• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat ssl problem

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have a very wierd error. I have configured tomcat for HTTPS, and have given a keystorepath of an verisign.keystore inside the server.xml.

Now when i start the server (tomcat) i get
"SEVERE: Endpoint [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8080]] ignored exception: java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate corresponds to the SSL cipher suites which are enabled."

Can anybody help me.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
mobility mobility,


We're pleased to have you here with us, but there are a few rules that need to be followed, and one is that proper names are required. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious. Please pick a last name that is different from your first name.

You can view the policy here:
http://www.javaranch.com/name.jsp


And change your screen name here:
https://coderanch.com/forums/user/edit

Thank you
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you post the relevant <Context... entry from your server.xml?
Obviously, you would want to change the password and any other sensitive infomation first...
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
please have a look below ..this is where am doing the changes

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!-- org.apache.coyote.tomcat4.CoyoteConnector -->
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="/usr1/verisign.keystore" />
</Connector>
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for changing your screen name.

Are you trying to bind to port 8080 with both the secure and non-secure connectors? It looks like you changed it from 8443 to 8080.


[ December 08, 2005: Message edited by: Ben Souther ]
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

i have changed the http port 8080 to 9080 and https to 8080
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8081 -->

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="9080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true" />

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true">
Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="/usr1/cdsuk/verisign.keystore" />
</Connector>

This is the patch from the server.xml. some doc says you should use "org.apache.catalina.net.SSLServerSocketFactory" as the factory. after changing this the exception r not there, but 8080 port just doesnt come up.
Then i tried changing the connector class to org.apache.catalina.connector.http.HttpConnector but still it didnt work please help
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


It looks like your non-ssl port is still trying to redirect secure requests to 8443.

Out of curiosity.
Why did you change the ports?
[ December 08, 2005: Message edited by: Ben Souther ]
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
am access the tomcat on my mobile (j2me application ) using GPRS. so the server is inside our intranet. and some of the port are not accessible outside the intranet. so we have 8080 exclusive opened for this work.
 
Tanu Kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
non-ssl works fine..am worried about the ssl part.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You're either going to need two ports open (one for secure and one for non-secure) or you will have to make sure that ALL requests come in secure.

Either way you will want to fix the redirectPort in your non-secure Connector entry.
reply
    Bookmark Topic Watch Topic
  • New Topic