Hi
I'm new to Tomcat and I'm trying to set SSL on a Tomcat server and to
understand how it should be done.
I started with generating key as explained in the Tomcat SSL howto and
everything went well and I succeeded to connect using https to my server, of
course the browser did not recognize the certificate but this is ok.
Then I moved to the next phase and created a trial certificate in Verisign
and followed the instructions specified in the Verisign site and in the
howto.
After the installation Tomcat getting to following exception:
Sep 4, 2008 4:43:06 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No
available certificate or key corresponds to the SSL cipher suites which are
enabled.
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
at java.lang.Thread.run(Unknown Source)
Tomcat kept getting this exception and hunged the machine after creating a
log file in the size of all the free disk space (I only had there 10GB).
Can anyone help me understand where I was wrong?
To enable the SSL I made the following:
1. generated trial key and got the intermediateCA from Verisign
2. run keytool to create keystore:
keytool.exe -import -alias intermediateCA -keystore .\myKeystore
-trustcacerts -file intermediateCA.cert
keytool.exe -import -alias tomcat -keystore .\myKeystore -trustcacerts
-file mine.cert
3. updated the server.xml and added a connector as following:
<Connector
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="150"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="full path to myKeystore" keystorePass="123456"
clientAuth="false" sslProtocol="TLS"/>
The only difference I found was that when I listed the keys in the keystore
I got PrivateKeyEntry for the generated keys and trustedCertEntry for the
trial keys. can it be connected?
The self generated file:
----------------------------
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, Sep 3, 2008, PrivateKeyEntry,
Certificate fingerprint (MD5):
6F:EC:48:31:4C:CC:2A:C3:AB:10:22:BD:A3:78:44:AF
----------------------------
The trial file:
----------------------------
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
intermediateca, Sep 4, 2008, trustedCertEntry,
Certificate fingerprint (MD5):
8D:E9:89:DB:7F:CC:5E:3B:FD:DE:2C:42:08:13:EF:43
tomcat, Sep 4, 2008, trustedCertEntry,
Certificate fingerprint (MD5):
AC:9F:D0:82:72:BC:61:26:CB:7F:44:5C:AF:06:F1:20
---------------------------
Thanks!!!
Haim
