Hi Again Everyone, Man, this is a busy newsgroup! I was busy with some other things, so this took me a while to figure out. Thanks All for the suggestions. To fix the problem, I "upgraded" to the Sun Java 1.4.0 SDK and used the cacerts file in that SDK, which did the trick. My guess is (i.e. the only difference I could find) that the 1.3.1 SDK cacerts file was missing some certs needed by the jsse package I added after installing the 1.3.1 SDK, (i.e. the 1.3.1 cacerts file comes with 1 certificate, while the 1.4.0 version comes with about 10 _and_ the jsse package bundled with it). If you want to see what I mean try keytool -list -file /path/to/1.3.1SDK/jre/lib/security/cacerts and then keytool -list -file /path/to/1.4.0SDK/jre/lib/security/cacerts . Hopefully you'll see the 1.3.1 SDK has fewer certificates. Send me a mail if you need me to clarify. Thanks Again, Ryan
--- Anton Brazhnyk <[EMAIL PROTECTED]> wrote: > Hi, > > > -----Original Message----- > > From: Ryan Beckes [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, February 13, 2002 9:05 PM > > To: [EMAIL PROTECTED] > > Subject: SSL port 8443 Netscape "No common > encryption algorithms" > > > > > > Hello, > > I am getting the following error when trying to > > connect to port 8443 (SSL port) via Netscape. > > > > "Netscape and this server cannot communicate > securely > > because they have no common encryption > algorithm(s)." > > > > I got the same error when I had tried to use DSA > keys (instead of RSA) > with Netscape. In IE you should probably turn TLS on > > (I believe its turned off by default). > All this security staff is rather complicated and > here can be > a lot of reasons for it not to work. > Well, all we can do is "read the docs, try, guess, > try, read again..." > until it works or we get crazy :) > > > Internet Explorer gives a similar error. Checking > the > > archives, I've seen some people with similar > errors, > > but no real good explanation. I've checked various > web > > sites with 128 bit SSL test pages and they all > work, > > why won't mine?? If someone can enumerate reason's > why > > this might happen, I would be extremely grateful. > > > > Thanks, > > Ryan > > > > > > By the by, here's my Connector setup, nothing > special > > except the CA cert location (personally signed > created > > by keytool). > > > > <Connector > > > className="org.apache.catalina.connector.http.HttpConnector" > > port="8443" minProcessors="5" > > maxProcessors="75" > > enableLookups="true" > > acceptCount="10" debug="99" > > scheme="https" secure="true"> > > <Factory > > > className="org.apache.catalina.net.SSLServerSocketFactory" > > > > > keystoreFile="/usr/local/java/jdk1.3.1/jre/lib/security/cacerts" > > clientAuth="false" protocol="TLS"/> > > </Connector> > > > > > > Anton > > -- > To unsubscribe: > <mailto:[EMAIL PROTECTED]> > For additional commands: > <mailto:[EMAIL PROTECTED]> > Troubles with the list: > <mailto:[EMAIL PROTECTED]> > __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
