wood burning stoves 2.0*
The moose likes Tomcat and the fly likes Tomcat ssl problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat ssl problem" Watch "Tomcat ssl problem" New topic
Author

Tomcat ssl problem

Tanu Kumar
Greenhorn

Joined: Dec 07, 2005
Posts: 10
Hi,

I have a very wierd error. I have configured tomcat for HTTPS, and have given a keystorepath of an verisign.keystore inside the server.xml.

Now when i start the server (tomcat) i get
"SEVERE: Endpoint [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8080]] ignored exception: java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate corresponds to the SSL cipher suites which are enabled."

Can anybody help me.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

mobility mobility,


We're pleased to have you here with us, but there are a few rules that need to be followed, and one is that proper names are required. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious. Please pick a last name that is different from your first name.

You can view the policy here:
http://www.javaranch.com/name.jsp


And change your screen name here:
http://www.coderanch.com/forums/user/edit

Thank you


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Can you post the relevant <Context... entry from your server.xml?
Obviously, you would want to change the password and any other sensitive infomation first...
Tanu Kumar
Greenhorn

Joined: Dec 07, 2005
Posts: 10
please have a look below ..this is where am doing the changes

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!-- org.apache.coyote.tomcat4.CoyoteConnector -->
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="/usr1/verisign.keystore" />
</Connector>
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Thank you for changing your screen name.

Are you trying to bind to port 8080 with both the secure and non-secure connectors? It looks like you changed it from 8443 to 8080.


[ December 08, 2005: Message edited by: Ben Souther ]
Tanu Kumar
Greenhorn

Joined: Dec 07, 2005
Posts: 10
Hi,

i have changed the http port 8080 to 9080 and https to 8080
Tanu Kumar
Greenhorn

Joined: Dec 07, 2005
Posts: 10
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8081 -->

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="9080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true" />

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true">
Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="/usr1/cdsuk/verisign.keystore" />
</Connector>

This is the patch from the server.xml. some doc says you should use "org.apache.catalina.net.SSLServerSocketFactory" as the factory. after changing this the exception r not there, but 8080 port just doesnt come up.
Then i tried changing the connector class to org.apache.catalina.connector.http.HttpConnector but still it didnt work please help
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410



It looks like your non-ssl port is still trying to redirect secure requests to 8443.

Out of curiosity.
Why did you change the ports?
[ December 08, 2005: Message edited by: Ben Souther ]
Tanu Kumar
Greenhorn

Joined: Dec 07, 2005
Posts: 10
am access the tomcat on my mobile (j2me application ) using GPRS. so the server is inside our intranet. and some of the port are not accessible outside the intranet. so we have 8080 exclusive opened for this work.
Tanu Kumar
Greenhorn

Joined: Dec 07, 2005
Posts: 10
non-ssl works fine..am worried about the ssl part.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You're either going to need two ports open (one for secure and one for non-secure) or you will have to make sure that ALL requests come in secure.

Either way you will want to fix the redirectPort in your non-secure Connector entry.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat ssl problem
 
Similar Threads
[Update - Success] Adding SSL certificate to Server.xml
HTTPS on JBoss/Tomcat - SSL is *hard* to setup!!
Tomcat Service stops? -- clue java.lang.OutOfMemoryError
HTTPS on JBoss/Tomcat - SSL is *hard* to setup!!
HTTPS on JBoss/Tomcat - SSL is *hard* to setup!!