Needless to say, you have to use the same key that you used to generate the CSR that you sent to Verisign/Thwate. It looks like you nuked the key when you did the delete.
<[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I thought I had all my Tomcat issues resolved and was ready to go from the self-signed cert to one issued by a CA. So I followed all the steps, generated a CSR, got the root cert and test cert, installed them into the keytool, and restarted the server. An exception is thrown saying: No available certificate corresponds to the SSL cipher suites which are enabled --- Details: I tried this with Verisign and Thawte, same result. I even called Verisign support and they had no clue. I searched the web, and found many people with the same problem in many situations beside Tomcat, but the only solution I found is to add some java code to enable additional cipher suites, which obviously cannot done in a configuration file. HELP!!! The following are the commands I used, starting from "having no .keystore", and using the Tomcat-default "changeit" for the password: keytool -genkey -alias tomcat -keyalg RSA keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr ... got the certs... keytool -delete -alias tomcat keytool -import -alias root -trustcacerts -file rootcert.cer (root/intermediate/chain cert, as appropriate for the CA) keytool -import -alias tomcat -trustcacerts -file testcert.cer Needless to say everything works perfectly with a self-signed certificate. It is almost as if the CA-provided test certificates are incompatible with jdk 1.4.2_03, which is absurd. Bruno Melloni eBusiness Application Center, Americas Nokia, Inc 6000 Connection Drive, Mailstop 4w223 Irving, TX 75039 USA *Office: +1 (972)894-6120 *Cellular: +1 (469) 939-1067 * SMS: [EMAIL PROTECTED] * e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
