Re: Issue while configuring keystore/SSL for Tomcat 8.5.33

Thu, 18 Oct 2018 03:33:01 -0700 

can you share the full debug log ?  what is the client for this SSL service
? browser or some other standalone programs
what version of JDK is being used?

On Thu, Oct 18, 2018 at 2:20 PM Sashidharan Ramamurthy <
sashidharan.ramamur...@ericsson.com> wrote:

> Any updates users of tomcat on this issue!!!
>
> -----Original Message-----
> From: Sashidharan Ramamurthy <sashidharan.ramamur...@ericsson.com>
> Sent: Wednesday, October 17, 2018 4:22 PM
> To: users@tomcat.apache.org
> Subject: FW: Issue while configuring keystore/SSL for Tomcat 8.5.33
>
> Hi Tomcat user group,
>
> We have installed and deployed Tomcat Version: 8.5.33 in our machine.
>
> Software: AIX
>
> We configured SSL at 8443 port using below command for creating keystore.
>
>         $JAVA_HOME/bin/keytool -genkey -alias iscpkey -keystore
> $outputfile -keyalg RSA -dname "CN=${site}, OU=Network Solutions, O=ISCP,
> L=Piscataway, C=US" -storepass "changeit" -keypass "changeit" -validity
> 10000
>
> Though 8443 port no has started, we are unable to connect from SSL client.
> We are getting SSLException in our client.
>
> We enabled java.net.debug with SSL logs.
>
> Client Hello and Server Hello is done but fails soon afterwards in SSL
> with internal_error.
>
> *** ServerHelloDone
> https-jsse-nio-8443-exec-4, WRITE: TLSv1 Handshake, length = 1736
> https-jsse-nio-8443-exec-5, READ: TLSv1 Alert, length = 2
> https-jsse-nio-8443-exec-5, RECV TLSv1 ALERT:  fatal, internal_error
> https-jsse-nio-8443-exec-5, fatal: engine already closed.  Rethrowing
> javax.net.ssl.SSLException: Received fatal alert: internal_error
> https-jsse-nio-8443-exec-5, fatal: engine already closed.  Rethrowing
> javax.net.ssl.SSLException: Received fatal alert: internal_error
> https-jsse-nio-8443-exec-5, called closeOutbound()
> https-jsse-nio-8443-exec-5, closeOutboundInternal()
> https-jsse-nio-8443-exec-5, SEND TLSv1 ALERT:  warning, description =
> close_notify https-jsse-nio-8443-exec-5, WRITE: TLSv1 Alert, length = 2
>
> We are unable to proceed further.
>
> Can you let me know what could be the reason?
>
> Also, if this is not the correct tomcat group, can you point me to correct
> group?
>
> Thanks and Regards,
> Sashi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to