Tomcat SSL configuration issue - java.io.IOException: jsse.invalid_ssl_conf

Ranch Hand

Posts: 104

posted 12 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hello Guys,

Could you throw some light on this issue:

I have configured the SSL/https port for Tomcat as per the configuration mentioned in Tomcat site

(1)Generated a key using KeyTool
(2)Generated a CSR
(3)Got the Verisign- CA certificate
(4)Imported the CERT using Keytool (successful)
(5)Uncommented the https connector port in tomcat's server.xml

Here is the exception in Catelina log file:

java.io.IOException: jsse.invalid_ssl_conf
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:751)
... 15 more
Jul 27, 2011 11:11:14 AM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed: java.io.IOException: jsse.invalid_ssl_conf
at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

I checked the key and the alias tomcat is present in it.
keytool -list -keystore hakioskcheckin2_key -storepass XXXXXX

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Jul 26, 2011, trustedCertEntry,
Certificate fingerprint (MD5): -removed intentionally-

Server.xml updated with below:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
keystoreFile="C:\Program Files\Java\jre6\bin\hakioskcheckin2_key"
keystorePass="Hawaiian1"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

Thanks in advance,

Sammaiah