Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat ssl problem

 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have a very wierd error. I have configured tomcat for HTTPS, and have given a keystorepath of an verisign.keystore inside the server.xml.

Now when i start the server (tomcat) i get
"SEVERE: Endpoint [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8080]] ignored exception: java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate corresponds to the SSL cipher suites which are enabled."

Can anybody help me.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
mobility mobility,


We're pleased to have you here with us, but there are a few rules that need to be followed, and one is that proper names are required. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious. Please pick a last name that is different from your first name.

You can view the policy here:
http://www.javaranch.com/name.jsp


And change your screen name here:
http://www.coderanch.com/forums/user/edit

Thank you
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you post the relevant <Context... entry from your server.xml?
Obviously, you would want to change the password and any other sensitive infomation first...
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
please have a look below ..this is where am doing the changes

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!-- org.apache.coyote.tomcat4.CoyoteConnector -->
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="/usr1/verisign.keystore" />
</Connector>
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for changing your screen name.

Are you trying to bind to port 8080 with both the secure and non-secure connectors? It looks like you changed it from 8443 to 8080.


[ December 08, 2005: Message edited by: Ben Souther ]
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

i have changed the http port 8080 to 9080 and https to 8080
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8081 -->

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="9080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true" />

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true">
Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="/usr1/cdsuk/verisign.keystore" />
</Connector>

This is the patch from the server.xml. some doc says you should use "org.apache.catalina.net.SSLServerSocketFactory" as the factory. after changing this the exception r not there, but 8080 port just doesnt come up.
Then i tried changing the connector class to org.apache.catalina.connector.http.HttpConnector but still it didnt work please help
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


It looks like your non-ssl port is still trying to redirect secure requests to 8443.

Out of curiosity.
Why did you change the ports?
[ December 08, 2005: Message edited by: Ben Souther ]
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
am access the tomcat on my mobile (j2me application ) using GPRS. so the server is inside our intranet. and some of the port are not accessible outside the intranet. so we have 8080 exclusive opened for this work.
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
non-ssl works fine..am worried about the ssl part.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're either going to need two ports open (one for secure and one for non-secure) or you will have to make sure that ALL requests come in secure.

Either way you will want to fix the redirectPort in your non-secure Connector entry.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic