On Fri, Dec 19, 2014 at 9:56 AM, Bruce Kostival <
bkosti...@universallumpers.com> wrote:
>
> Thanks Igor I'll poke around based on your input.
> ________________________________________
> From: Igor Cicimov <icici...@gmail.com>
> Sent: Thursday, December 18, 2014 15:49
> To: Tomcat Users List
> Subject: Re: GoDaddy SSL cert update from SHA1 to SHA2
>
> On Fri, Dec 19, 2014 at 9:28 AM, Bruce Kostival <
> bkosti...@universallumpers.com> wrote:
> >
> > Tomcat 6.0.x
> > Windows Server 2008
> > Running Java 7
> > Home grown app written in STS
> >
> > Running HTTPS with SHA1 cert
> > Obtained SHA2 cert from GoDaddy by sending CSR generated from original
> > keystore. Removed existing aliases from original keystore and loaded new
> > root and domain cert to keystore.
> > Trying to run up the new cert gives me this error:
> >
> > SEVERE: Error starting endpoint
> > java.io.IOException: jsse.invalid_ssl_conf
> > at
> >
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846)
> > at
> >
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522)
> > at
> >
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
> > at
> > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> > at
> > org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
> > at
> > org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207)
> > at
> > org.apache.catalina.connector.Connector.start(Connector.java:1196)
> > at
> > org.apache.catalina.core.StandardService.start(StandardService.java:540)
> > at
> > org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
> > at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> Source)
> > at java.lang.reflect.Method.invoke(Unknown Source)
> > at
> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
> > Caused by: javax.net.ssl.SSLException: No available certificate or key
> > corresponds to the SSL cipher suites which are enabled.
> >
> > I feel like I'm missing something basic in the keystore. Any ideas?
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> > Just guessing but based on the cause given in the above error you
> probably
> have ciphers set in your connector using 128 bit key, something like this:
>
> ciphers="SSL_RSA_WITH_RC4_128_MD5,
> SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDH_RSA_WITH_RC4_128_SHA"
>
> In that case try to change that to match your new 256 bit key now. Of
> course take care of the proper cipher suit names for BIO/NIO or APR
> connector since they differ (the above example is for BIO/NIO connector).
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
> Another possibility is that you have removed the private key used to
generate the new CSR by removing the old aliases from the keystore.
