuración SSL no es válida debido a No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:822) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:470) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158) at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981) ... 13 more Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:818) ... 20 more 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] 25/10/2012 04:23:21 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 681 ms 25/10/2012 04:23:21 PM org.apache.catalina.core.StandardService startInternal INFO: Arrancando servicio Catalina 25/10/2012 04:23:21 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.32 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\docs de la aplicación web 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\examples de la aplicación web 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\host-manager de la aplicación web 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\manager de la aplicación web 25/10/2012 04:23:21 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Despliegue del directorio C:\Tomcat7.0\webapps\ROOT de la aplicación web 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] 25/10/2012 04:23:21 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 549 ms Additional information required: C:\Tomcat7.0\bincatalina version Using CATALINA_BASE: C:\Tomcat7.0 Using CATALINA_HOME: C:\Tomcat7.0 Using CATALINA_TMPDIR: C:\Tomcat7.0\temp Using JRE_HOME:C:\jdk1.6.35 Using CLASSPATH: C:\Tomcat7.0\bin\bootstrap.jar;C:\Tomcat7.0\bin\tomcat-j uli.jar Server version: Apache Tomcat/7.0.32 Server built: Oct 3 2012 08:51:20 Server number: 7.0.32.0 OS Name:Windows 7 OS Version: 6.1 Architecture: x86 JVM Version:1.6.0_35-b10 JVM Vendor: Sun Microsystems Inc. Regards. - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 25, 2012 2:49:50 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gabriel, On 10/25/12 2:08 PM, Gabriel Huerta Araujo wrote: An spanish message like this: Internet Explorer can not display the web page. Puede diagnosticar lo siguiente: Diagnosticar problemas de conexion
Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)
Sorry I forgot to include what below command generates: openssl c_client -connect host:8443 Here it is: With c_client option fails as indicated: openssl:Error: 'c_client' is an invalid command. Standard commands asn1parse ca cipherscrlcrl2pkcs7 dgst dh dhparamdsadsaparam ec ecparamencengine errstr gendh gendsa genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 prime rand reqrsarsautl s_client s_server s_time sess_idsmime speed spkac verify versionx509 Message Digest commands (see the `dgst' command for more details) md2md4md5rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbcaes-128-ecbaes-192-cbcaes-192-ecbaes-256-cbc aes-256-ecbbase64 bf bf-cbc bf-cfb bf-ecb bf-ofb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb desdes-cbc des-cfbdes-ecbdes-ededes-ede-cbcdes-ede-cfb des-ede-ofbdes-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofbdes3 desx rc2rc2-40-cbc rc2-64-cbc rc2-cbcrc2-cfbrc2-ecbrc2-ofb rc4rc4-40 I had to run it as: openssl s_client -connect host:8443 And this is what generates: gethostbyname failure connect:errno=1 Regards. - Original Message - From: Gabriel Huerta Araujo huert...@hildebrando.com To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 25, 2012 4:32:47 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) My web.xml's connector section originally was: Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false maxThreads=25 port=8443 keystoreFile=${user.home}/.keystore keystorePass=my_key_pass protocol=org.apache.coyote.http11.Http11NioProtocol scheme=https secure=true sslProtocol=TLS / and I had to replace for this (because I wanted to know at least one message error, this way I could do something else): Connector port=8443 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=${user.home}/.keystore keystorePassmy_key_pass clientAuth=false sslProtocol=TLS/ Below it is whar Tomcat reports: 25/10/2012 04:23:20 PM org.apache.catalina.core.AprLifecycleListener init INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: C:\jdk1.6.35\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\mingw\mingw64\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\jdk1.6.35\bin;C:\Spring\apache-maven-3.0.4\bin;C:\Program Files (x86)\Liquid Technologies\Liquid XML Studio 2011\XmlDataBinder9\Redist9\cpp\win32\bin;C:\cygwin\bin\;C:\apache-ant-1.8.2/bin;C:\Program Files (x86)\Microchip\MPLAB C32 Suite\bin;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\CVSNT\;. 25/10/2012 04:23:20 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8443] 25/10/2012 04:23:21 PM org.apache.coyote.AbstractProtocol init GRAVE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: La configuración SSL no es válida debido a No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:822) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:470) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158) at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java