jQuery in Action, 3rd edition
The moose likes Tomcat and the fly likes Errors in Tomcat 6 on SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Errors in Tomcat 6 on SSL" Watch "Errors in Tomcat 6 on SSL" New topic

Errors in Tomcat 6 on SSL

Peter Snodgrass

Joined: Jul 09, 2008
Posts: 2
I am trying to configure a Tomcat 6.0.13 server with client authentication (corporate CA and each user has PKI certs installed into their browser). I have built a default keystore in the user's directory where the Tomcat server is running and installed the server cert there. I have installed a global keystore in the Java 5 JRE into which I have loaded the trusted chain.

When I start tomcat the log gets filled with repeated SEVER messages as follows:

Socket Accept Failed
java.net.SocketException:SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
at java.lang.Thread.run(Thread.java.595)

any ideas
Zemian Deng

Joined: Jun 12, 2007
Posts: 21
You need to pased your server.xml on the Connector section where you configure SSL.

My guess is that you have the key name not matching what you added to your keystore.

If you cont to have problem, print the output of how you add your keys and created your keystore will get you faster answers.
Peter Snodgrass

Joined: Jul 09, 2008
Posts: 2
indeed you are on to the solution.

I moved my server cert from the truststore to the default keystore
I then modified the connector to have the key alias and key password
Then things began to work correctly.

One oddity was observed; I noticed that after shutting down Tomcat, it takes a while before the ports it configured are truly released. If tomcat is restarted before the ports are cleared other errors crop up. So to make sure a clean server is obtained use netstat -a | grep <configured port> checking all the ports tomcat cares about. When they are all released start the server with the current changes.
I agree. Here's the link: http://aspose.com/file-tools
subject: Errors in Tomcat 6 on SSL
It's not a secret anymore!