Hi I'm new to Tomcat and I'm trying to set SSL on a Tomcat server and to understand how it should be done.
I started with generating key as explained in the Tomcat SSL howto and everything went well and I succeeded to connect using https to my server, of course the browser did not recognize the certificate but this is ok. Then I moved to the next phase and created a trial certificate in Verisign and followed the instructions specified in the Verisign site and in the howto. After the installation Tomcat getting to following exception: Sep 4, 2008 4:43:06 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310) at java.lang.Thread.run(Unknown Source) Tomcat kept getting this exception and hunged the machine after creating a log file in the size of all the free disk space (I only had there 10GB). Can anyone help me understand where I was wrong? To enable the SSL I made the following: 1. generated trial key and got the intermediateCA from Verisign 2. run keytool to create keystore: keytool.exe -import -alias intermediateCA -keystore .\myKeystore -trustcacerts -file intermediateCA.cert keytool.exe -import -alias tomcat -keystore .\myKeystore -trustcacerts -file mine.cert 3. updated the server.xml and added a connector as following: <Connector port="8443" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="full path to myKeystore" keystorePass="123456" clientAuth="false" sslProtocol="TLS"/> The only difference I found was that when I listed the keys in the keystore I got PrivateKeyEntry for the generated keys and trustedCertEntry for the trial keys. can it be connected? The self generated file: ---------------------------- Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Sep 3, 2008, PrivateKeyEntry, Certificate fingerprint (MD5): 6F:EC:48:31:4C:CC:2A:C3:AB:10:22:BD:A3:78:44:AF ---------------------------- The trial file: ---------------------------- Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries intermediateca, Sep 4, 2008, trustedCertEntry, Certificate fingerprint (MD5): 8D:E9:89:DB:7F:CC:5E:3B:FD:DE:2C:42:08:13:EF:43 tomcat, Sep 4, 2008, trustedCertEntry, Certificate fingerprint (MD5): AC:9F:D0:82:72:BC:61:26:CB:7F:44:5C:AF:06:F1:20 --------------------------- Thanks!!! Haim