Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Errors in Tomcat 6 on SSL

 
Peter Snodgrass
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to configure a Tomcat 6.0.13 server with client authentication (corporate CA and each user has PKI certs installed into their browser). I have built a default keystore in the user's directory where the Tomcat server is running and installed the server cert there. I have installed a global keystore in the Java 5 JRE into which I have loaded the trusted chain.

When I start tomcat the log gets filled with repeated SEVER messages as follows:

Socket Accept Failed
java.net.SocketException:SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
at java.lang.Thread.run(Thread.java.595)

any ideas
 
Zemian Deng
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to pased your server.xml on the Connector section where you configure SSL.

My guess is that you have the key name not matching what you added to your keystore.

If you cont to have problem, print the output of how you add your keys and created your keystore will get you faster answers.
 
Peter Snodgrass
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
indeed you are on to the solution.

I moved my server cert from the truststore to the default keystore
I then modified the connector to have the key alias and key password
Then things began to work correctly.

One oddity was observed; I noticed that after shutting down Tomcat, it takes a while before the ports it configured are truly released. If tomcat is restarted before the ports are cleared other errors crop up. So to make sure a clean server is obtained use netstat -a | grep <configured port> checking all the ports tomcat cares about. When they are all released start the server with the current changes.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic