On 04/01/2012 19:33, Justin Larose wrote: > Hello Group, > > I am seeing this error when starting Tomcat 7 on Windows. > > SEVERE: Failed to initialize end point associated with ProtocolHandler > ["http-bio-8443"] > java.io.IOException: SSL configuration is invalid due to No available > certificate or key corresponds to the SSL cipher suites which are enabled. > > I have 3 certs in the keystore 1 root, 1 intermediate and the one received > from the csr. I also confirmed they are pointing to the correct place and > I can see them if I do a > "keytool -list -v -keystore keystore.jks -alias mydomain" > > I have attached my server.xml below. Anyone know where to start?
By removing the comments? p > ___________ > > <?xml version='1.0' encoding='utf-8'?> > <Server port="8405" shutdown="SHUTDOWN"> > <!-- Security listener. Documentation at /docs/config/listeners.html > <Listener className="org.apache.catalina.security.SecurityListener" /> > --> > <!--APR library loader. Documentation at /docs/apr.html --> > <!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> --> > <!--Initialize Jasper prior to webapps are loaded. Documentation at > /docs/jasper-howto.html --> > <Listener className="org.apache.catalina.core.JasperListener" /> > <!-- Prevent memory leaks due to use of particular java/javax APIs--> > <Listener > className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> > <Listener > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> > <Listener > className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> > > <!-- Global JNDI resources > Documentation at /docs/jndi-resources-howto.html > --> > <GlobalNamingResources> > <!-- Editable user database that can also be used by > UserDatabaseRealm to authenticate users > --> > <Resource name="UserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users.xml" /> > </GlobalNamingResources> > > <!-- A "Service" is a collection of one or more "Connectors" that share > a single "Container" Note: A "Service" is not itself a > "Container", > so you may not define subcomponents such as "Valves" at this level. > Documentation at /docs/config/service.html > --> > <Service name="Catalina"> > > <!--The connectors can use a shared executor, you can define one or > more named thread pools--> > <!-- > <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" > maxThreads="150" minSpareThreads="4"/> > --> > > > <!-- A "Connector" represents an endpoint by which requests are > received > and responses are returned. Documentation at : > Java HTTP Connector: /docs/config/http.html (blocking & > non-blocking) > Java AJP Connector: /docs/config/ajp.html > APR (HTTP/AJP) Connector: /docs/apr.html > Define a non-SSL HTTP/1.1 Connector on port 8080 > --> > <Connector port="18080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > <!-- A "Connector" using the shared thread pool--> > <!-- > <Connector executor="tomcatThreadPool" > port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > --> > <!-- Define a SSL HTTP/1.1 Connector on port 8443 > This connector uses the JSSE configuration, when using APR, the > connector should be using the OpenSSL style configuration > described in the APR documentation --> > > <!-- > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" /> > --> > > <Connector > clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75" > enableLookups="true" disableUploadTimeout="true" > acceptCount="100" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > keystoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat > 7.0\conf\wcmdev-ssl.jks" > keystoreType="JKS" keystorePass="******" > truststoreFile="F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat > 7.0\conf\wcmdev-ssl.jks" > truststoreType="JKS" truststorePass="******" > SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" > sslProtocol="TLS" > /> > > <!-- Define an AJP 1.3 Connector on port 8409 --> > <Connector port="8409" protocol="AJP/1.3" redirectPort="8443" /> > > > <!-- An Engine represents the entry point (within Catalina) that > processes > every request. The Engine implementation for Tomcat stand alone > analyzes the HTTP headers included with the request, and passes > them > on to the appropriate Host (virtual host). > Documentation at /docs/config/engine.html --> > > <!-- You should set jvmRoute to support load-balancing via AJP ie : > <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> > --> > <Engine name="Catalina" defaultHost="localhost"> > > <!--For clustering, please take a look at documentation at: > /docs/cluster-howto.html (simple how to) > /docs/config/cluster.html (reference documentation) --> > <!-- > <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> > --> > > <!-- Use the LockOutRealm to prevent attempts to guess user > passwords > via a brute-force attack --> > <Realm className="org.apache.catalina.realm.LockOutRealm"> > <!-- This Realm uses the UserDatabase configured in the global > JNDI > resources under the key "UserDatabase". Any edits > that are performed against this UserDatabase are immediately > available for use by the Realm. --> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="UserDatabase"/> > </Realm> > > <Host name="localhost" appBase="webapps" > unpackWARs="true" autoDeploy="true"> > > <!-- SingleSignOn valve, share authentication between web > applications > Documentation at: /docs/config/valve.html --> > <!-- > <Valve className="org.apache.catalina.authenticator.SingleSignOn" > /> > --> > > <!-- Access log processes all example. > Documentation at: /docs/config/valve.html > Note: The pattern used is equivalent to using > pattern="common" --> > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" > prefix="localhost_access_log." suffix=".txt" > pattern="%h %l %u %t "%r" %s %b" > resolveHosts="false"/> > > </Host> > </Engine> > </Service> > </Server> > > > Thanks, > Justin LaRose > ****************************************************************************** > This email and any files transmitted with it are intended solely for > the use of the individual or agency to whom they are addressed. > If you have received this email in error please notify the Navy > Exchange Service Command e-mail administrator. This footnote > also confirms that this email message has been scanned for the > presence of computer viruses. > > Thank You! > ****************************************************************************** > > -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
